home

{blocked}.exe

Runner Utility

BERSHNET LLC

The application {blocked}.exe by BERSHNET has been detected as adware by 22 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
9189bff1b1fd86b47d344c41c802a6e9

SHA-1:
aa4403c17a8bee017a777ba4dd2e5be0988335e3

SHA-256:
179b4853d27448ee09118ed56ccf3070f822b617fa4b5813dd4465873db25cb6

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
4/24/2024 7:34:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Jatif.320
551

AhnLab V3 Security
PUP/Win32.LoadMoney
2015.07.02

Avira AntiVirus
ADWARE/Amonetize.Gen7
8.3.1.6

Arcabit
Trojan.Application.Jatif.320
1.0.0.425

avast!
Win32:Amonetize-JO [PUP]
2014.9-150803

AVG
Generic
2016.0.3029

Bitdefender
Gen:Variant.Application.Jatif.320
1.0.20.1075

Bkav FE
W32.HfsAdware
1.3.0.6979

Comodo Security
Application.Win32.LoadMoney.IARS
22641

Dr.Web
Trojan.Amonetize
9.0.1.0215

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11876

F-Prot
W32/S-53544127
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Jatif
11.2015-03-08_2

G Data
Gen:Variant.Application.Jatif.320
15.8.25

K7 AntiVirus
Unwanted-Program
13.205.16431

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1639

Malwarebytes
PUP.Optional.Amonetize
v2015.08.03.05

MicroWorld eScan
Gen:Variant.Application.Jatif.320
16.0.0.645

Panda Antivirus
Trj/Genetic.gen
15.08.03.05

Quick Heal
PUA.Bershnetll.Gen
8.15.14.00

Reason Heuristics
PUP.Amonitize.BERSHNET (M)
15.8.3.5

VIPRE Antivirus
Amonetize
41638

File size:
1.4 MB (1,493,008 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\hc hot facade signage cinemartin denoiser 1.1_10924_i26167285_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/6/2015 2:00:00 AM

Valid to:
2/7/2016 1:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
7/2/2015 8:23:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:rId47cVNJMlsKhncZDcd9stKNKcEpsC6/QzIXYvPAg0IM+VvuXs8LrnY+oWxGxqW:rFiqlszWSGEOXVeVu/c+rGxWhMy3rO3

Entry address:
0x264556

Entry point:
60, E8, CA, 10, 01, 00, E8, 5B, C1, 15, 00, 36, E7, 35, 4F, 9D, 5D, A3, 4A, 54, 68, 6D, 45, AB, FD, 2B, 49, CB, F7, 15, 27, 55, 5F, C9, C3, 39, 41, 8F, A5, 8B, 49, 97, 95, D7, B5, C4, E8, B4, 5B, DF, DB, 3A, 9E, 8F, 25, 9B, CB, 4D, 9B, 11, 18, 80, 15, 6B, B2, 3A, 51, 95, E9, 41, BF, 1C, 8C, A7, 57, 63, 86, 5A, BD, 85, 13, 51, 31, 69, 10, 32, C2, C2, 6C, E5, 0F, 2D, 47, 7D, 83, B9, 93, DE, AE, C1, 6E, 5E, 55, 8C, A8, 12, 85, CA, D3, DD, 67, 65, 5C, D0, 5A, 01, FB, 83, 35, BB, B2, 65, B6, CA, 32, 4A, 5A, EC...
 
[+]

Entropy:
7.9935

Packer / compiler:
ASPack v1.08.04

Code size:
187.5 KB (192,000 bytes)

Remove {blocked}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.