home

meta.exe

The application meta.exe has been detected as a potentially unwanted program by 18 anti-malware scanners.
MD5:
8556ca70245aba9ae063139615a9d50c

SHA-1:
5157f9b7ed27c7cb491e0391270349bba4e8ab6f

SHA-256:
91f6b2e45bb16a808bc83e3b753336aa2ac5eb14a56c150ee35f2a63a5eb6dd8

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 1:12:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.68930
48

AegisLab AV Signature
Adware.W32.Generic!c
2.1.4+

avast!
Win32:Trojan-gen
2014.9-161218

AVG
DealPly
2017.0.2526

Bitdefender
Gen:Variant.Symmi.68930
1.0.20.1765

Emsisoft Anti-Malware
Gen:Variant.Symmi.68930
8.16.12.18.01

ESET NOD32
Win32/DealPly.EO.gen potentially unwanted (variant)
10.14621

Fortinet FortiGate
Adware/DealPly
12/18/2016

F-Secure
Gen:Variant.Symmi.68930
11.2016-18-12_1

G Data
Gen:Variant.Symmi.68930
16.12.25

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Generic
14.0.0.-875

McAfee
Adware-DealPly
5600.6182

MicroWorld eScan
Gen:Variant.Symmi.68930
17.0.0.1059

Panda Antivirus
Trj/GdSda.A
16.12.18.01

Sophos
Generic PUA FB (PUA)
4.98

Trend Micro House Call
TROJ_GEN.R0C1C0OL816
7.2.353

VIPRE Antivirus
Trojan.Win32.Generic
54554

ViRobot
Trojan.Win32.Z.Symmi.595456.C[h]
2014.3.20.0

File size:
581.5 KB (595,456 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\{7a834cdf-5e2b-2067-33b3-058f17dbf917}\meta.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:gn8qn/qWpetnNbMb7ULVmiHqbJxhWiZcqVbq6gcJJ:g8a/YN4sLVVKdxh3Zvmc

Entry address:
0x8069C

Entry point:
55, 8B, EC, 83, C4, F0, B8, BC, 04, 48, 00, E8, 1C, 55, F8, FF, A1, D4, 1F, 48, 00, 8B, 00, E8, A0, BC, FC, FF, 8B, 0D, E0, 1D, 48, 00, A1, D4, 1F, 48, 00, 8B, 00, 8B, 15, F8, D8, 44, 00, E8, A0, BC, FC, FF, A1, D4, 1F, 48, 00, 8B, 00, E8, 14, BD, FC, FF, E8, 3F, 36, F8, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6798

Developed / compiled with:
Microsoft Visual C++

Code size:
510 KB (522,240 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-167-245.gig50.r.cloudfront.net  (52.85.167.245:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.114.251:80)

TCP (HTTP):
Connects to ec2-54-243-162-184.compute-1.amazonaws.com  (54.243.162.184:80)

TCP (HTTP):
Connects to ec2-50-19-111-63.compute-1.amazonaws.com  (50.19.111.63:80)

TCP (HTTP):
Connects to ec2-23-21-71-94.compute-1.amazonaws.com  (23.21.71.94:80)

Remove meta.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.