home

supreme commander mods_10924_i43057445_il345.exe

Runner Utility

BERSHNET LLC

The application supreme commander mods_10924_i43057445_il345.exe by BERSHNET has been detected as adware by 17 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.red-1-small-button.com and multiple other hosts.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
02b605d4c80dbdfa94fb4dbcaf11da89

SHA-1:
9b8bd97f2443604f199511628d60e08a76017353

SHA-256:
d12c522d14ab5a62e62234b3a58f34602b0e298b7fedea18776a466d1cde3e5f

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
11/28/2024 2:38:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
693

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.216.60

AVG
Generic
2016.0.3171

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.360

Comodo Security
Virus.Win32.Virut.CE
21376

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
8.15.03.13.05

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11305

F-Prot
W32/S-40484255
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey
11.2015-13-03_6

G Data
Gen:Variant.Adware.Mikey.8247
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15235

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.2351

Malwarebytes
PUP.Optional.Amonetize
v2015.03.13.05

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.216

Panda Antivirus
Trj/Genetic.gen
15.03.13.05

Reason Heuristics
PUP.BERSHNET
15.3.13.17

VIPRE Antivirus
Amonetize
38342

File size:
1.5 MB (1,526,288 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\supreme commander mods_10924_i43057445_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/5/2015 7:00:00 PM

Valid to:
2/6/2016 6:59:59 PM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
3/11/2015 6:23:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:H+W17xCn6SmE/AYBVd8f47JSg5H/YpTRHmaGtRiu09QQ2S/fcfPcm0B/42HA1c14:H+UM6I/ASVd8w7kcH/YpTRGV4R9Zn/fS

Entry address:
0x2FB206

Entry point:
E8, 27, 59, 00, 00, 8A, 47, FF, E9, 87, 3B, 00, 00, 78, 8E, 58, 06, 58, 84, 9B, E4, 1A, 34, CA, 81, CE, 7F, B2, C7, 92, 28, 7E, 16, B8, 4F, 92, A7, 6A, A1, 56, 82, 4E, 02, AC, D7, 77, 05, 00, 1C, 34, D8, EB, A4, DA, AC, E4, 9A, A7, C1, 1E, FD, 8E, CC, 65, 11, 85, 47, 39, 4C, 77, F4, 4F, 86, 7D, 71, 0B, 17, AA, D3, 66, EC, B4, CC, 85, 7F, 56, F6, B5, E3, 87, 37, 6A, 83, 2F, 5D, FD, 9A, 2F, D5, 24, 5A, 77, F1, 09, E1, 90, E2, 97, D4, 6E, D8, 69, B5, F4, D9, AC, D7, E7, 14, BA, CB, 62, AB, 1F, 3B, 46, 15, 62...
 
[+]

Entropy:
7.9934  (probably packed)

Code size:
187.5 KB (192,000 bytes)

The file supreme commander mods_10924_i43057445_il345.exe has been seen being distributed by the following 4 URLs.

http://files.red-1-small-button.com/p/.../supreme commander mods_10924_i43057445_il345.exe

http://downprov.brown1switch.com/p/.../supreme commander mods_10924_i43057445_il345.exe

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=supreme commander mods_Downloader&instid[appsetupurl]=http://go.mysoftwarelive.com/getfast/download.cgi?9&ti1=1405000&ti2=1&ti3=DD1_2015-03-11T22:30:37.281567 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.mysoftwarelive.com/d1/logo150x150.png&prefix=supreme commander mods&instid[thankyoupage]=http://download.mysoftwarelive.com/.../thank_you.php?ti1=1405000&ti2=1&ti3=DD1_2015-03-11T22:30:37.281567 00:00&parameter=supreme commander mods&instid[interrupted]=http://download.mysoftwarelive.com/.../interrupted.php?ti1=1405000&ti2=1&ti3=DD1_2015-03-11T22:30:37.281567 00:00&parameter=supreme commander mods&ti1=1405000&ti2=1&ti3=DD1_2015-03-11T22:30:37.281567 00:00&_dest=files.red-1-small-button.com

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=supreme commander mods_Downloader&instid[appsetupurl]=http://go.mysoftwarelive.com/getfast/download.cgi?9&ti1=1405000&ti2=1&ti3=DD1_2015-03-11T22:30:37.281567 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.mysoftwarelive.com/d1/logo150x150.png&prefix=supreme commander mods&instid[thankyoupage]=http://download.mysoftwarelive.com/.../thank_you.php?ti1=1405000&ti2=1&ti3=DD1_2015-03-11T22:30:37.281567 00:00&parameter=supreme commander mods&instid[interrupted]=http://download.mysoftwarelive.com/.../interrupted.php?ti1=1405000&ti2=1&ti3=DD1_2015-03-11T22:30:37.281567 00:00&parameter=supreme commander mods&ti1=1405000&ti2=1&ti3=DD1_2015-03-11T22:30:37.281567 00:00&_dest=files.red-1-small-button.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.