pretty.little.liars.complete.season.4_10924_i9611225_il345.exe

Runner Utility

BERSHNET LLC

The application pretty.little.liars.complete.season.4_10924_i9611225_il345.exe by BERSHNET has been detected as adware by 29 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.red-2-small-button.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
ca3305a9c914adaa64d34e50bbd209fe

SHA-1:
cf8fbb00e83ecb7e69b7f4de4c18d92be193f86c

SHA-256:
61fad459f7bf1329239e2cc9f79e5f8ada7ce389c66b541cf13dbe571444055c

Scanner detections:
29 / 68

Status:
Adware

Analysis date:
11/23/2024 11:57:35 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Jatif.320
529

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.LoadMoney
2015.05.24

Avira AntiVirus
ADWARE/Amonetize.Gen7
8.3.1.6

avast!
Win32:Amonetize-JO [PUP]
2014.9-150824

AVG
Generic
2016.0.3007

Baidu Antivirus
PUA.Win32.Dlhelper
4.0.3.15824

Bitdefender
Gen:Variant.Application.Jatif.320
1.0.20.1180

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.LoadMoney.IARS
22226

Dr.Web
Trojan.Amonetize
9.0.1.0236

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11674

Fortinet FortiGate
Riskware/Agent
8/24/2015

F-Prot
W32/S-53544127
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Jatif
11.2015-24-08_2

G Data
Gen:Variant.Application.Jatif.320
15.8.25

K7 AntiVirus
Unwanted-Program
13.204.16011

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1532

Malwarebytes
PUP.Optional.Amonetize
v2015.08.24.02

McAfee
Artemis!CA3305A9C914
5600.6663

MicroWorld eScan
Gen:Variant.Application.Jatif.320
16.0.0.708

NANO AntiVirus
Trojan.Win32.Agent.dsancs
0.30.24.1636

Panda Antivirus
Trj/Genetic.gen
15.08.24.02

Qihoo 360 Security
HEUR/QVM16.0.Malware.Gen
1.0.0.1015

Quick Heal
PUA.Bershnetll.Gen
8.15.14.00

Reason Heuristics
PUP.Amonitize.BERSHNET (M)
15.8.24.14

Sophos
Amonetize
4.98

Trend Micro House Call
TROJ_GEN.R08NB01EJ15
7.2.236

VIPRE Antivirus
VirTool.Win32.Obfuscator.XZ
40494

File size:
1.5 MB (1,557,520 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pretty.little.liars.complete.season.4_10924_i9611225_il345.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/6/2015 1:00:00 AM

Valid to:
2/7/2016 12:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
5/18/2015 10:03:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:9bXEZRaRkK/1LZ69zlekIGr1ySQXJVhKouEOZREavh/JsgwG++kRTb8UC4XrqCVF:pg2kKNLElvIayJ1uhtl2SUPbdH

Entry address:
0x281FDF

Entry point:
68, 92, 89, 40, 45, E8, 99, DA, FF, FF, C8, AB, 17, 55, 31, 7D, 93, CB, 07, AC, B2, 40, 40, BB, 8D, C5, 8C, 1C, EC, 22, 76, A0, 69, FF, BE, 6C, 52, 8C, 5D, FF, 51, 7F, 3C, DE, 99, 35, 89, CF, EF, 9A, B4, 19, 35, 13, 29, 8E, 16, DF, A0, A8, 84, 7F, 4E, 18, BC, F9, 13, 9A, 88, 5B, 7C, C0, 52, 7E, 08, FE, 1E, 83, B2, A4, D3, F0, B6, 9D, B7, E0, B9, 8C, 46, 64, 09, CB, A7, 5F, AB, 34, EF, 5E, DC, 74, 8F, 26, C7, A4, C2, 1C, 35, 09, 2D, 87, A0, 86, A4, DC, A5, 05, 43, 9C, FC, F7, 9A, A1, FF, 14, BD, C2, 02, 6D...
 
[+]

Code size:
187.5 KB (192,000 bytes)

The file pretty.little.liars.complete.season.4_10924_i9611225_il345.exe has been seen being distributed by the following URL.