» pricemeter.exe
Overview
Analysis
File Details
Programs (1)
Network (5)

pricemeter.exe

PriceMeter

The application pricemeter.exe has been detected as adware by 10 anti-malware scanners. This file is typically installed with the program Price Metér (remove only) by DealPly Technologies Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address multimedia-redir.interia.pl on port 80 using the HTTP protocol.

File name:

pricemeter.exe

Publisher:

PriceMeter

Product:

PriceMeter

Version:

1.1.2.7

MD5:

b93197f5c04b8091b8228d254fb85bfb

SHA-1:

85411eeb5c7eaba0e7ccd2acd3ce39d61f050251

SHA-256:

7d32868ee4cb4ef113ec009dc000fc9bfeff4e069956be8e54d3a0599a59235d

Scanner detections:

10 / 68

Status:

Adware

Analysis date:

11/22/2024 8:15:09 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.384935

988

Baidu Antivirus

Adware.Win32.DealPly

4.0.3.14523

Bitdefender

Gen:Variant.Kazy.384935

1.0.20.715

Emsisoft Anti-Malware

Gen:Variant.Kazy.384935

8.14.05.23.11

ESET NOD32

Win32/DealPly.Q potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Kazy.384935

11.2014-23-05_6

G Data

Gen:Variant.Kazy.384935

14.5.24

Malwarebytes

PUP.Optional.PriceMeter.A

v2014.05.23.11

MicroWorld eScan

Gen:Variant.Kazy.384935

15.0.0.429

Reason Heuristics

PUP.PriceMeter.K

14.9.30.13

File size:

853.5 KB (873,984 bytes)

Product version:

1.1.2.7

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\users\{user}\appdata\local\pricemeter\pricemeter.exe

File PE Metadata

Compilation timestamp:

5/12/2014 10:08:54 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:ThlyWSqCxwDvBcjRrobc6rHsnW9LDY/scWTXqMCQMm4ebo8c0yQL:ThlzmxEBcWfTsWVcHoL

Entry address:

0x63096

Entry point:

E8, 99, A6, 00, 00, E9, 7F, FE, FF, FF, FF, 35, 88, 19, 4A, 00, FF, 15, B4, 61, 48, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 95, 9E, 00, 00, 6A, 01, 6A, 00, E8, 2C, 03, 00, 00, 83, C4, 0C, E9, 43, 03, 00, 00, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 23, AA, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, 1A, 4A, 00, 00, 59, 85, C0, 74, E6, C9, C3, 6A, 01, 8D, 45, FC, 50, 8D, 4D, F0, C7, 45, FC, 9C, B0, 48, 00, E8, E5, 34, 00, 00, 68, A0, 50, 49, 00, 8D, 45, F0, 50, C7, 45, F0, 94, B0, 48, 00, E8, C3, 59... 
[+]

Code size:

528.5 KB (541,184 bytes)

The file pricemeter.exe has been discovered within the following program.

Price Metér (remove only) by DealPly Technologies Ltd.

Price Meter injects advertising (coupons, discounts, comparative prices, etc.) in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links and some popup/popunder ads.

support.pricemeter.net

88% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-23-21-218-182.compute-1.amazonaws.com (23.21.218.182:80)

TCP (HTTP):

Connects to rc2.las.dmtracker.com (69.64.147.242:80)

TCP (HTTP):

Connects to multimedia-redir.interia.pl (217.74.65.145:80)

TCP (HTTP SSL):

Connects to e2.ycpi.vip.daa.yahoo.com (69.147.86.12:443)

TCP (HTTP SSL):

Connects to cache.google.com (170.51.244.166:443)

Remove pricemeter.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.