home

load windows 7 to msxml4.dll failed_10924_i30692243_il345.exe

Runner Utility

BERSHNET LLC

The application load windows 7 to msxml4.dll failed_10924_i30692243_il345.exe by BERSHNET has been detected as adware by 22 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. It is also typically executed from the user's temporary directory.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
286ac57a186e5db0a7569419b0584bbc

SHA-1:
b97841ed80c9a0b1408c418375021a21d9d1b4f5

SHA-256:
5c87647c5d8dd4a996caeea3ca5dc8f029fdbc2125bba563040b246d84b30bcd

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
4/19/2024 8:10:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Jatif.320
551

AhnLab V3 Security
PUP/Win32.LoadMoney
2015.07.10

Avira AntiVirus
ADWARE/Amonetize.Gen7
8.3.1.6

Arcabit
Trojan.Application.Jatif.320
1.0.0.425

avast!
Win32:Amonetize-JO [PUP]
2014.9-150803

AVG
Generic
2016.0.3029

Bitdefender
Gen:Variant.Application.Jatif.320
1.0.20.1075

Bkav FE
W32.HfsAdware
1.3.0.6979

Comodo Security
Virus.Win32.Virut.CE
22713

Dr.Web
Trojan.Amonetize
9.0.1.0215

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11915

F-Prot
W32/S-53544127
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Jatif
11.2015-03-08_2

G Data
Gen:Variant.Application.Jatif.320
15.8.25

K7 AntiVirus
Unwanted-Program
13.205.16517

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1639

Malwarebytes
PUP.Optional.Amonetize.A
v2015.08.03.06

MicroWorld eScan
Gen:Variant.Application.Jatif.320
16.0.0.645

Panda Antivirus
Trj/Genetic.gen
15.08.03.06

Quick Heal
PUA.Bershnetll.Gen
8.15.14.00

Reason Heuristics
PUP.Amonitize.BERSHNET (M)
15.8.3.6

VIPRE Antivirus
Amonetize
41860

File size:
1.5 MB (1,553,424 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\load windows 7 to msxml4.dll failed_10924_i30692243_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/5/2015 7:00:00 PM

Valid to:
2/6/2016 6:59:59 PM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
7/9/2015 2:23:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:NiODavoJrR9cFoZh3pQCx6V+bsDVAwrwEfqs9DdRFsNs+f6UNF2YFxOstsOwyh5L:OwPcYhSCEDVAww6qYos+CUNzO7Ow6sgN

Entry address:
0x3DDC7B

Entry point:
9C, 9C, E9, C5, 0A, 00, 00, C8, DD, 2C, 71, 4F, ED, C9, 80, B6, 10, FE, AB, B1, 14, 42, 73, 10, 6F, 47, CF, 42, 67, 5D, 9B, 6C, 19, 5E, 39, 44, FD, 4F, C1, 4E, 43, 38, 03, 47, B7, EA, 26, F3, 3B, 46, 5B, 82, CD, C1, DD, 70, BC, 7C, D2, 94, 2D, 01, DC, 77, B5, 5F, 69, E2, BF, E6, CC, 41, D8, CD, F3, 0F, 13, 56, FB, 10, 99, 93, A6, B1, 60, EE, 1C, 89, 78, 71, F0, 16, F3, E7, 2A, 78, 1D, 60, 3F, DA, 0C, FF, 05, 21, 85, 34, 0B, 02, AC, F7, FB, 14, AC, 0E, 48, 01, F4, AB, 0F, 98, 84, 41, 0A, 07, 12, 03, 90, 9B...
 
[+]

Entropy:
7.9938  (probably packed)

Code size:
187.5 KB (192,000 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.