home

acrobat.dc.2015.amtlib.patched.by.adobe.snr.patch.1.4.1.zip_10924_i2446843_il345.exe

Runner Utility

BERSHNET LLC

The application acrobat.dc.2015.amtlib.patched.by.adobe.snr.patch.1.4.1.zip_10924_i2446843_il345.exe by BERSHNET has been detected as adware by 29 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
063d57f36c6e1ef47f742d54e77d5798

SHA-1:
5e8f7cae436f9cb939ea612c0375c7455f9794a5

SHA-256:
f0f27e340e4baf702f8644d78e778c2c917967fbb6577c09ba8d2a2d51523e16

Scanner detections:
29 / 68

Status:
Adware

Analysis date:
4/20/2024 2:12:26 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Jatif.320
577

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.LoadMoney
2015.05.13

AVG
Win32/Heur
2016.0.3055

Baidu Antivirus
PUA.Win32.Dlhelper
4.0.3.1577

Bitdefender
Gen:Variant.Application.Jatif.320
1.0.20.940

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.LoadMoney.IARS
22094

Dr.Web
Trojan.Amonetize
9.0.1.0188

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11615

Fortinet FortiGate
Riskware/Agent
7/7/2015

F-Prot
W32/S-53544127
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Jatif
11.2015-07-07_3

G Data
Gen:Variant.Application.Jatif.320
15.7.25

K7 AntiVirus
Unwanted-Program
13.203.15889

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1772

Malwarebytes
PUP.Optional.Amonetize
v2015.07.07.04

McAfee
Artemis!063D57F36C6E
5600.6711

MicroWorld eScan
Gen:Variant.Application.Jatif.320
16.0.0.564

NANO AntiVirus
Trojan.Win32.Agent.dradce
0.30.24.1357

Panda Antivirus
Trj/Genetic.gen
15.07.07.04

Qihoo 360 Security
HEUR/QVM16.0.Malware.Gen
1.0.0.1015

Quick Heal
PUA.Bershnetll.Gen
7.15.14.00

Reason Heuristics
PUP.BERSHNET (M)
15.7.7.16

Sophos
Amonetize
4.98

Trend Micro House Call
TROJ_GEN.R047C0EE215
7.2.188

Trend Micro
TROJ_GEN.R047C0EE215
10.465.07

VIPRE Antivirus
Amonetize
40176

Zillya! Antivirus
Downloader.Agent.Win32.250135
2.0.0.2174

File size:
1.5 MB (1,540,112 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\acrobat.dc.2015.amtlib.patched.by.adobe.snr.patch.1.4.1.zip_10924_i2446843_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/5/2015 6:00:00 PM

Valid to:
2/6/2016 5:59:59 PM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
4/25/2015 11:33:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:2hmGH3UWdFOlw60VD2sLnvE21uIz0kecrgMGUDWBJ1a+FjEI771Dafh5ogaaVK:2hNH3Rih0VDt7QIom/xWZvlv71DfgJE

Entry address:
0x27A9B7

Entry point:
E8, AB, FD, FF, FF, 40, 33, 3A, AF, 2B, B7, ED, 36, AA, FE, E7, DA, 55, 36, 91, 8D, 64, 3D, 04, BA, 4C, B2, 6A, CE, 48, A6, AD, 02, FD, D6, FD, 0B, B5, 30, 19, E1, 41, 97, 0D, 8C, 44, BF, 9A, B9, 18, 33, F6, C1, AA, 32, 95, AF, 53, BC, 57, 47, 1F, E8, 46, FD, 95, 60, 46, 31, A6, B0, E3, 7B, BE, 48, 4B, 62, F8, 2B, F4, 60, A2, 1E, 3E, 15, 00, 26, BE, 5E, B5, 8B, 49, A5, 6B, AE, 58, 17, B7, 41, 0A, 68, 3A, 2D, ED, 22, 64, CD, 0B, 58, A2, D0, A1, 5E, D8, A6, D5, D1, 16, 89, 0C, 16, FF, E7, FD, 30, 99, 2D, 0F...
 
[+]

Entropy:
7.9942  (probably packed)

Code size:
187.5 KB (192,000 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.