windows.vista.sp2.ultimate.(32.bit).torrent_10924_i25570484_il345.exe

Runner Utility

BERSHNET LLC

The application windows.vista.sp2.ultimate.(32.bit).torrent_10924_i25570484_il345.exe by BERSHNET has been detected as adware by 22 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.red-4-small-button.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
7559ecde5efd1885fe9cfd12b1df31a7

SHA-1:
bc4efdcf59b54f782122be6fcc0f913b86ce9710

SHA-256:
0ec1c56c091578fcb0e2c99b7dca2e0500b06bbc7d38037a357ea3f26016183a

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
12/27/2024 7:17:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Jatif.320
577

AhnLab V3 Security
PUP/Win32.LoadMoney
2015.06.30

Avira AntiVirus
ADWARE/Amonetize.Gen7
8.3.1.6

Arcabit
Trojan.Application.Jatif.320
1.0.0.425

avast!
Win32:Amonetize-JO [PUP]
2014.9-150708

AVG
Generic
2016.0.3055

Bitdefender
Gen:Variant.Application.Jatif.320
1.0.20.945

Comodo Security
Application.Win32.LoadMoney.IARS
22630

Dr.Web
Trojan.Amonetize
9.0.1.0189

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11866

F-Prot
W32/S-53544127
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Jatif
11.2015-08-07_4

G Data
Gen:Variant.Application.Jatif.320
15.7.25

K7 AntiVirus
Unwanted-Program
13.205.16409

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1768

Malwarebytes
PUP.Optional.Amonetize
v2015.07.08.09

MicroWorld eScan
Gen:Variant.Application.Jatif.320
16.0.0.567

Panda Antivirus
Trj/Genetic.gen
15.07.08.09

Quick Heal
PUA.Bershnetll.Gen
7.15.14.00

Reason Heuristics
PUP.BERSHNET (M)
15.7.8.9

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15706

VIPRE Antivirus
Amonetize
41586

File size:
1.5 MB (1,540,624 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/6/2015 1:00:00 AM

Valid to:
2/7/2016 12:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
6/30/2015 4:03:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:trAxflL3MgMPfsEK69oeDliXR8MtFyopmuAaln+1wh1+vaZ6r/p+QXYMv5Vo:8ak969PQhF5gal+1wh1+vaZ691IMRq

Entry address:
0x3DE8DA

Entry point:
9C, C7, 04, 24, 1C, 3A, A4, 34, E9, 79, 38, E9, FF, 9C, C7, 44, 24, 20, CB, D7, 43, 97, 60, 68, 0F, 8E, 42, D5, 9C, C6, 44, 24, 0C, 34, 8D, 64, 24, 48, E9, 42, 3D, 00, 00, C8, 27, 76, D1, 43, AB, 72, F9, 78, 39, F6, 99, 04, 65, C4, 8D, 56, F1, 51, 8B, 74, E3, 77, 7D, B6, 7F, 7D, C7, 9D, E6, 39, ED, F7, 56, 33, E0, C7, DA, BF, 90, 97, AC, 4B, A0, 7D, 34, 1A, 46, F4, 8E, D5, 04, C6, 38, 07, 0A, 25, 8E, 2F, 8F, B6, 44, 62, 58, AD, 06, A9, 19, 5F, 37, 1F, 67, 9E, 96, 0A, 45, DF, 12, C4, F2, 13, A0, E9, 56, B4...
 
[+]

Code size:
187.5 KB (192,000 bytes)

The file windows.vista.sp2.ultimate.(32.bit).torrent_10924_i25570484_il345.exe has been seen being distributed by the following URL.