kometa.exe

Kometa

Kometa LLC

The application kometa.exe by Kometa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘KometaAutoLaunch_6632489EDE512831E64C7AB45B89EBC1’. This file is typically installed with the program Kometa.
Publisher:
Kometa Authors  (signed by Kometa LLC)

Product:
Kometa

Version:
48.0.2564.82

MD5:
3cb8664129698b28561a0c1fdd3d4409

SHA-1:
45a79d7d4f528791974be14c9823b1101aee7efc

SHA-256:
a82ecb192d27073a5e9ee6a618e7fe9c1882cf8f36bddd90075e7b13ea25abe6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/11/2017 1:03:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.2.9.12

File size:
1 MB (1,082,464 bytes)

Product version:
48.0.2564.82

Copyright:
Copyright 2016 The Kometa Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\kometa\application\kometa.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/6/2015 3:00:00 AM

Valid to:
4/6/2018 2:59:59 AM

Subject:
CN=Kometa LLC, O=Kometa LLC, STREET="kv.93,k.1, 41 Chertanovskaya ul.", L=Moscow, S=Moscow, PostalCode=117519, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
650A6B1174650A2E197862FE54E2519D

File PE Metadata
Compilation timestamp:
1/27/2016 12:53:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:61b6hPd2BY41BwypzcofHK5F5oy8M83vl+fOKIuCneyCi4h77z29xAHepnwHgEZB:61b6hPd0YGcAtBTCiAIqFHgEZle0G38

Entry address:
0x51F4A

Entry point:
E8, 86, BB, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1...
 
[+]

Code size:
456.5 KB (467,456 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
KometaAutoLaunch_6632489EDE512831E64C7AB45B89EBC1

Command:
"C:\users\{user}\appdata\local\kometa\application\kometa.exe" --no-startup-window


The file kometa.exe has been discovered within the following program.

Kometa  by Kometa
36% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-shv-01-frt3.facebook.com  (31.13.92.10:443)

TCP (HTTP SSL):
Connects to a23-36-39-55.deploy.static.akamaitechnologies.com  (23.36.39.55:443)

TCP (HTTP SSL):
Connects to a23-36-39-52.deploy.static.akamaitechnologies.com  (23.36.39.52:443)

TCP (HTTP SSL):
Connects to a23-36-36-74.deploy.static.akamaitechnologies.com  (23.36.36.74:443)

TCP (HTTP SSL):
Connects to 208.185.50.80.IPYX-063360-004-ZYO.zip.zayo.com  (208.185.50.80:443)

TCP (HTTP SSL):
Connects to 89.240.178.107.bc.googleusercontent.com  (107.178.240.89:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (HTTP SSL):
Connects to ec2-23-21-43-36.compute-1.amazonaws.com  (23.21.43.36:443)

TCP (HTTP SSL):
Connects to ec2-52-55-152-195.compute-1.amazonaws.com  (52.55.152.195:443)

TCP (HTTP SSL):
Connects to ox-173-241-242-143.xv.dc.openx.org  (173.241.242.143:443)

TCP (HTTP SSL):
Connects to ec2-52-86-195-127.compute-1.amazonaws.com  (52.86.195.127:443)

TCP (HTTP SSL):
Connects to ec2-54-236-100-208.compute-1.amazonaws.com  (54.236.100.208:443)

TCP (HTTP SSL):
Connects to ec2-54-229-91-221.eu-west-1.compute.amazonaws.com  (54.229.91.221:443)

TCP (HTTP SSL):
Connects to ec2-54-165-192-208.compute-1.amazonaws.com  (54.165.192.208:443)

TCP (HTTP SSL):
Connects to ec2-52-0-133-13.compute-1.amazonaws.com  (52.0.133.13:443)

TCP (HTTP SSL):
Connects to easypersea.com  (66.155.106.151:443)

TCP (HTTP SSL):
Connects to adtech-ssp-ums-adtech-frr-a.evip.aol.com  (195.93.42.12:443)

TCP (HTTP SSL):
Connects to a23-36-36-24.deploy.static.akamaitechnologies.com  (23.36.36.24:443)

TCP (HTTP SSL):
Connects to presentation-atl1.turn.com  (50.116.194.21:443)

Remove kometa.exe - Powered by Reason Core Security