setup.exe

StormWatchSetup.exe

Local Weather LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application setup.exe by Local Weather has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from s.allfreesoft.net.
Publisher:
Local Weather LLC  (signed and verified)

Product:
StormWatchSetup.exe

Version:
1.0.0.9

MD5:
4658cde06d1a95c8b054c78b2212e5de

SHA-1:
2b63f457c85ba182260fe38e7dc2c5deb0de40aa

SHA-256:
e9607b46db3c1609783322f79d945d51ab5357ba5775124764f371ae775ac545

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
12/24/2024 2:20:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.LocalWeather.F
14.8.19.17

Trend Micro House Call
Suspicious_GEN.F47V0818
7.2.231

VIPRE Antivirus
Rocketfuel Installer
32342

File size:
136.5 KB (139,768 bytes)

Product version:
1.0.0.9

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
10/13/2013 8:00:00 PM

Valid to:
10/14/2014 7:59:59 PM

Subject:
CN=Local Weather LLC, O=Local Weather LLC, STREET="250 Park Ave #504", L=Minneapolis, S=MN, PostalCode=55415, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1E363E3CA4E0B46A71B002CFAF51DED1

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:iumhxebkJf+FTXJ3+37XIDrKbmb99K1kYwKl5I+DpCZmdOPXEbyQ2gniXZA8koxJ:iuxkZuTXJ3csD7ikm9pCZKOPGiIA

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
6.7010

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security