serial number mp3 toolkit_10924_i24617038_il345.exe

Runner Utility

BERSHNET LLC

The application serial number mp3 toolkit_10924_i24617038_il345.exe by BERSHNET has been detected as adware by 24 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.red-4-small-button.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
a91137e549448ab788c8fcb0c34c15f6

SHA-1:
b3d85487dbbd49a9a79694cfe63fa9997c480cc3

SHA-256:
98bdccea2079e82813868244a483cd10ad54bc718b90671c74ca664b116346e4

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
12/27/2024 7:38:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.597380
584

AhnLab V3 Security
PUP/Win32.LoadMoney
2015.06.28

Avira AntiVirus
ADWARE/Amonetize.Gen7
8.3.1.6

Arcabit
Trojan.Adware.Kazy.D91D84
1.0.0.425

avast!
Win32:Amonetize-JO [PUP]
2014.9-150630

AVG
Generic
2016.0.3062

Bitdefender
Gen:Variant.Adware.Kazy.597380
1.0.20.905

Bkav FE
W32.HfsAdware
1.3.0.6979

Comodo Security
Application.Win32.LoadMoney.IARS
22600

Dr.Web
Trojan.Amonetize
9.0.1.0181

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.597380
8.15.06.30.01

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11854

F-Prot
W32/S-53544127
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Kazy
11.2015-30-06_3

G Data
Gen:Variant.Adware.Kazy.597380
15.6.25

K7 AntiVirus
Unwanted-Program
13.205.16384

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1807

Malwarebytes
PUP.Optional.Amonetize
v2015.06.30.01

MicroWorld eScan
Gen:Variant.Adware.Kazy.597380
16.0.0.543

Panda Antivirus
Trj/Genetic.gen
15.06.30.01

Qihoo 360 Security
HEUR/QVM16.0.Malware.Gen
1.0.0.1015

Quick Heal
PUA.Bershnetll.Gen
6.15.14.00

Reason Heuristics
PUP.BERSHNET (M)
15.6.30.13

VIPRE Antivirus
Amonetize
41506

File size:
1.5 MB (1,577,488 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\file - ?winrar zip\serial+number+mp3+toolkit_10924_i24617038_il345.exe\serial number mp3 toolkit_10924_i24617038_il345.exe\serial number mp3 toolkit_10924_i24617038_il345.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/6/2015 3:00:00 AM

Valid to:
2/7/2016 2:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
6/27/2015 11:23:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:qsoKRX1vUDKbCLIazj97jhHpQ4vf+1pcjasQQ:QgUuMTz57jBpdvfpjj

Entry address:
0x31239F

Entry point:
57, C7, 04, 24, 3B, EE, 3B, FE, E9, E7, 0E, 0E, 00, 9C, 8E, F3, D4, A6, 6D, 1D, C1, FC, 5D, 98, F2, CD, 91, 0A, 22, 47, 88, D5, FA, AF, B0, C9, 0E, 63, 64, DB, 2C, 9B, 6C, FC, E3, 4B, CA, 8F, D0, B9, 9E, D4, 74, 85, E6, 39, B5, 9C, 3F, 25, 49, ED, AC, FE, 58, B7, 47, 6E, 81, 89, BF, 79, 7C, D2, B4, DF, D5, A6, A7, 4F, AA, 01, 0E, DF, CF, 5E, 08, 19, 0A, 5F, 36, 30, 0D, 6C, 0E, D2, 71, 01, 16, 19, CC, 9D, BF, 2E, 7F, 3E, 15, 48, 9D, 56, F9, A6, 04, 8D, 12, 9A, 17, E7, 6D, CC, 8B, 29, 42, EA, BE, 02, E0, 33...
 
[+]

Entropy:
7.9948  (probably packed)

Code size:
187.5 KB (192,000 bytes)

The file serial number mp3 toolkit_10924_i24617038_il345.exe has been seen being distributed by the following URL.