home

thumbnail.exe

Kometa Start Button

Kometa LCC

The application thumbnail.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Kometa LCC

Product:
Kometa Start Button

Version:
1,0,0,0

MD5:
daff9aa38b35f7d239fc0d4f12ed3a4e

SHA-1:
b6d1efdac8b74bdeac9312f9536c1693c152a07c

SHA-256:
456fb01a592dd6729c8212bf654a83183ce5fd0fbed7491f1973c995ba3fc8b2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 9:52:25 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.RuKometa (M)
16.8.9.16

File size:
57 KB (58,368 bytes)

Product version:
1,0,0,0

Copyright:
Copyright Kometa © 2015

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\kometa\startbutton\1.0.0.462\thumbnail.exe

File PE Metadata
Compilation timestamp:
8/5/2016 8:51:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
768:6oj0YlGK0su0GGPdWCVVEi3pkuhMqekuUCnXvlyEDXnnZ6VSOSFu2CJjMgfO:6oj0Yl2xGVSiZJMqek+JZ6sOkgjMgf

Entry address:
0x2F20

Entry point:
E8, DA, 1D, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 08, DE, 40, 00, 89, 0D, 04, DE, 40, 00, 89, 15, 00, DE, 40, 00, 89, 1D, FC, DD, 40, 00, 89, 35, F8, DD, 40, 00, 89, 3D, F4, DD, 40, 00, 66, 8C, 15, 20, DE, 40, 00, 66, 8C, 0D, 14, DE, 40, 00, 66, 8C, 1D, F0, DD, 40, 00, 66, 8C, 05, EC, DD, 40, 00, 66, 8C, 25, E8, DD, 40, 00, 66, 8C, 2D, E4, DD, 40, 00, 9C, 8F, 05, 18, DE, 40, 00, 8B, 45, 00, A3, 0C, DE, 40, 00, 8B, 45, 04, A3, 10, DE, 40, 00, 8D, 45, 08, A3, 1C, DE, 40...
 
[+]

Code size:
31 KB (31,744 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to yandex.ru  (77.88.55.55:443)

TCP (HTTP SSL):
Connects to yabs.yandex.ru  (93.158.134.91:443)

TCP (HTTP SSL):
Connects to www.my.mail.ru  (94.100.180.39:443)

TCP (HTTP SSL):
Connects to static.yandex.net  (178.154.131.217:443)

TCP (HTTP SSL):
Connects to pass.yandex.ru  (213.180.204.51:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.251.119:443)

TCP (HTTP SSL):
Connects to mail.yandex.ru  (87.250.250.125:443)

TCP (HTTP SSL):
Connects to mail.rambler.ru  (81.19.78.83:443)

TCP (HTTP SSL):
Connects to ip5.23.odnoklassniki.ru  (5.61.23.5:443)

TCP (HTTP SSL):
Connects to front.head.rambler.ru  (81.19.82.1:443)

TCP (HTTP SSL):
Connects to mail.ru  (217.69.139.202:443)

TCP (HTTP SSL):
Connects to lenta.ru  (81.19.72.38:443)

TCP (HTTP):
Connects to a23-42-27-27.deploy.static.akamaitechnologies.com  (23.42.27.27:80)

Remove thumbnail.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.