home

author disabled presentations from slideshare_10924_i38703301_il345.exe

Runner Utility

BERSHNET LLC

The application author disabled presentations from slideshare_10924_i38703301_il345.exe by BERSHNET has been detected as adware by 23 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
453548ed8223017da53e4283a587cad9

SHA-1:
1a6f2d739f05867195082e47dec3be2f4d62273f

SHA-256:
cfa121426f56f8fb704e16a45b5713aa16909cce71e86e380185a7d38c3afd07

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
4/25/2024 6:27:42 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
701

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.214.2

avast!
Win32:Amonetize-JO [PUP]
2014.9-150728

AVG
Win32/Heur
2016.0.3179

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.320

Comodo Security
Virus.Win32.Virut.CE
21306

Dr.Web
Trojan.Amonetize
9.0.1.0209

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
8.15.03.05.10

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11276

Fortinet FortiGate
Riskware/Agent
3/5/2015

F-Prot
W32/S-40484255
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey
11.2015-05-03_5

G Data
Gen:Variant.Adware.Mikey.8247
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15176

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.2390

Malwarebytes
PUP.Optional.Amonetize
v2015.07.28.03

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.192

Panda Antivirus
Trj/Genetic.gen
15.03.05.10

Qihoo 360 Security
Win32/Virus.Downloader.736
1.0.0.1015

Reason Heuristics
PUP.BERSHNET
15.3.5.22

Sophos
Generic PUA BK
4.98

Trend Micro House Call
TROJ_GEN.R08NB01BS15
7.2.64

VIPRE Antivirus
Amonetize
38154

File size:
1.4 MB (1,506,832 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\author disabled presentations from slideshare_10924_i38703301_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/6/2015 3:00:00 AM

Valid to:
2/7/2016 2:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
2/28/2015 7:53:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:eMzlDtZx5cXfGuWZko5I3D5pvMjFncQYf7BYRJooXPGafOvAR64/FN4qe3rg1oGp:eoL5UfmxI3tpcncGRJoUPG2aARfFw6o0

Entry address:
0x339A06

Entry point:
E8, E1, BD, 00, 00, 81, 7C, 4F, DB, 0C, 09, 9B, 5C, 59, 58, 43, 24, FB, EF, 4F, A9, 41, BB, 1D, F6, 44, A9, 5D, B5, B6, C3, 47, CA, D2, 1B, 59, 0C, 6B, E8, 40, B3, 8E, CC, 3E, B3, 36, 4A, 63, 56, F1, 58, BF, 64, C3, AD, 30, 82, 95, 8C, 9F, 9C, 2B, 35, 9C, E9, 7C, F2, B5, AA, 79, 36, 1C, DA, B2, 62, 09, 12, F7, 1C, 41, 4C, 7F, D8, EC, A2, 93, AE, 01, 1C, CF, 64, EF, 9E, 45, DC, 7E, 4E, 11, 88, 08, E2, 83, D0, C9, CA, 4B, 1A, F3, D7, 6A, A3, 2F, DB, A6, 38, F3, B7, 6A, 06, 12, 60, 79, A2, E6, A5, 6D, 38, CA...
 
[+]

Entropy:
7.9930  (probably packed)

Code size:
187.5 KB (192,000 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.