» cd eliana festa junina_10924_i9332596_il345.exe
Overview
Analysis
File Details
Downloads (1)

cd eliana festa junina_10924_i9332596_il345.exe

Runner Utility

BERSHNET LLC

The application cd eliana festa junina_10924_i9332596_il345.exe by BERSHNET has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from downprov.brown1switch.com.

File name:

Publisher:

Dummy, Ltd. (signed by BERSHNET LLC)

Product:

Runner Utility

Version:

1.0.0.187

MD5:

a504fffd6a9b1bf6deac789941476b29

SHA-1:

0438e025dda622bdddd1b9cbc2382e4ae0a78c86

SHA-256:

fd8b1f9c33c51bd3fbae0fb2bb42c49059c976132c8b8cb3e66b88b5389b5a7e

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/16/2024 8:05:33 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonitize (M)

16.8.9.2

File size:

1.4 MB (1,498,640 bytes)

Product version:

1.0.0.187

Original file name:

runner.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\cd eliana festa junina_10924_i9332596_il345.exe

Digital Signature

Signed by:

BERSHNET LLC

Authority:

COMODO CA Limited

Valid from:

2/5/2015 10:00:00 PM

Valid to:

2/6/2016 9:59:59 PM

Subject:

CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata

Compilation timestamp:

5/17/2015 9:43:07 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

24576:xQms+Jh3e8yNSB6Y3lpqy6LLdjWClo2KjWqS6EcDxBO6bqKlRdPoCplY5Ex3ngN/:xQz+JdkApJ6LLhNliy7UxBO6bxjdP7yj

Entry address:

0x25E00B

Entry point:

E8, A8, 03, 16, 00, 60, 66, FF, C7, F6, D0, 89, D7, 8D, 64, 24, 20, 66, 0F, B6, C9, 66, 0F, B6, C8, E8, 79, 1F, 08, 00, 01, D0, C6, 44, 24, 08, DC, E8, C6, DB, 07, 00, 04, 06, 0B, AA, 54, 70, 6D, 26, DD, A5, 12, 2E, 85, 03, 24, CD, 31, 2B, 56, 08, 5F, 72, B4, A3, E9, 50, 98, DE, 4B, 49, 06, 7A, EF, 44, E4, 8D, 71, 73, AE, 50, CD, 5C, 8A, 88, CA, E4, 40, 04, 4B, E7, 27, 7F, D6, 0A, 6F, C6, 89, 2B, C9, 3A, F6, 21, FC, 6E, 38, A7, 90, 4C, 37, 9F, FF, 30, 95, 82, 29, CF, 2F, 2E, 65, 7A, D1, 1E, 5D, AE, 9D, 04... 
[+]

Code size:

187.5 KB (192,000 bytes)

The file cd eliana festa junina_10924_i9332596_il345.exe has been seen being distributed by the following URL.

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=cd eliana festa junina_Downloader&instid[appsetupurl]=http://go.bestsoftwarelive.com/getfast/download.cgi?9&ti1=3125000&ti2=0&ti3=DD1_2015-05-18T00:54:02.698784 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.bestsoftwarelive.com/d1/logo150x150.png&prefix=cd eliana festa junina&instid[thankyoupage]=http://download.bestsoftwarelive.com/.../thank_you.php?ti1=3125000&ti2=0&ti3=DD1_2015-05-18T00:54:02.698784 00:00&parameter=cd eliana festa junina&instid[interrupted]=http://download.bestsoftwarelive.com/.../interrupted.php?ti1=3125000&ti2=0&ti3=DD1_2015-05-18T00:54:02.698784 00:00&parameter=cd eliana festa junina&ti1=3125000&ti2=0&ti3=DD1_2015-05-18T00:54:02.698784 00:00&_dest=files.red-2-small-button.com

Remove cd eliana festa junina_10924_i9332596_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.