tomtom maps of europe 940 5965 retail navigon_10924_i41291734_il345.exe

Runner Utility

BERSHNET LLC

The application tomtom maps of europe 940 5965 retail navigon_10924_i41291734_il345.exe by BERSHNET has been detected as adware by 16 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.red-1-small-button.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
76cd30a3be9b0b80189cb74e462f3fb8

SHA-1:
e0b5b56831efb50a6b74299acb9ab1bc980fbea0

SHA-256:
ca9f33e56b3dc569636943ad18ab3fd86f0a3e87768562b39669f5c2f279ffe3

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
11/28/2024 2:34:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
6736976

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.214.252

AVG
Win32/Heur
2014.0.4253

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.340

Comodo Security
Application.Win32.LoadMoney.IARS
21347

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
9.0.0.4799

ESET NOD32
Win32/Amonetize.DW potentially unwanted application
7.0.302.0

F-Prot
W32/S-40484255
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey
5.13.68

G Data
Gen:Variant.Adware.Mikey.8247
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15197

Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.543

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.204

Panda Antivirus
Trj/Genetic.gen
15.03.09.04

Reason Heuristics
PUP.BERSHNET
15.3.9.4

VIPRE Antivirus
Threat.4785227
37788

File size:
1.5 MB (1,559,056 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tomtom maps of europe 940 5965 retail navigon_10924_i41291734_il345.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/6/2015 1:00:00 AM

Valid to:
2/7/2016 12:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
3/6/2015 10:13:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:zfUdbiCJralZtmoaZJg05YXvDouekNvBzk2juPHtLIhMm9nWADQTnH34VV:zEBJE4a0AEue6po2olfeWBTnIf

Entry address:
0x27F27B

Entry point:
9C, 66, C7, 04, 24, 9D, E3, 68, CF, 41, 4A, 6D, E8, 5F, 99, 16, 00, F0, 90, 3C, 84, 28, 4C, 72, 96, 67, BC, 51, A5, EC, 62, 3D, 5B, E8, E3, 2B, 53, D8, BE, 21, 1C, 18, D9, C6, D8, B0, 9D, 24, 39, C0, 28, 0A, 7C, 70, 30, 00, 1A, EE, E2, AF, CE, BA, A2, 86, 9E, 53, 36, 3B, A2, 5E, F2, FF, 06, F3, E2, EE, CA, A7, A2, A6, E2, E9, BF, 0E, 1F, 50, 57, 68, 69, 26, 10, D5, 38, 5D, C9, AF, 55, 8B, E8, CE, 7A, 52, 3D, 62, 00, 81, 82, 4E, 5A, 18, 5C, 89, 11, 55, 30, 12, DC, 69, 44, 02, 90, 00, 03, 62, B1, 77, 52, 61...
 
[+]

Code size:
187.5 KB (192,000 bytes)

The file tomtom maps of europe 940 5965 retail navigon_10924_i41291734_il345.exe has been seen being distributed by the following URL.