» prosthodontic treatment for edontulous patients zarb and bolender 12 email.pdf_10924_i30844987_il345
Overview
Analysis
File Details
Downloads (1)

prosthodontic treatment for edontulous patients zarb and bolender 12 email.pdf_10924_i30844987_il345

Runner Utility

BERSHNET LLC

The file prosthodontic treatment for edontulous patients zarb and bolender 12 email.pdf_10924_i30844987_il345 by BERSHNET has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from files.red-4-small-button.com.

File name:

Publisher:

Dummy, Ltd. (signed by BERSHNET LLC)

Product:

Runner Utility

Version:

1.0.0.187

MD5:

003847514fcb032222fc06e2bd2b2527

SHA-1:

d6c974787d734d8d50a543422a56447676c10b12

SHA-256:

5c0e31b39e8daae4bd36edb84b1faee897aef192dd9c5d458fce1fb94a9f6c88

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/1/2024 11:21:40 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonitize.BERSHNET (M)

16.2.24.13

File size:

1.5 MB (1,526,800 bytes)

Product version:

1.0.0.187

Original file name:

runner.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\prosthodontic treatment for edontulous patients zarb and bolender 12 email.pdf_10924_i30844987_il345.exe

Digital Signature

Signed by:

BERSHNET LLC

Authority:

COMODO CA Limited

Valid from:

2/6/2015 5:00:00 AM

Valid to:

2/7/2016 4:59:59 AM

Subject:

CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata

Compilation timestamp:

7/10/2015 8:03:07 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

24576:bdW7hYquwDPXHvWLPUVOd33kuIuZMVROYEAgFUZtrdURsZQHEgdLYPXxIbyRVx:Q7hY+DPXH+LPJ30rNON+7rdUsKkCmXxD

Entry address:

0x2F4BF3

Entry point:

60, E8, DF, DA, 00, 00, 9C, 50, F6, D0, C6, 44, 24, 0C, 9C, E9, 8E, F5, 00, 00, 9C, C7, 04, 24, 22, FF, 55, 89, 9C, 8D, 64, 24, 04, E9, E4, 4E, 0E, 00, 8B, 74, 24, 48, 9C, E8, 31, 9E, F7, FF, 0B, 20, 89, A2, A6, 7B, E0, 01, 85, A5, 3B, 1A, 51, 06, 44, E9, 64, 71, 44, E3, 6A, CE, 71, 47, 5D, 92, 71, 67, 5D, 2A, 7E, 80, 64, 77, B1, 67, 2C, C2, E2, C8, 6D, 7B, EF, 31, 4E, FA, 06, 80, 96, 46, 51, 47, 3B, 3A, AA, FF, C4, BE, 7B, 6D, 3A, 28, 35, AC, E5, 1C, 36, D7, C9, 2C, 70, F4, 79, 67, 26, 1C, EE, E5, 75, 3E... 
[+]

Entropy:

7.9945

Packer / compiler:

ASPack v1.08.04

Code size:

187.5 KB (192,000 bytes)

The file prosthodontic treatment for edontulous patients zarb and bolender 12 email.pdf_10924_i30844987_il345 has been seen being distributed by the following URL.

http://files.red-4-small-button.com/p/.../prosthodontic treatment for edontulous patients zarb and bolender 12 email.pdf_10924_i30844987_il345.exe

Remove prosthodontic treatment for edontulous patients zarb and bolender 12 email.pdf_10924_i30844987_il345 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.