home

smastercam x8 v17.0.140947.0 (x64)_10924_i38173737_il345.exe

Runner Utility

BERSHNET LLC

The application smastercam x8 v17.0.140947.0 (x64)_10924_i38173737_il345.exe by BERSHNET has been detected as adware by 18 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.gas-split.com and multiple other hosts.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.186

MD5:
29d469c964c0d9f65225c7cb59edd735

SHA-1:
a59023fcf276dfe5b0ce9b090a66ea92bae89709

SHA-256:
3cf75c541fc886b48f346fa61d6b1a10466b2b463207632afddb48ec06035f8a

Scanner detections:
18 / 68

Status:
Adware

Analysis date:
5/17/2024 5:06:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
6542620

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.212.152

AVG
Generic
2016.0.3186

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.285

Comodo Security
Application.Win32.LoadMoney.IARS
21220

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
9.0.0.4799

ESET NOD32
Win32/Amonetize.DW potentially unwanted application
7.0.302.0

F-Prot
W32/S-59232acb
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey.8247
5.13.68

G Data
Gen:Variant.Adware.Mikey.8247
15.2.25

K7 AntiVirus
Unwanted-Program
13.1915099

Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.Amonetize.A
v2015.02.26.06

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.171

Panda Antivirus
Trj/Genetic.gen
15.02.26.06

Qihoo 360 Security
Win32/Virus.Downloader.736
1.0.0.1015

Reason Heuristics
PUP.BERSHNET
15.3.1.12

VIPRE Antivirus
Threat.4785227
37588

File size:
1.4 MB (1,502,736 bytes)

Product version:
1.0.0.186

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\smastercam x8 v17.0.140947.0 (x64)_10924_i38173737_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/5/2015 4:00:00 PM

Valid to:
2/6/2016 3:59:59 PM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
2/26/2015 10:53:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:wRdz12SHYpy8xFkhOxjdYmm+h4vlDla1mMPlPKFMA+rUxyASVnUHZmeuN8wvUFj:8z1qgkFiVvlDla1mMhNA+OFHZmeE8p

Entry address:
0x265E70

Entry point:
68, 02, 52, AF, 5C, 60, 88, 0C, 24, C7, 44, 24, 20, 9F, B5, AA, 0D, E9, E2, A7, FF, FF, 88, 0C, 24, 68, C3, A1, B0, B2, 89, F4, 60, C7, 04, 24, EA, 4D, 4D, 19, 9C, 8D, 64, 24, 24, E9, 98, D9, 15, 00, 60, 66, 0F, BA, E1, 06, E9, 94, 96, FF, FF, CC, 69, 7D, 99, 87, 2C, E7, BE, 3A, F2, 90, 42, 7B, B8, 28, 2D, 08, 4D, 0E, 1B, 58, 3B, C8, B7, A3, B6, 26, 23, BC, 77, 53, 41, D8, EF, 0E, 4D, 18, 6F, 30, 6A, 94, 09, 25, 1E, 21, 0D, 8A, 54, 7E, D3, AD, 53, 0F, 87, B2, 2E, 03, 70, A6, B4, C6, B0, 74, AB, 6F, EC, 2D...
 
[+]

Entropy:
7.9945  (probably packed)

Code size:
99 KB (101,376 bytes)

The file smastercam x8 v17.0.140947.0 (x64)_10924_i38173737_il345.exe has been seen being distributed by the following 3 URLs.

http://files.gas-split.com/p/.../descargar avatar 3d español_10924_i38171739_il345.exe

http://downprov.brown1switch.com/p/.../descargar avatar 3d español_10924_i38171739_il345.exe

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=descargar avatar 3d español_Downloader&instid[appsetupurl]=http://go.futuresdownload.com/getfast/download.cgi?9&ti1=700000&ti2=15&ti3=2015-02-26T18:59:32.829708 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.futuresdownload.com/d1/logo150x150.png&prefix=descargar avatar 3d español&instid[thankyoupage]=http://download.futuresdownload.com/.../thank_you.php?ti1=700000&ti2=15&ti3=2015-02-26T18:59:32.829708 00:00&parameter=descargar avatar 3d español&instid[interrupted]=http://download.futuresdownload.com/.../interrupted.php?ti1=700000&ti2=15&ti3=2015-02-26T18:59:32.829708 00:00&parameter=descargar avatar 3d español&ti1=700000&ti2=15&ti3=2015-02-26T18:59:32.829708 00:

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.