home

pricemeter.exe

PriceMeter

The application pricemeter.exe by PriceMeter has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named pricemetertask triggered daily at a specified time.
Publisher:
PriceMeter  (signed and verified)

Product:
PriceMeter

Version:
1.0.6.3

MD5:
d0635b097ff6622c6d1a685ebf50a50a

SHA-1:
21aba3e4cd1caaffd698bf57b1b14f4b5fa85d20

SHA-256:
11dae77b5abe73a9bae0cad8bb46b669f64865143a9bccc47ca1e2b06d6806c0

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/18/2024 3:29:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PriceMeter.Task.K
14.9.30.13

File size:
805.5 KB (824,840 bytes)

Product version:
1.0.6.3

Copyright:
Copyright (C) 2013

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\AppData\pricemeter\pricemeter.exe

Digital Signature
Signed by:
PriceMeter

Subject:
CN=PriceMeter, O=PriceMeter, STREET=63 Rotchild Blvd, L=Tel Aviv, S=Tel Aviv, PostalCode=65785, C=IL

Serial number:
3BC5844507FA9A5E38487A5D679A8EB9

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
12288:Aw070daV8cOK3sDmeKjWHGwiiC777UT1dJZnTxbpCu454en7814QPR:AkailK3mGwiiC7o/KOPR

Entry point:
E8, 49, 9D, 00, 00, E9, 7F, FE, FF, FF, FF, 35, D0, 48, 49, 00, FF, 15, 9C, B1, 47, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 45, 95, 00, 00, 6A, 01, 6A, 00, E8, 36, 16, 00, 00, 83, C4, 0C, E9, 4D, 16, 00, 00, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, D3, A0, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, 62, 51, 00, 00, 59, 85, C0, 74, E6, C9, C3, 6A, 01, 8D, 45, FC, 50, 8D, 4D, F0, C7, 45, FC, CC, F2, 47, 00, E8, D4, 33, 00, 00, 68, 88, 8A, 48, 00, 8D, 45, F0, 50, C7, 45, F0, C4, F2, 47, 00, E8, C3, 45...
 
[+]

Entropy:
6.1511

Scheduled Task
Task name:
pricemetertask

Trigger:
Daily (Runs daily at 23:42:00)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-23-21-218-182.compute-1.amazonaws.com  (23.21.218.182:80)

TCP (HTTP):
Connects to rc2.las.dmtracker.com  (69.64.147.242:80)

TCP (HTTP):
Connects to 85.20.6132.ip4.static.sl-reverse.com  (50.97.32.133:80)

Remove pricemeter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.