kometa.exe

Kometa (39.37)

Kometa LLC

The application kometa.exe by Kometa has been detected as a potentially unwanted program by 4 anti-malware scanners. While running, it connects to the Internet address ip158.156.odnoklassniki.ru on port 443.
Publisher:
Kometa Authors  (signed by Kometa LLC)

Product:
Kometa (39.37)

Description:
Kometa

Version:
39.0.2171.95

MD5:
8a1cf75ef80729723252925c4dc72e11

SHA-1:
d817533e98b12db799cb9bfbf980cf561c6bcee0

SHA-256:
fb6afca62638653d526190f9600977d0229c6676b2a357ac6582b713af80c88b

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 4:43:43 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3214

McAfee
Artemis!8A1CF75EF807
5600.6870

Reason Heuristics
PUP.Optional.Kometa
15.3.20.19

Trend Micro House Call
Suspicious_GEN.F47V0126
7.2.30

File size:
1.1 MB (1,118,776 bytes)

Product version:
39.0.2171.95

Copyright:
Copyright 2014 The Kometa Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\kometa\application\kometa.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
4/17/2014 3:00:00 AM

Valid to:
4/18/2015 2:59:59 AM

Subject:
CN=Kometa LLC, OU=Kometa, O=Kometa LLC, L=Moscow, S=Moscow region, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
789700B04617455B34E1CD6D18230CC0

File PE Metadata
Compilation timestamp:
1/14/2015 1:57:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:lWnNZ9Hucu0fzmg/iiKDt497f4a8kZpTvygRPb5OCE+nme811rvSC51DYramszqi:lWnrkcu0YR4tv811rvtjTGZD0GhuGW

Entry address:
0x4C748

Entry point:
E8, 58, D8, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, A1, 44, 4F, 4A, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, 44, 4F, 4A, 00, 6A, 04, 50, E8, 80, 51, 00, 00, A3, 40, 4F, 4A, 00, 59, 59, 85, C0, 75, 1E, 6A, 04...
 
[+]

Code size:
438.5 KB (449,024 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ip159.156.odnoklassniki.ru  (217.20.156.159:443)

TCP (HTTP SSL):
Connects to log.rutube.ru  (193.232.151.148:443)

TCP (HTTP SSL):
Connects to ip5.23.odnoklassniki.ru  (5.61.23.5:443)

TCP (HTTP SSL):
Connects to a104-108-39-228.deploy.static.akamaitechnologies.com  (104.108.39.228:443)

TCP (HTTP SSL):
Connects to portal.mail.ru  (94.100.180.59:443)

TCP (HTTP SSL):
Connects to ip229.152.odnoklassniki.ru  (217.20.152.229:443)

TCP (HTTP SSL):
Connects to a104-96-148-23.deploy.static.akamaitechnologies.com  (104.96.148.23:443)

TCP (HTTP SSL):
Connects to ip58.155.odnoklassniki.ru  (217.20.155.58:443)

TCP (HTTP SSL):
Connects to ip57.155.odnoklassniki.ru  (217.20.155.57:443)

TCP (HTTP SSL):
Connects to ip22.155.odnoklassniki.ru  (217.20.155.22:443)

TCP (HTTP SSL):
Connects to ip213.152.odnoklassniki.ru  (217.20.152.213:443)

TCP (HTTP SSL):
Connects to ip158.156.odnoklassniki.ru  (217.20.156.158:443)

TCP (HTTP SSL):
Connects to ip204.152.odnoklassniki.ru  (217.20.152.204:443)

TCP (HTTP SSL):
Connects to ip214.152.odnoklassniki.ru  (217.20.152.214:443)

TCP (HTTP SSL):
Connects to ip137.156.odnoklassniki.ru  (217.20.156.137:443)

TCP (HTTP):
Connects to digital.enconme.com  (200.7.96.93:80)

TCP (HTTP SSL):
Connects to bar.love.mail.ru  (193.0.170.54:443)

TCP (HTTP SSL):
Connects to static.yandex.net  (178.154.131.215:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (93.158.134.119:443)

TCP (HTTP SSL):
Connects to cache.google.com  (178.168.3.76:443)

Remove kometa.exe - Powered by Reason Core Security