DesktopWeatherAlertsApp.exe

DesktopWeatherAlertsApp

Local Weather LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application DesktopWeatherAlertsApp.exe by Local Weather has been detected as adware by 3 anti-malware scanners. This file is typically installed with the program DesktopWeatherAlerts by Local Weather LLC which is a potentially unwanted software program.
Publisher:
Local Weather LLC  (signed and verified)

Product:
DesktopWeatherAlertsApp

Version:
1.0.29.0

MD5:
ade1da046f3e3236154f15f23810245c

SHA-1:
22df0c5225334d3ad807485f5e9dc92ad42db731

SHA-256:
9a4b9c62917c2b37067b4b1b1ef7cadd0aab71c10c3c8f17c7dfaef66be386ed

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/23/2024 2:36:43 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.StrongVault (variant)
8.9476

Qihoo 360 Security
Unnamed.Threat
1.0.0.1015

Reason Heuristics
PUP.Startup.LocalWeather.X
14.8.8.1

File size:
538 KB (550,952 bytes)

Product version:
1.0.29.0

Original file name:
DesktopWeatherAlertsApp.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\desktopweatheralertsapp.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
10/13/2013 7:00:00 PM

Valid to:
10/14/2014 6:59:59 PM

Subject:
CN=Local Weather LLC, O=Local Weather LLC, STREET="250 Park Ave #504", L=Minneapolis, S=MN, PostalCode=55415, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1E363E3CA4E0B46A71B002CFAF51DED1

File PE Metadata
Compilation timestamp:
2/25/2014 3:00:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:BqIDP8+FwOxYvG/dozothUHoNXnWSCnYXT:BVD0+ldozothscRCnYXT

Entry address:
0x6BBBB

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, E2, AB, 01, 80, 10, 00, 00, 00, 78, AC, 01, 80, 18, 00, 00, 00, BC, AF, 01, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.2520

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
423 KB (433,152 bytes)

User Start Menu Item
Name:
desktopweatheralertsapp.exe


The file DesktopWeatherAlertsApp.exe has been discovered within the following program.

DesktopWeatherAlerts  by Local Weather LLC
The Weather Alerts app is a bundler that is installed with potentially unwanted software. It integrates with the user's web browser and displays advertisements.
www.desktopweatheralerts.com
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-244-226-131.us-west-2.compute.amazonaws.com  (54.244.226.131:80)

TCP (HTTP):
Connects to ec2-54-244-95-248.us-west-2.compute.amazonaws.com  (54.244.95.248:80)

TCP (HTTP):
Connects to ec2-54-214-247-241.us-west-2.compute.amazonaws.com  (54.214.247.241:80)

TCP (HTTP):
Connects to server-54-192-130-87.ams50.r.cloudfront.net  (54.192.130.87:80)

TCP (HTTP):
Connects to ec2-54-245-252-128.us-west-2.compute.amazonaws.com  (54.245.252.128:80)

TCP (HTTP):
Connects to server-52-84-22-34.sea32.r.cloudfront.net  (52.84.22.34:80)

TCP (HTTP):
Connects to ec2-54-244-235-164.us-west-2.compute.amazonaws.com  (54.244.235.164:80)

TCP (HTTP):
Connects to ec2-54-244-249-173.us-west-2.compute.amazonaws.com  (54.244.249.173:80)

TCP (HTTP):
Connects to ec2-54-214-40-129.us-west-2.compute.amazonaws.com  (54.214.40.129:80)

TCP (HTTP):
Connects to server-54-192-130-110.ams50.r.cloudfront.net  (54.192.130.110:80)

TCP (HTTP):
Connects to server-54-192-130-221.ams50.r.cloudfront.net  (54.192.130.221:80)

TCP (HTTP):
Connects to server-52-85-173-149.fra6.r.cloudfront.net  (52.85.173.149:80)

TCP (HTTP):
Connects to server-52-85-63-89.lhr50.r.cloudfront.net  (52.85.63.89:80)

TCP (HTTP):
Connects to server-52-85-63-142.lhr50.r.cloudfront.net  (52.85.63.142:80)

TCP (HTTP):
Connects to server-52-84-63-45.ord51.r.cloudfront.net  (52.84.63.45:80)

TCP (HTTP):
Connects to server-52-84-174-99.gru50.r.cloudfront.net  (52.84.174.99:80)

TCP (HTTP):
Connects to server-54-240-186-36.mad50.r.cloudfront.net  (54.240.186.36:80)

TCP (HTTP):
Connects to server-54-192-55-46.jfk6.r.cloudfront.net  (54.192.55.46:80)

TCP (HTTP):
Connects to server-54-192-36-173.jfk1.r.cloudfront.net  (54.192.36.173:80)

TCP (HTTP):
Connects to server-54-192-203-37.fra50.r.cloudfront.net  (54.192.203.37:80)

Remove DesktopWeatherAlertsApp.exe - Powered by Reason Core Security