home

mad.men.s02e12.the.mountain.king.hdtv.xvid_10924_i7081855_il345.exe

Runner Utility

BERSHNET LLC

The application mad.men.s02e12.the.mountain.king.hdtv.xvid_10924_i7081855_il345.exe by BERSHNET has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from downprov.brown1switch.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
8817c1487c75475ef21d08c5f711871f

SHA-1:
044f97aabf13cb13219e1f3d3373df6d4cedc5ae

SHA-256:
e7190e0a9645ee4dd3c8fbd99aa3c9b08cf46d8bfb9cbf3994bf1364f76bc4c9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/16/2024 7:46:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize (M)
16.8.8.23

File size:
1.5 MB (1,521,168 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mad.men.s02e12.the.mountain.king.hdtv.xvid_10924_i7081855_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/6/2015 2:00:00 AM

Valid to:
2/7/2016 1:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
5/11/2015 11:53:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:hBIfUABVYcVpBiXjxwj+AD2plgHW1Cc8nmcjuwZz+KeiYyOyVWoX3jGqA4VZ:hK8ABVYctiX9wKAD2plgHXc8CwZz+K7P

Entry address:
0x2F46DB

Entry point:
60, E8, 7D, F0, 0D, 00, 60, 29, C2, 8D, 83, BA, BC, 37, 1A, 58, 9C, E9, 72, B1, F7, FF, F9, 85, C0, 60, E8, 36, 99, F7, FF, E9, 55, BC, 0D, 00, E9, 3E, D2, 0D, 00, F5, 56, 34, B9, F9, F9, D0, C0, 88, 3C, 24, 85, D9, 3A, 07, E8, 0E, D9, F7, FF, 68, 8A, 0D, A5, 54, 83, C4, 04, 01, E3, F7, C3, B5, 4E, CD, EF, 66, C1, D7, 08, 66, D1, EF, 89, DF, D2, E8, D2, C0, B0, 2E, 50, E8, 1D, 5B, F8, FF, AC, E2, FD, AF, 48, A0, 30, 12, F4, DE, CB, 9D, E0, CA, 53, 7D, 70, 0A, F3, A1, D4, F2, D8, DE, 2E, 5C, 29, 77, 66, 8A...
 
[+]

Entropy:
7.9934

Packer / compiler:
ASPack v1.08.04

Code size:
187.5 KB (192,000 bytes)

The file mad.men.s02e12.the.mountain.king.hdtv.xvid_10924_i7081855_il345.exe has been seen being distributed by the following URL.

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=Mad.Men.S02E12.The.Mountain.King.HDTV.XviD_Downloader&instid[appsetupurl]=http://go.bestsoftwarelive.com/getfast/download.cgi?9&ti1=1410000&ti2=0&ti3=DD1_2015-05-11T09:10:59.586265 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.bestsoftwarelive.com/d1/logo150x150.png&prefix=Mad.Men.S02E12.The.Mountain.King.HDTV.XviD&instid[thankyoupage]=http://download.bestsoftwarelive.com/.../thank_you.php?ti1=1410000&ti2=0&ti3=DD1_2015-05-11T09:10:59.586265 00:00&parameter=Mad.Men.S02E12.The.Mountain.King.HDTV.XviD&instid[interrupted]=http://download.bestsoftwarelive.com/.../interrupted.php?ti1=1410000&ti2=0&ti3=DD1_2015-05-11T09:10:59.586265 00:00&parameter=Mad.Men.S02E12.The.Mountain.King.HDTV.XviD&ti1=1410000&ti2=0&ti3=DD1_2015-05-11T09:10:59.586265 00:00&_dest=files.red-2-small-button.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.