thumbnail.exe

Kometa Start Button

Kometa LLC

The application thumbnail.exe by Kometa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Kometa LCC  (signed by Kometa LLC)

Product:
Kometa Start Button

Version:
1,0,0,0

MD5:
b9784b6356fbb54c01ac0d0c673b7e54

SHA-1:
0a8dc821bc5e75e1a8ce3143f66dbbad6aed41b4

SHA-256:
25895c753c6398eaf1dbd1098a59bc706ee04eac4d38a9274572bd3a7bd080d3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 11:33:28 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.1.15.11

File size:
63.6 KB (65,120 bytes)

Product version:
1,0,0,0

Copyright:
Copyright Kometa © 2015

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\appdata\local\kometa\startbutton\1.0.0.446\thumbnail.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/6/2015 2:00:00 AM

Valid to:
4/6/2018 1:59:59 AM

Subject:
CN=Kometa LLC, O=Kometa LLC, STREET="kv.93,k.1, 41 Chertanovskaya ul.", L=Moscow, S=Moscow, PostalCode=117519, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
650A6B1174650A2E197862FE54E2519D

File PE Metadata
Compilation timestamp:
1/12/2016 3:28:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
1536:6Sj0Yl2xGVSiZJMqek+JZ6sOkgjMgfCLjri6k:6iZk/4aZ6HdjMqCLa

Entry address:
0x2F20

Entry point:
E8, DA, 1D, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 08, DE, 40, 00, 89, 0D, 04, DE, 40, 00, 89, 15, 00, DE, 40, 00, 89, 1D, FC, DD, 40, 00, 89, 35, F8, DD, 40, 00, 89, 3D, F4, DD, 40, 00, 66, 8C, 15, 20, DE, 40, 00, 66, 8C, 0D, 14, DE, 40, 00, 66, 8C, 1D, F0, DD, 40, 00, 66, 8C, 05, EC, DD, 40, 00, 66, 8C, 25, E8, DD, 40, 00, 66, 8C, 2D, E4, DD, 40, 00, 9C, 8F, 05, 18, DE, 40, 00, 8B, 45, 00, A3, 0C, DE, 40, 00, 8B, 45, 04, A3, 10, DE, 40, 00, 8D, 45, 08, A3, 1C, DE, 40...
 
[+]

Entropy:
6.2367

Code size:
31 KB (31,744 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to rfbo2.r.smailru.net  (94.100.180.76:443)

TCP (HTTP SSL):
Connects to ip159.156.odnoklassniki.ru  (217.20.156.159:443)

TCP (HTTP SSL):
Connects to img-if10-img.mail.ru  (94.100.186.125:443)

TCP (HTTP SSL):
Connects to top-fwz1.mail.ru  (217.69.133.148:443)

TCP (HTTP SSL):
Connects to a184-24-199-203.deploy.static.akamaitechnologies.com  (184.24.199.203:443)

TCP (HTTP SSL):
Connects to bar.love.mail.ru  (193.0.170.53:443)

TCP (HTTP SSL):
Connects to r.mradx.net  (217.69.139.244:443)

TCP (HTTP SSL):
Connects to is-radar07.common.radar.imgsmail.ru  (217.69.141.142:443)

TCP (HTTP SSL):
Connects to filin1.m.smailru.net  (217.69.140.191:443)

TCP (HTTP SSL):
Connects to 195-154-150-162.rev.poneytelecom.eu  (195.154.150.162:443)

TCP (HTTP SSL):
Connects to static.174.95.243.136.clients.your-server.de  (136.243.95.174:443)

TCP (HTTP SSL):
Connects to nova.rambler.ru  (81.19.82.30:443)

TCP (HTTP SSL):
Connects to is-radar02.common.radar.imgsmail.ru  (217.69.141.137:443)

TCP (HTTP SSL):
Connects to front.rchannel.rambler.ru  (81.19.82.19:443)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-frt3.fbcdn.net  (31.13.92.14:443)

TCP (HTTP):
Connects to mamba.ru  (193.0.170.23:80)

TCP (HTTP):
Connects to livejournal.com  (81.19.74.1:80)

TCP (HTTP SSL):
Connects to kraken.rambler.ru  (81.19.89.20:443)

Remove thumbnail.exe - Powered by Reason Core Security