home

setka 7.3 germany hex usb can vcds_10924_i41082107_il345.exe

Runner Utility

BERSHNET LLC

The application setka 7.3 germany hex usb can vcds_10924_i41082107_il345.exe by BERSHNET has been detected as adware by 22 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.red-1-small-button.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
8a9133426edb16990f7459015cc2d3f4

SHA-1:
9ee417c9279bbb19300f8aa3e5845b1893b310aa

SHA-256:
cc525cc5960002a1ceb3003619fefc23235965f7824628cd6d120dd802ceeafb

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
11/5/2024 1:07:49 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
696

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.214.46

AVG
Generic
2016.0.3174

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.345

Comodo Security
Application.Win32.LoadMoney.IARS
21311

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
8.15.03.10.06

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11278

Fortinet FortiGate
Riskware/Agent
3/10/2015

F-Prot
W32/S-40484255
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey
11.2015-10-03_3

G Data
Gen:Variant.Adware.Mikey.8247
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15179

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.2366

McAfee
Artemis!8A9133426EDB
5600.6830

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.207

Panda Antivirus
Trj/Genetic.gen
15.03.10.06

Qihoo 360 Security
HEUR/QVM16.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.BERSHNET
15.3.10.18

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15308

Sophos
Generic PUA JO
4.98

Trend Micro House Call
TROJ_GEN.R047B01C615
7.2.69

VIPRE Antivirus
Amonetize
38170

File size:
1.5 MB (1,554,448 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setka 7.3 germany hex usb can vcds_10924_i41082107_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/6/2015 1:00:00 AM

Valid to:
2/7/2016 12:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
3/5/2015 5:03:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:COaSA9Zc9IIqSC2IPTyyXKPxvzwnaoJHoN03d5SmWrwR7vLyHxR9RH0cRXGz7R8U:CEAZAIICpTIvziaUygRr2HxR9K18Wcf8

Entry address:
0x3EB228

Entry point:
60, E8, 65, 98, F7, FF, E9, 47, 31, 00, 00, 05, 0D, A7, 5D, 5A, 87, 0B, 22, 25, 05, 46, 23, 2C, 3E, A0, 2A, 90, 1A, 65, B0, 3A, B8, C2, 04, 82, 00, AE, 2C, 47, 82, 10, 8A, 38, BA, D8, 16, 59, A6, 40, E8, C1, DE, D2, B5, 33, 22, 5C, 05, 99, 35, A6, 3E, B2, 2A, DB, A7, 3F, CE, EB, 80, 43, A2, B6, 33, 40, 9D, 09, 2F, 92, D2, C1, 6A, B1, 3C, A4, 55, 21, 7B, BD, CE, 13, B7, 16, 32, 73, B4, 7E, 6C, 5C, 4E, 6A, 40, 18, 56, DA, F3, 64, DA, C5, 0B, AF, E1, 67, AC, 4C, BA, 58, C7, A5, E6, A5, 2D, 5D, B0, 92, D3, 51...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
187.5 KB (192,000 bytes)

The file setka 7.3 germany hex usb can vcds_10924_i41082107_il345.exe has been seen being distributed by the following URL.

http://files.red-1-small-button.com/p/.../sETKA 7.3 GERMANY HEX USB CAN VCDS_10924_i41082107_il345.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.