PriceMeterLiveUpdate.exe

PriceMeterLiveUpdate Update

PriceMeter

The application PriceMeterLiveUpdate.exe by PriceMeter has been detected as adware by 5 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named PriceMeterLiveUpdateUpdateTaskMachineCore triggered to execute each time a user logs in. While running, it connects to the Internet address 125.235.4.59.adsl.viettel.vn on port 80 using the HTTP protocol.
Publisher:
PriceMeter  (signed and verified)

Product:
PriceMeterLiveUpdate Update

Version:
1.3.23.0

MD5:
3d8b851e7efcdc130e4b301bdde10099

SHA-1:
eadce4ecd2e1348818f30e197ad465c0a8fe20e1

SHA-256:
4a10f1070315fb1f5f6f66af194ecac5bbc4f27d8c3bfb7c9277dffcb6eb3f39

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/26/2024 1:32:04 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Shopper.363
9.0.1.068

NANO AntiVirus
Trojan.Win32.Shopper.cquvgh
0.28.0.58101

Reason Heuristics
PUP.Task.PriceMeter.U
14.9.30.13

Rising Antivirus
PE:Trojan.GenericKDV!6.B5C
23.00.65.14307

Trend Micro House Call
TROJ_GEN.F47V0130
7.2.68

File size:
147 KB (150,504 bytes)

Product version:
1.3.23.0

Copyright:
Copyright 2007-2010 Google Inc.

Original file name:
PriceMeterLiveUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\Program Files\pricemeterliveupdate\update\pricemeterliveupdate.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
1/12/2014 10:00:00 PM

Valid to:
1/13/2015 9:59:59 PM

Subject:
CN=PriceMeter, O=PriceMeter, STREET=63 Rotchild Blvd, L=Tel Aviv, S=Tel Aviv, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3BC5844507FA9A5E38487A5D679A8EB9

File PE Metadata
Compilation timestamp:
1/25/2014 11:49:58 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:dBy4ALVlymUnRcIvf5Di+Qo9DEN9f9vm8j+Nrh1yUH9T/UAZ39wdjg+2TTqhpy/x:64ALV7Ud9i+4+u4

Entry address:
0x4E06

Entry point:
E8, 3E, 24, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 48, 31, 41, 00, E8, 84, 00, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 9C, 0C, 41, 00, 03, 75, 43, 6A, 04, E8, 28, 26, 00, 00, 59, 83, 65, FC, 00, 56, E8, 50, 26, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 71, 26, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, 14, 25, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 04, F7, 40, 00, FF, 15, 7C, 10, 41, 00, 85, C0, 75, 16, E8, F0, 06, 00...
 
[+]

Code size:
51.5 KB (52,736 bytes)

Scheduled Task
Task name:
PriceMeterLiveUpdateUpdateTaskMachineCore

Trigger:
Logon (Runs on logon)

Action:
pricemeterliveupdate.exe \c

Description:
Keeps your PriceMeter software up to date. If this task is disabled or stopped, your PriceMeter software will not be kept up to date, meaning security


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to unallocated.barefruit.co.uk  (92.242.140.20:443)

TCP (HTTP):
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:80)

TCP (HTTP):
Connects to ec2-54-72-52-58.eu-west-1.compute.amazonaws.com  (54.72.52.58:80)

Remove PriceMeterLiveUpdate.exe - Powered by Reason Core Security