home

SAUpdater.exe

SAUpdater

Weather Warnings LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application SAUpdater.exe by Weather Warnings has been detected as adware by 2 anti-malware scanners.
Publisher:
Weather Warnings LLC  (signed and verified)

Product:
SAUpdater

Version:
1.6.0.0

MD5:
dba604a4e7aa04e057ad6ff51921c002

SHA-1:
af16f9432b1f22df1c11defbca03c733c75e506e

SHA-256:
1df4a185e627f431575f19a48f793b2f4a7f9c812a2d3122a3a7b57ace6c0767

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/23/2024 4:02:04 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3032

Reason Heuristics
PUP.Weather.WeatherWarnings (M)
15.7.30.23

File size:
125.8 KB (128,816 bytes)

Product version:
1.6.0.0

Copyright:
Copyright © 2014 Weather Warnings LLC. All Rights Reserved.

Trademarks:
StormAlerts is a trademark of Weather Warnings LLC

Original file name:
SAUpdater.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\stormalerts\saupdater.exe

Digital Signature
Signed by:
Weather Warnings LLC

Authority:
thawte, Inc.

Valid from:
5/25/2015 1:00:00 AM

Valid to:
5/25/2016 12:59:59 AM

Subject:
CN=Weather Warnings LLC, O=Weather Warnings LLC, L=Austin, S=Texas, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
079CB9C1FFEB0CA9C428CBBE65D2EEE9

File PE Metadata
Compilation timestamp:
5/25/2015 7:12:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:D/D0M49GHTTEitJpomnFHQh37hlWENCmzHNr1+9RwlG:L4M49IEa3omnFuhhCmztr1+IlG

Entry address:
0x42DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
3.3443

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
9 KB (9,216 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-50-17-241-28.compute-1.amazonaws.com  (50.17.241.28:80)

TCP (HTTP):
Connects to a23-61-187-27.deploy.static.akamaitechnologies.com  (23.61.187.27:80)

TCP (HTTP):
Connects to a23-55-155-27.deploy.static.akamaitechnologies.com  (23.55.155.27:80)

Remove SAUpdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.