home

s.s.c english book by ajay kumar singh_10924_i49837939_il345.exe

Runner Utility

BERSHNET LLC

The application s.s.c english book by ajay kumar singh_10924_i49837939_il345.exe by BERSHNET has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from downprov.brown1switch.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
55005c6bac370ffccaa31b2f6fb72b2f

SHA-1:
967ebadfcc6219b9df259b9228298742c38e6468

SHA-256:
53c08e57ec9e74b26b25ea21b4b1f7812473029aa7a3b95c8a87261ead37f2a5

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/5/2024 4:30:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize (M)
17.3.15.20

File size:
1.5 MB (1,541,648 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\s.s.c english book by ajay kumar singh_10924_i49837939_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/6/2015 5:30:00 AM

Valid to:
2/7/2016 5:29:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
4/5/2015 11:03:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3D5473

Entry point:
9C, 68, 89, 07, 80, 90, E9, 78, 13, F2, FF, 88, 34, 24, C6, 04, 24, DA, E9, B3, B8, E9, FF, AD, 13, 43, C6, 29, 73, 67, BA, 9C, 06, AB, AD, 7C, FE, 15, 7F, 14, 92, B1, 13, D0, 5A, FF, 5D, C4, 3E, 25, B7, E4, 0D, CA, 64, 73, C5, 9F, CC, 5D, 72, CD, 78, DC, FD, 65, 03, 84, F8, DA, C8, ED, B7, 69, B8, D3, 25, AA, 11, E0, 21, 8C, 47, 64, D0, 65, 56, 6C, 7E, 61, A2, AA, 98, EE, CE, 26, BB, 4D, 00, 4C, 76, 42, F7, 18, 07, B1, DA, C4, FD, 49, EE, 84, 73, C5, 56, 78, 3A, 00, 87, 2F, E0, 42, 24, 5D, F6, 87, CA, AE...
 
[+]

Entropy:
7.9940  (probably packed)

Code size:
187.5 KB (192,000 bytes)

The file s.s.c english book by ajay kumar singh_10924_i49837939_il345.exe has been seen being distributed by the following URL.

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=s.s.c english book by Ajay kumar singh_Downloader&instid[appsetupurl]=http://go.futuresdownload.com/getfast/download.cgi?9&ti1=700000&ti2=15&ti3=2015-04-05T17:39:33.433959+00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.futuresdownload.com/d1/logo150x150.png&prefix=s.s.c english book by Ajay kumar singh&instid[thankyoupage]=http://download.futuresdownload.com/.../thank_you.php?ti1=700000&ti2=15&ti3=2015-04-05T17:39:33.433959+00:00&parameter=s.s.c english book by Ajay kumar singh&instid[interrupted]=http://download.futuresdownload.com/.../interrupted.php?ti1=700000&ti2=15&ti3=2015-04-05T17:39:33.433959+00:00&parameter=s.s.c english book by Ajay kumar singh&ti1=700000&ti2=15&ti3=2015-04-05T17:39:33.433959 00:00&_dest=files.red-2-small-button.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.