home

kometa.exe

Kometa (п»ї44.7)

Kometa LLC

The application kometa.exe by Kometa has been detected as a potentially unwanted program by 8 anti-malware scanners. This file is typically installed with the program Kometa. While running, it connects to the Internet address static.99.253.9.5.clients.your-server.de on port 80 using the HTTP protocol.
Publisher:
Kometa Authors  (signed by Kometa LLC)

Product:
Kometa (п»ї44.7)

Description:
Kometa

Version:
44.0.2403.125

MD5:
a8d2b21cddda41fb0329b190409dc971

SHA-1:
22f00c446a55c2da57968bddaf9eb2a6e2ae86c7

SHA-256:
297681c9fe85ce6bc1c3d787e057c8704f6ee830d2bcd9e851039657411bc754

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 11:19:00 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/Kometa.Gen
8.3.1.6

AVG
Kometa
2016.0.3026

Bkav FE
W32.HfsAdware
1.3.0.7062

Dr.Web
Trojan.LoadMoney.681
9.0.1.0218

ESET NOD32
Win32/RuKometa.P potentially unwanted (variant)
9.12049

Reason Heuristics
Win32.Generic.Kometa.Meta
15.8.6.0

Sophos
Kometa Ru (PUA)
4.98

Vba32 AntiVirus
Signed-Adware.RuKometa
3.12.26.4

File size:
1 MB (1,078,880 bytes)

Product version:
44.0.2403.125

Copyright:
Copyright 2015 The Kometa Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\kometa\application\kometa.exe

Digital Signature
Signed by:
Kometa LLC

Authority:
COMODO CA Limited

Valid from:
4/6/2015 7:00:00 AM

Valid to:
4/6/2018 6:59:59 AM

Subject:
CN=Kometa LLC, O=Kometa LLC, STREET="kv.93,k.1, 41 Chertanovskaya ul.", L=Moscow, S=Moscow, PostalCode=117519, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
650A6B1174650A2E197862FE54E2519D

File PE Metadata
Compilation timestamp:
8/4/2015 12:36:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:Te3Lp5ieB8zM1r49xzp7a3MXNRW1JfrKFVWyeWEL2P90N3h8OceI3Ck1xV2e94dN:TebHieH4beAG3Ry1E0GBBb

Entry address:
0x5040A

Entry point:
E8, 8E, C2, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, A1, 44, AC, 49, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, 44, AC, 49, 00, 6A, 04, 50, E8, 80, 4F, 00, 00, A3, 40, AC, 49, 00, 59, 59, 85, C0, 75, 1E, 6A, 04, 56, 89...
 
[+]

Code size:
448.5 KB (459,264 bytes)

The file kometa.exe has been discovered within the following programs.

Kometa  by Kometa
36% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to profile.begun.ru  (91.192.149.117:80)

TCP (HTTP SSL):
Connects to srv112-194.vkontakte.ru  (95.142.194.112:443)

TCP (HTTP SSL):
Connects to net130.234.188-236.ertelecom.ru  (188.234.130.236:443)

TCP (HTTP SSL):
Connects to top-fwz1.mail.ru  (217.69.136.175:443)

TCP (HTTP SSL):
Connects to sundactramark.com  (88.208.2.218:443)

TCP (HTTP):
Connects to static.9.138.9.176.clients.your-server.de  (176.9.138.9:80)

TCP (HTTP):
Connects to static.69.235.4.46.clients.your-server.de  (46.4.235.69:80)

TCP (HTTP):
Connects to static.199.86.63.178.clients.your-server.de  (178.63.86.199:80)

TCP (HTTP SSL):
Connects to static.162.18.9.176.clients.your-server.de  (176.9.18.162:443)

TCP (HTTP SSL):
Connects to st11.recreativ.ru  (136.243.128.165:443)

TCP (HTTP):
Connects to ssp.rambler.ru  (91.192.149.14:80)

TCP (HTTP):
Connects to server-54-192-130-59.ams50.r.cloudfront.net  (54.192.130.59:80)

TCP (HTTP SSL):
Connects to server-54-192-130-146.ams50.r.cloudfront.net  (54.192.130.146:443)

TCP:
Connects to sendpulse.com  (148.251.172.100:4434)

TCP (HTTP SSL):
Connects to net130.234.188-241.ertelecom.ru  (188.234.130.241:443)

TCP (HTTP):
Connects to net130.234.188-237.ertelecom.ru  (188.234.130.237:80)

TCP (HTTP SSL):
Connects to net130.234.188-227.ertelecom.ru  (188.234.130.227:443)

TCP (HTTP SSL):
Connects to net130.234.188-226.ertelecom.ru  (188.234.130.226:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (213.180.193.119:443)

TCP:
Connects to lr-in-f188.1e100.net  (209.85.233.188:5228)

Remove kometa.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.