home

pokemon mod for minecraft 1.8.1_10924_i38189969_il345.exe

Runner Utility

BERSHNET LLC

The application pokemon mod for minecraft 1.8.1_10924_i38189969_il345.exe by BERSHNET has been detected as adware by 17 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.gas-split.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.186

MD5:
9dd3d18f8c1f187b588b098a385c9df1

SHA-1:
e75fab076ca276f7c0f9b4aed28c5acc0b32203a

SHA-256:
08d2298c933c8af010a2240fcda0650b29b244528cd6c3907109b4383e7c99ba

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
11/15/2024 8:46:34 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
697

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.212.152

AVG
Generic
2016.0.3175

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.340

Comodo Security
Application.Win32.LoadMoney.IARS
21220

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
8.15.03.09.05

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11239

F-Prot
W32/S-59232acb
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey.8247
11.2015-09-03_2

G Data
Gen:Variant.Adware.Mikey.8247
15.3.25

K7 AntiVirus
Unwanted-Program
13.1915099

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.2371

Malwarebytes
PUP.Optional.Amonetize.A
v2015.03.09.05

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.204

Panda Antivirus
Trj/Genetic.gen
15.03.09.05

Reason Heuristics
PUP.BERSHNET
15.3.9.17

VIPRE Antivirus
Amonetize
37942

File size:
1.5 MB (1,584,144 bytes)

Product version:
1.0.0.186

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pokemon mod for minecraft 1.8.1_10924_i38189969_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/5/2015 7:00:00 PM

Valid to:
2/6/2016 6:59:59 PM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
2/26/2015 2:43:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:JYwshqtR0IfTTtB72SKf0FjEmFOydic9Gz:ahYR0MB72S6mYwin

Entry address:
0x3E9C46

Entry point:
68, BD, 5F, 13, 29, FF, 34, 24, 9C, C7, 44, 24, 08, 6E, 02, DA, A7, 60, C7, 44, 24, 24, 1E, A3, 02, A1, 60, 8D, 64, 24, 44, E9, AD, 82, 00, 00, 6B, F3, 86, D3, BE, 66, 06, E6, 61, F9, D5, 46, BE, 5E, 91, 08, FC, 5E, 23, 7A, 0B, 5F, A0, 37, 63, D2, C4, C9, 54, B1, 13, 20, F1, 15, BC, 3D, 9D, 7D, 06, 86, 50, F9, 5D, 78, 7E, FD, DE, FC, FF, 1C, FB, E5, FC, A2, 3F, 18, CB, 54, 94, 07, 73, A8, CA, 8E, 07, 95, 2C, B0, B9, 05, E1, 1B, EB, 4A, 9D, 83, A3, B9, F3, D1, 03, FF, 04, 14, 0E, D3, 47, 3F, 71, 5C, 5B, 3D...
 
[+]

Entropy:
7.9949  (probably packed)

Code size:
99 KB (101,376 bytes)

The file pokemon mod for minecraft 1.8.1_10924_i38189969_il345.exe has been seen being distributed by the following URL.

http://files.gas-split.com/p/.../pokemon mod for minecraft 1.8.1_10924_i38189969_il345.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.