home

x64) key_10924_i50850082_il345.exe

Runner Utility

BERSHNET LLC

The application x64) key_10924_i50850082_il345.exe by BERSHNET has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from files.red-2-small-button.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
a2d0c2e64ad57157a93bb367d5dd46de

SHA-1:
54cf22975d12f670e00520b6e5378a12639e5b2e

SHA-256:
4fec51a282ea471b7629149098dd9eb5e37892b26f8c7c3a2e303cb4e49d1b07

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 12:11:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize.BERSHNET (M)
16.4.29.0

File size:
1.5 MB (1,536,016 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\x64) key_10924_i50850082_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/6/2015 7:00:00 AM

Valid to:
2/7/2016 6:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
4/9/2015 3:33:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:uDxp9gjNwN9uFMF2g4f4SZEDDYFOf6PSyA8Ws3t2oZpid1TaIz3A182nyVI:E+jNS4XflZE/MOS88V3t2IM1TRwW2y+

Entry address:
0x3D35BD

Entry point:
53, C7, 04, 24, B9, 3B, 7F, C8, C7, 04, 24, DE, 5E, 3F, F3, E8, 4A, 8F, 00, 00, 60, E8, BD, 6C, FF, FF, BE, B4, DB, 2B, B5, BF, 91, F5, 80, A5, 83, 9D, EA, 8A, 88, 69, FB, 84, A4, 7D, 0F, 68, 98, 84, 77, A8, DA, A4, F7, 7E, F0, 8C, 63, DF, E2, 62, EC, CC, 86, 04, 33, 4E, BC, BA, DB, 9D, 70, B4, 20, 2E, 67, FC, 7A, A0, 81, 0D, 36, 07, 17, 5A, 3D, 60, 39, 49, 76, BA, BF, 7A, A4, BE, 29, F5, 6D, E6, EE, A1, E7, 71, 0E, 30, 94, 00, A8, 4B, F9, 12, 9F, AF, 34, 4B, C6, CB, A4, B6, A6, 0F, 07, 83, 68, 11, 4B, 7D...
 
[+]

Code size:
187.5 KB (192,000 bytes)

The file x64) key_10924_i50850082_il345.exe has been seen being distributed by the following URL.

http://files.red-2-small-button.com/p/0c_gdL-qAsKwKDFE-oXXbQ,1428569460/.../x64) Key_10924_i50850082_il345.exe

Remove x64) key_10924_i50850082_il345.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.