thumbnail.exe

Kometa Launch Panel

Kometa LLC

The application thumbnail.exe by Kometa has been detected as a potentially unwanted program by 12 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. While running, it connects to the Internet address www.ovip.icq.com on port 80 using the HTTP protocol.
Publisher:
Kometa LCC  (signed by Kometa LLC)

Product:
Kometa Launch Panel

Version:
1.0.0.775

MD5:
068a80ebbd48bd7f9b31730e071d6bb7

SHA-1:
fbc529d4c80539282123b8218954b1a24d01b384

SHA-256:
58a2b586018f20aa967e91ce5859ff8fcf1a0eeea205bff184577a9d8272bd81

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/25/2024 2:10:15 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Kometa
2016.0.2941

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Trojan.LoadMoney.681
9.0.1.0302

ESET NOD32
Win32/RuKometa.O potentially unwanted (variant)
9.12476

K7 AntiVirus
Adware
13.212.17671

Norman
ZBot.XOWQ
11.20151029

Reason Heuristics
Win32.Generic.Kometa.Meta
15.10.29.16

Sophos
Kometa Ru (PUA)
4.98

SUPERAntiSpyware
PUP.Kometa/Variant
9540

Vba32 AntiVirus
Signed-Adware.RuKometa
3.12.26.4

Zillya! Antivirus
Adware.BrowseFox.Win32.123110
2.0.0.2478

File size:
63.1 KB (64,608 bytes)

Product version:
1.0.0.775

Copyright:
Copyright Kometa(C) 2015

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\kometa\panel\1.0.0.775\thumbnail.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/6/2015 2:00:00 AM

Valid to:
4/6/2018 1:59:59 AM

Subject:
CN=Kometa LLC, O=Kometa LLC, STREET="kv.93,k.1, 41 Chertanovskaya ul.", L=Moscow, S=Moscow, PostalCode=117519, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
650A6B1174650A2E197862FE54E2519D

File PE Metadata
Compilation timestamp:
10/26/2015 2:58:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:21lYCUiozR0NLkb9rZ66DqKDNn5Ljri1u:2wCXLe9rZ66Dqs5Lwu

Entry address:
0x2D7C

Entry point:
E8, 0E, 1E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, E8, DD, 40, 00, 89, 0D, E4, DD, 40, 00, 89, 15, E0, DD, 40, 00, 89, 1D, DC, DD, 40, 00, 89, 35, D8, DD, 40, 00, 89, 3D, D4, DD, 40, 00, 66, 8C, 15, 00, DE, 40, 00, 66, 8C, 0D, F4, DD, 40, 00, 66, 8C, 1D, D0, DD, 40, 00, 66, 8C, 05, CC, DD, 40, 00, 66, 8C, 25, C8, DD, 40, 00, 66, 8C, 2D, C4, DD, 40, 00, 9C, 8F, 05, F8, DD, 40, 00, 8B, 45, 00, A3, EC, DD, 40, 00, 8B, 45, 04, A3, F0, DD, 40, 00, 8D, 45, 08, A3, FC, DD, 40...
 
[+]

Code size:
30.5 KB (31,232 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 20-209-212-88.host.exepto.ru  (88.212.209.20:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-frt3.fbcdn.net  (31.13.92.14:443)

TCP (HTTP):
Connects to no-rdns.lalabhola.win  (78.142.19.23:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (HTTP SSL):
Connects to api-maps.yandex.ru  (87.250.250.106:443)

TCP (HTTP):
Connects to 94.31.29.54.IPYX-077437-ZYO.above.net  (94.31.29.54:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-arn2.fbcdn.net  (31.13.72.12:80)

TCP (HTTP):
Connects to www.ovip.icq.com  (178.237.20.20:80)

TCP (HTTP):
Connects to ec2-54-164-75-60.compute-1.amazonaws.com  (54.164.75.60:80)

TCP (HTTP SSL):
Connects to ec2-107-21-100-131.compute-1.amazonaws.com  (107.21.100.131:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to 123-125-232-198.static.unitasglobal.net  (198.232.125.123:443)

Remove thumbnail.exe - Powered by Reason Core Security