» kometa.exe
Overview
Analysis
File Details
Behaviors (1)
Network (10)

kometa.exe

Kometa

Kometa LLC

The application kometa.exe by Kometa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address dns.set.error on port 80 using the HTTP protocol.

File name:

kometa.exe

Publisher:

@COMPANY_FULLNAME@ (signed by Kometa LLC)

Product:

Kometa

Version:

52.0.2743.82

MD5:

006b45e25b0fb4333271b2bfc6af8985

SHA-1:

fbfd385ae6afdafd0b772f03cd0f69b41c72ec85

SHA-256:

fd939c79c300d4c9ab1c0f217112e628eca111342ddce933f6e40e9ba13b0863

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 1:37:57 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.8.9.14

File size:

1.5 MB (1,535,208 bytes)

Product version:

52.0.2743.82

Original file name:

chrome.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\kometa\application\kometa.exe

Digital Signature

Signed by:

Kometa LLC

Authority:

COMODO CA Limited

Valid from:

4/6/2015 3:00:00 AM

Valid to:

4/6/2018 2:59:59 AM

Subject:

CN=Kometa LLC, O=Kometa LLC, STREET="kv.93,k.1, 41 Chertanovskaya ul.", L=Moscow, S=Moscow, PostalCode=117519, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

650A6B1174650A2E197862FE54E2519D

File PE Metadata

Compilation timestamp:

8/8/2016 5:13:28 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

24576:xf79/f/PVHCUGwf0TSfVXvb4VdX4wVxPvauiULZJyqgSp3Y0yKSj0GHmq2:xf79/f/PViUGwf0kvb4VdX4wVxPvauiY

Entry address:

0x7D7EE

Entry point:

E8, 18, 10, 00, 00, E9, 80, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1... 
[+]

Code size:

731 KB (748,544 bytes)

Shell Open Command

Open type:

ftp

Command:

"C:\users\{user}\appdata\local\kometa\application\kometa.exe" -- "%1"

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to static.99.253.9.5.clients.your-server.de (5.9.253.99:80)

TCP (HTTP):

Connects to dns.set.error (185.14.29.154:80)

TCP (HTTP):

Connects to static.103.253.9.5.clients.your-server.de (5.9.253.103:80)

TCP (HTTP SSL):

Connects to host-static-212-0-219-9.moldtelecom.md (212.0.219.9:443)

TCP (HTTP SSL):

Connects to a23-45-102-106.deploy.static.akamaitechnologies.com (23.45.102.106:443)

TCP (HTTP SSL):

Connects to a184-31-83-192.deploy.static.akamaitechnologies.com (184.31.83.192:443)

TCP (HTTP SSL):

Connects to a184-30-214-157.deploy.static.akamaitechnologies.com (184.30.214.157:443)

TCP (HTTP SSL):

Connects to a104-87-0-132.deploy.static.akamaitechnologies.com (104.87.0.132:443)

TCP (HTTP SSL):

Connects to a104-86-253-82.deploy.static.akamaitechnologies.com (104.86.253.82:443)

TCP (HTTP SSL):

Connects to a104-86-228-165.deploy.static.akamaitechnologies.com (104.86.228.165:443)

Remove kometa.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.