home

microsoft frontpage_10924_i26101729_il345.exe

Runner Utility

BERSHNET LLC

The application microsoft frontpage_10924_i26101729_il345.exe by BERSHNET has been detected as adware by 24 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. It is also typically executed from the user's temporary directory.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
cb9b7f7ae5e8497abff5097ebaf3be50

SHA-1:
0ef81c1450391d37491bfca7c9aaf1d58fb0634e

SHA-256:
0d4d2b053fb8cf8712a06568bdbb1ecefd34f2fec8921e9e562cdebce3363ebc

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
4/18/2024 3:26:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.597391
583

AhnLab V3 Security
PUP/Win32.LoadMoney
2015.07.02

Avira AntiVirus
ADWARE/Amonetize.Gen7
8.3.1.6

Arcabit
Trojan.Adware.Kazy.D91D8F
1.0.0.425

avast!
Win32:Amonetize-JO [PUP]
2014.9-150702

AVG
Generic
2016.0.3061

Baidu Antivirus
PUA.Win32.Dlhelper
4.0.3.1572

Bitdefender
Gen:Variant.Adware.Kazy.597391
1.0.20.915

Bkav FE
W32.HfsAdware
1.3.0.6979

Comodo Security
Application.Win32.LoadMoney.IARS
22639

Dr.Web
Trojan.Amonetize
9.0.1.0183

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.597391
8.15.07.02.12

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11875

F-Prot
W32/S-53544127
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Kazy
11.2015-02-07_5

G Data
Gen:Variant.Adware.Kazy.597391
15.7.25

K7 AntiVirus
Unwanted-Program
13.205.16429

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1800

Malwarebytes
PUP.Optional.Amonetize
v2015.07.02.12

MicroWorld eScan
Gen:Variant.Adware.Kazy.597391
16.0.0.549

Panda Antivirus
Trj/Genetic.gen
15.07.02.12

Quick Heal
PUA.Bershnetll.Gen
7.15.14.00

Reason Heuristics
PUP.BERSHNET (M)
15.7.2.0

VIPRE Antivirus
Amonetize
41630

File size:
1.5 MB (1,572,880 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\microsoft frontpage_10924_i26101729_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/6/2015 12:00:00 AM

Valid to:
2/6/2016 11:59:59 PM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
7/2/2015 1:03:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:/iroe1RHhf3DrxuqmdaUy9YcbIfBpdo5pmG:/ir7DKs/9/kfBpdqx

Entry address:
0x364639

Entry point:
68, 37, 1C, A7, DD, 9C, C7, 44, 24, 04, 60, 71, 5C, 62, 68, 35, 97, DF, 2D, C7, 44, 24, 04, C5, 2C, 9F, 53, 60, 60, C6, 44, 24, 08, 2C, 8D, 64, 24, 44, E9, 84, 84, 09, 00, 2D, B8, EC, C8, A0, 04, 64, 40, 1E, 7B, 41, FE, 16, 16, E0, 6B, 13, 88, 54, 0E, BE, 16, 76, 4E, 0E, 66, 36, 8E, 50, 1B, BD, 5F, 19, 7B, 35, 8F, DB, C0, C8, 46, 02, 1C, 82, 12, 2E, 4E, 60, 30, 7F, 44, 37, 8D, 45, 03, 95, 4D, B5, A9, EF, DD, A0, 72, 27, 19, 96, 70, 15, 70, 36, 0B, E2, A6, 38, 1E, 6A, 8C, 7A, 69, AE, FE, 6B, EA, 88, A4, 59...
 
[+]

Entropy:
7.9943  (probably packed)

Code size:
187.5 KB (192,000 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.