pricemeter.exe

PriceMeter

The application pricemeter.exe has been detected as adware by 10 anti-malware scanners. This file is typically installed with the program Price Metér (remove only) by DealPly Technologies Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address multimedia-redir.interia.pl on port 80 using the HTTP protocol.
Publisher:
PriceMeter

Product:
PriceMeter

Version:
1.1.2.7

MD5:
b93197f5c04b8091b8228d254fb85bfb

SHA-1:
85411eeb5c7eaba0e7ccd2acd3ce39d61f050251

SHA-256:
7d32868ee4cb4ef113ec009dc000fc9bfeff4e069956be8e54d3a0599a59235d

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
12/23/2024 12:09:11 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.384935
988

Baidu Antivirus
Adware.Win32.DealPly
4.0.3.14523

Bitdefender
Gen:Variant.Kazy.384935
1.0.20.715

Emsisoft Anti-Malware
Gen:Variant.Kazy.384935
8.14.05.23.11

ESET NOD32
Win32/DealPly.Q potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Kazy.384935
11.2014-23-05_6

G Data
Gen:Variant.Kazy.384935
14.5.24

Malwarebytes
PUP.Optional.PriceMeter.A
v2014.05.23.11

MicroWorld eScan
Gen:Variant.Kazy.384935
15.0.0.429

Reason Heuristics
PUP.PriceMeter.K
14.9.30.13

File size:
853.5 KB (873,984 bytes)

Product version:
1.1.2.7

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\pricemeter\pricemeter.exe

File PE Metadata
Compilation timestamp:
5/12/2014 10:08:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:ThlyWSqCxwDvBcjRrobc6rHsnW9LDY/scWTXqMCQMm4ebo8c0yQL:ThlzmxEBcWfTsWVcHoL

Entry address:
0x63096

Entry point:
E8, 99, A6, 00, 00, E9, 7F, FE, FF, FF, FF, 35, 88, 19, 4A, 00, FF, 15, B4, 61, 48, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 95, 9E, 00, 00, 6A, 01, 6A, 00, E8, 2C, 03, 00, 00, 83, C4, 0C, E9, 43, 03, 00, 00, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 23, AA, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, 1A, 4A, 00, 00, 59, 85, C0, 74, E6, C9, C3, 6A, 01, 8D, 45, FC, 50, 8D, 4D, F0, C7, 45, FC, 9C, B0, 48, 00, E8, E5, 34, 00, 00, 68, A0, 50, 49, 00, 8D, 45, F0, 50, C7, 45, F0, 94, B0, 48, 00, E8, C3, 59...
 
[+]

Code size:
528.5 KB (541,184 bytes)

The file pricemeter.exe has been discovered within the following program.

Price Metér (remove only)  by DealPly Technologies Ltd.
Price Meter injects advertising (coupons, discounts, comparative prices, etc.) in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links and some popup/popunder ads.
support.pricemeter.net
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-23-21-218-182.compute-1.amazonaws.com  (23.21.218.182:80)

TCP (HTTP):
Connects to rc2.las.dmtracker.com  (69.64.147.242:80)

TCP (HTTP):
Connects to multimedia-redir.interia.pl  (217.74.65.145:80)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.daa.yahoo.com  (69.147.86.12:443)

TCP (HTTP SSL):
Connects to cache.google.com  (170.51.244.166:443)

Remove pricemeter.exe - Powered by Reason Core Security