home

q music top 500 van de '90s_10924_i40971824_il345.exe

Runner Utility

BERSHNET LLC

The application q music top 500 van de '90s_10924_i40971824_il345.exe by BERSHNET has been detected as adware by 19 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.red-1-small-button.com and multiple other hosts.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
eb2bb32c279ae60059f9d175dc25b36d

SHA-1:
8898a3c7cd2a0a53bd24b2189b0433f72acff5f1

SHA-256:
53084bf23376626a333543b74b4a6f2c2293bfbc1460c2888f53eaa43ee6086e

Scanner detections:
19 / 68

Status:
Adware

Analysis date:
11/28/2024 2:38:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
6757612

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.214.146

AVG
Generic
2016.0.3178

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.330

Comodo Security
Application.Win32.LoadMoney.IARS
21324

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
9.0.0.4799

ESET NOD32
Win32/Amonetize.DW potentially unwanted application
7.0.302.0

F-Prot
W32/S-40484255
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey
5.13.68

G Data
Gen:Variant.Adware.Mikey.8247
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15187

Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.543

McAfee
Artemis!EB2BB32C279A
5600.6834

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.198

Panda Antivirus
Trj/Genetic.gen
15.03.07.08

Qihoo 360 Security
Win32/Virus.Downloader.736
1.0.0.1015

Reason Heuristics
PUP.BERSHNET
15.3.7.8

Sophos
Generic PUA II
4.98

VIPRE Antivirus
Threat.4785227
37788

File size:
1.5 MB (1,528,848 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\q music top 500 van de '90s_10924_i40971824_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/6/2015 1:00:00 AM

Valid to:
2/7/2016 12:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
3/5/2015 9:53:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:rdMzfG6ulOaLHeQJPpoiD27TMOCzZifOLiJ6LVMVej0cVp:rdMzf+3HeiBoUioMVhc3

Entry address:
0x279EEC

Entry point:
E9, 9E, 4E, FF, FF, F9, 06, 7E, CE, 04, CD, 7C, 46, D3, 24, B5, 4C, DB, 28, AD, AC, E3, 1D, E7, 1D, F3, 08, B7, 4A, AF, AF, E5, 12, 83, 76, 6B, 71, 20, D3, 60, 68, 9A, 1A, EE, BB, 41, AF, 53, FC, 02, 14, 8E, 19, 65, 26, 5B, D4, 1B, 35, B5, 3D, 02, BC, B2, 66, D6, 00, 38, 64, 9E, 3F, C5, 37, 6B, 9D, C8, DB, EE, 71, B2, 56, 5E, A6, F5, A5, 74, 7E, DC, B9, 43, B1, B9, 4B, 1A, 12, EA, 3E, C2, A5, 17, 59, D4, 35, B8, 8D, 3D, 2A, 6A, 0E, 8C, 4D, B9, 01, E5, CB, 22, 39, F3, 11, E5, 56, C3, 3E, A0, B7, 33, F8, 0C...
 
[+]

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
187.5 KB (192,000 bytes)

The file q music top 500 van de '90s_10924_i40971824_il345.exe has been seen being distributed by the following 4 URLs.

http://files.red-1-small-button.com/p/.../basi patologiche delle malattie robbins_10924_i40972727_il345.exe

http://downprov.brown1switch.com/p/.../basi patologiche delle malattie robbins_10924_i40972727_il345.exe

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=basi patologiche delle malattie robbins_Downloader&instid[appsetupurl]=http://go.futuresdownload.com/getfast/download.cgi?9&ti1=700000&ti2=15&ti3=2015-03-05T09:01:29.903439 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.futuresdownload.com/d1/logo150x150.png&prefix=basi patologiche delle malattie robbins&instid[thankyoupage]=http://download.futuresdownload.com/.../thank_you.php?ti1=700000&ti2=15&ti3=2015-03-05T09:01:29.903439 00:00&parameter=basi patologiche delle malattie robbins&instid[interrupted]=http://download.futuresdownload.com/.../interrupted.php?ti1=700000&ti2=15&ti3=2015-03-05T09:01:29.903439 00:00&parameter=basi patologiche delle malattie robbins&ti1=700000&ti2=15&ti3=2015-03-05T09%

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=q music top 500 van de '90s_Downloader&instid[appsetupurl]=http://go.downloadboutique.com/getfast/download.cgi?9&ti1=3300000&ti2=0&ti3=2015-03-05T08:57:29.910395 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.downloadboutique.com/d1/logo150x150.png&prefix=q music top 500 van de '90s&instid[thankyoupage]=http://download.downloadboutique.com/.../thank_you.php?ti1=3300000&ti2=0&ti3=2015-03-05T08:57:29.910395 00:00&parameter=q music top 500 van de '90s&instid[interrupted]=http://download.downloadboutique.com/.../interrupted.php?ti1=3300000&ti2=0&ti3=2015-03-05T08:57:29.910395 00:00&parameter=q music top 500 van de '90s&ti1=3300000&ti2=0&ti3=2015-03-05T08:57:29.910395 00:00&_dest=files.red-1-small-button.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.