StormAlerts.exe

StormAlerts

Weather Warnings LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application StormAlerts.exe by Weather Warnings has been detected as adware by 2 anti-malware scanners.
Publisher:
Weather Warnings LLC  (signed and verified)

Product:
StormAlerts

Version:
1.6.0.0

MD5:
9c5e69bfbacafc136f5066a61a0c2e0b

SHA-1:
46be688ef71967389079d34c31ba7e4e2e170b1a

SHA-256:
3ef280c47766ffc5e8c82372d4d8996ae981a79cd4f383c803d8675fc852f2d7

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/23/2024 3:47:22 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3045

Reason Heuristics
PUP.Weather.WeatherWarnings (M)
15.7.18.4

File size:
155.3 KB (159,024 bytes)

Product version:
1.6.0.0

Trademarks:
StormAlerts is a trademark of Weather Warnings LLC

Original file name:
StormAlerts.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\stormalerts\stormalerts.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
5/24/2015 6:00:00 PM

Valid to:
5/24/2016 5:59:59 PM

Subject:
CN=Weather Warnings LLC, O=Weather Warnings LLC, L=Austin, S=Texas, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
079CB9C1FFEB0CA9C428CBBE65D2EEE9

File PE Metadata
Compilation timestamp:
5/25/2015 12:12:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:DuEHhgtrOYB9zIoRWjBYHIEa3omnFuhhCmztr1+Nl3:DuEHhgtrVzIAWjWHVOOh/51+L3

Entry address:
0xB9CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 70, 00, 00, 80, 10, 00, 00, 00, 88, 00, 00, 80, 18, 00, 00, 00, A0, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 06, 00, 02, 00, 00, 00, B8, 00, 00, 80, 03, 00, 00, 00, D0, 00...
 
[+]

Entropy:
3.9280

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
38.5 KB (39,424 bytes)

User Start Menu Item
Name:
StormAlerts.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a104-121-18-254.deploy.static.akamaitechnologies.com  (104.121.18.254:80)

TCP (HTTP):
Connects to nesdis-ssmc.woc.noaa.gov  (140.90.33.11:80)

TCP (HTTP):
Connects to a184-31-87-117.deploy.static.akamaitechnologies.com  (184.31.87.117:80)

TCP (HTTP):

TCP (HTTP):
Connects to wm-in-f95.1e100.net  (64.233.166.95:80)

TCP (HTTP):
Connects to nesdis-woc2.boulder.noaa.gov  (140.172.17.21:80)

TCP (HTTP):
Connects to nesdis-ssmc2.woc.noaa.gov  (140.90.33.21:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-200-157-173.deploy.static.akamaitechnologies.com  (23.200.157.173:80)

TCP (HTTP):
Connects to a23-198-80-103.deploy.static.akamaitechnologies.com  (23.198.80.103:80)

TCP (HTTP):
Connects to a104-90-180-19.deploy.static.akamaitechnologies.com  (104.90.180.19:80)

TCP (HTTP):
Connects to a104-75-82-178.deploy.static.akamaitechnologies.com  (104.75.82.178:80)

TCP (HTTP):
Connects to a104-122-195-9.deploy.static.akamaitechnologies.com  (104.122.195.9:80)

TCP (HTTP):
Connects to 50.3c.37a9.ip4.static.sl-reverse.com  (169.55.60.80:80)

Remove StormAlerts.exe - Powered by Reason Core Security