motu.bpm.1.0.5.au.vst.rtas.osx.intel.xvx.unpaced_10924_i40040640_il345.exe

Runner Utility

BERSHNET LLC

The application motu.bpm.1.0.5.au.vst.rtas.osx.intel.xvx.unpaced_10924_i40040640_il345.exe by BERSHNET has been detected as adware by 16 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.red-1-small-button.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
cb3fea92c9d39d0f9755d8f96ac9ba9e

SHA-1:
f91001e7610b24bb07d3594709e42c54d949e535

SHA-256:
d9dacfd225fad106da44528cb424ca52eb843cc51b9f58fbb6f7084cc4aa8377

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
11/5/2024 1:04:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
6757612

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.214.140

AVG
Generic
2016.0.3178

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.330

Comodo Security
Application.Win32.LoadMoney.IARS
21321

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
9.0.0.4799

ESET NOD32
Win32/Amonetize.DW potentially unwanted application
7.0.302.0

F-Prot
W32/S-40484255
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey
5.13.68

G Data
Gen:Variant.Adware.Mikey.8247
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15187

Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.543

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.198

Panda Antivirus
Trj/Genetic.gen
15.03.07.02

Reason Heuristics
PUP.BERSHNET
15.3.7.1

VIPRE Antivirus
Threat.4785227
37788

File size:
1.5 MB (1,528,336 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\motu.bpm.1.0.5.au.vst.rtas.osx.intel.xvx.unpaced_10924_i40040640_il345.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/5/2015 7:00:00 PM

Valid to:
2/6/2016 6:59:59 PM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
3/3/2015 2:33:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:qoIuyUv7NARuMsmE1wf30K1p5Vh7e6IV3KBvcsElWRWd6Ch6hlrDAVUrxw8EzFPL:qgyUv7NARuMTYY04oKBvtjRWnAlrDAVP

Entry address:
0x342FF0

Entry point:
60, C7, 44, 24, 1C, 3B, C0, 5A, 3E, FF, 74, 24, 04, E9, 0D, 51, 09, 00, FE, 94, 70, DF, 2C, 66, F2, E8, C8, 80, 72, D2, 30, 2D, CF, 9A, 5E, 85, 87, CB, 47, 42, A7, 99, 88, 6C, E4, 24, C0, 1F, 64, 60, D8, 54, 51, B5, F6, 3C, E6, 81, 9A, 52, 22, C7, C3, AF, 5D, 15, E7, 7B, 87, D5, 37, 56, A4, A0, 42, 03, F1, 49, BB, C3, 31, 39, B5, 78, 3C, A3, 97, 02, 3D, 22, 3C, FA, E3, EA, 2E, 8F, 07, 03, 6B, 62, 4A, 04, C0, 1B, EC, 24, 4C, B0, DE, 97, FD, 58, BE, 8D, 32, 1A, DE, 7F, 15, CD, A8, 5A, EE, 62, 0F, 9A, 3A, DE...
 
[+]

Entropy:
7.9943  (probably packed)

Code size:
187.5 KB (192,000 bytes)

The file motu.bpm.1.0.5.au.vst.rtas.osx.intel.xvx.unpaced_10924_i40040640_il345.exe has been seen being distributed by the following URL.