home

gérard de villiers sas 62 livres autre french_10924_i41144411_il345.exe

Runner Utility

BERSHNET LLC

The application gérard de villiers sas 62 livres autre french_10924_i41144411_il345.exe by BERSHNET has been detected as adware by 16 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from downprov.brown1switch.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
8f2c815a88713d28c478ee9983b4aefa

SHA-1:
32e4cb5d4cd971ae8c8e1b2d11ec2c5af7c38483

SHA-256:
ec077d7975ac300ccdf33635322deadc9e41a8d54fbad1054a3e155cd60cb09e

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
4/19/2024 11:45:48 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
6766314

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.214.34

AVG
Generic
2016.0.3179

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.320

Comodo Security
Application.Win32.LoadMoney.IARS
21306

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
9.0.0.4799

ESET NOD32
Win32/Amonetize.DW potentially unwanted application
7.0.302.0

F-Prot
W32/S-40484255
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey
5.13.68

G Data
Gen:Variant.Adware.Mikey.8247
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15176

Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.543

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.192

Panda Antivirus
Trj/Genetic.gen
15.03.05.08

Reason Heuristics
PUP.BERSHNET
15.3.5.19

VIPRE Antivirus
Threat.4785227
38050

File size:
1.5 MB (1,583,632 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\gérard de villiers sas 62 livres autre french_10924_i41144411_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/5/2015 7:00:00 PM

Valid to:
2/6/2016 6:59:59 PM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
3/5/2015 2:33:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:bxCYjm9bZHaGbOxiWj9ZCTdixJVTamePq5FOrL:2aGKx0TdIJVTamJHM

Entry address:
0x3F761B

Entry point:
60, C7, 44, 24, 1C, F5, FC, 83, 85, E8, D2, 42, E9, FF, 69, C0, 00, 03, 00, 00, 51, F8, 66, 0F, BD, D3, F9, 8D, 84, 83, D8, 94, 00, 00, 0F, 9E, C6, C0, D2, 07, 66, 11, EA, 89, 4C, 24, 08, 66, 0F, BC, D0, 66, 31, F2, 09, C2, 89, 5C, 24, 04, 80, EA, C0, 0F, AB, FA, 66, 0F, A5, E2, 89, C3, 0F, 98, C6, C0, E2, 05, 4A, 10, EA, BA, 01, 00, 00, 00, 9C, 83, F9, 07, C6, 44, 24, 04, F7, 8D, 64, 24, 08, 0F, 82, AE, 61, F7, FF, 3F, C6, C4, 3C, 8B, 45, E0, 80, E6, 69, 80, E9, EC, F7, D0, C6, C6, 42, 8A, 0C, 38, 08, CC...
 
[+]

Code size:
187.5 KB (192,000 bytes)

The file gérard de villiers sas 62 livres autre french_10924_i41144411_il345.exe has been seen being distributed by the following URL.

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=Gérard de Villiers SAS 62 livres Autre FRENCH_Downloader&instid[appsetupurl]=http://go.futuresdownload.com/getfast/download.cgi?9&ti1=700000&ti2=13&ti3=2015-03-05T19:40:13.816477 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.futuresdownload.com/d1/logo150x150.png&prefix=Gérard de Villiers SAS 62 livres Autre FRENCH&instid[thankyoupage]=http://download.futuresdownload.com/.../thank_you.php?ti1=700000&ti2=13&ti3=2015-03-05T19:40:13.816477 00:00&parameter=Gérard de Villiers SAS 62 livres Autre FRENCH&instid[interrupted]=http://download.futuresdownload.com/.../interrupted.php?ti1=700000&ti2=13&ti3=2015-03-05T19:40:13.816477 00:00&parameter=Gérard de Villiers SAS 62 livres Autre FRENCH&ti1=700000&ti2=13&ti3=2015-03-05T19:40:13.816477 00:00&_dest=files.red-1-small-button.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.