twee vorstinnen en een vorst(1981_10924_i39733952_il345.exe

Runner Utility

BERSHNET LLC

The application twee vorstinnen en een vorst(1981_10924_i39733952_il345.exe by BERSHNET has been detected as adware by 15 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.red-1-small-button.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
85790c70f438d67646b36ce3e2eb3a08

SHA-1:
be9d90b91015ebe6a5a0727b72f09d7886f1dd62

SHA-256:
3ee1440f1cc5a0f35dda546faf3a4c91cefc2d358bec3e248de4a7d06df66b12

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
11/28/2024 2:32:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
705

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.213.42

AVG
Generic
2016.0.3183

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.305

Comodo Security
Application.Win32.LoadMoney.IARS
21265

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
8.15.03.02.11

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11255

F-Secure
Gen:Variant.Adware.Mikey.8247
11.2015-02-03_2

G Data
Gen:Variant.Adware.Mikey.8247
15.3.25

K7 AntiVirus
Unwanted-Program
13.1915127

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.2408

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.183

Panda Antivirus
Trj/Genetic.gen
15.03.02.11

Reason Heuristics
PUP.BERSHNET
15.3.2.11

VIPRE Antivirus
Amonetize
38048

File size:
1.5 MB (1,531,920 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\twee vorstinnen en een vorst(1981_10924_i39733952_il345.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/6/2015 1:00:00 AM

Valid to:
2/7/2016 12:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
3/2/2015 4:03:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:V+ESfqemN5i79zpp6lfrGYgt+PO4pVoK5tSCQzbHJviLgubCVNH/HrTmpwVC:wXmC28qPOCKySn3HN8tbiNfHrGwA

Entry address:
0x271A0E

Entry point:
60, C7, 44, 24, 1C, 4F, C1, 19, EA, 66, 89, 64, 24, 0C, C7, 44, 24, 18, 2E, 37, 59, C4, 60, 88, 14, 24, 9C, 8D, 64, 24, 3C, E9, 38, 07, 17, 00, 56, 2C, 1A, 61, 7B, C2, 34, 9D, AB, 95, 23, 70, F2, A7, D4, EC, 72, 85, FB, 0E, 6C, 7F, 79, C0, DE, 8F, 23, 0F, 93, 05, 1A, F2, 63, 9D, BA, EC, 18, 44, 62, 3F, B0, CE, 67, 7F, 57, 0D, 59, D2, CE, E1, 95, CC, 77, FD, BC, B6, 19, 40, DA, 02, 0C, 53, 85, 36, B0, C3, 0D, BE, 5A, D6, 10, 31, CB, AE, FF, 29, 22, 96, 89, A0, 98, E8, 93, E1, 92, D0, C9, D8, 7B, A4, DF, 8A...
 
[+]

Code size:
187.5 KB (192,000 bytes)

The file twee vorstinnen en een vorst(1981_10924_i39733952_il345.exe has been seen being distributed by the following URL.