stormalertsbrowser.exe

Weather Warnings LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application stormalertsbrowser.exe by Weather Warnings has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-84-64-81.ord51.r.cloudfront.net on port 443.
Publisher:
Weather Warnings LLC  (signed and verified)

Version:
1.0.2.2

MD5:
6b803d2d5550596b5c4f25c946f1da20

SHA-1:
231627ef81591106c99c18309a4f2737d25196dd

SHA-256:
03611f557aa752e08b15545c7f71b43c2c45ea81a0f43cee4185f2db493a6acf

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 4:13:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Weather.WeatherW (M)
16.3.10.2

File size:
549.7 KB (562,872 bytes)

Product version:
1.0.2.2

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\stormalerts\stormalertsbrowser.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
5/24/2015 6:00:00 PM

Valid to:
5/24/2016 5:59:59 PM

Subject:
CN=Weather Warnings LLC, O=Weather Warnings LLC, L=Austin, S=Texas, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
079CB9C1FFEB0CA9C428CBBE65D2EEE9

File PE Metadata
Compilation timestamp:
3/8/2016 11:07:55 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:srOWYuyN2qrGoNvK/D4ve5oeHanG+9PdOmUVhcWt:NWyNdrGD4ve5oGCG+FdOjhc8

Entry address:
0x2CDA1

Entry point:
E8, AE, 06, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 6A, 00, FF, 15, CC, C0, 45, 00, FF, 75, 08, FF, 15, D0, C0, 45, 00, 68, 09, 04, 00, C0, FF, 15, 64, C1, 45, 00, 50, FF, 15, C8, C0, 45, 00, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 0B, D9, 01, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, C0, D7, 47, 00, 89, 0D, BC, D7, 47, 00, 89, 15, B8, D7, 47, 00, 89, 1D, B4, D7, 47, 00, 89, 35, B0, D7, 47, 00, 89, 3D, AC, D7, 47, 00, 66, 8C, 15, D8, D7, 47, 00, 66, 8C, 0D, CC, D7, 47, 00, 66, 8C, 1D, A8...
 
[+]

Entropy:
6.3642

Code size:
362 KB (370,688 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-88-167-61.compute-1.amazonaws.com  (54.88.167.61:80)

TCP (HTTP SSL):
Connects to server-54-230-197-253.lhr50.r.cloudfront.net  (54.230.197.253:443)

TCP (HTTP SSL):
Connects to server-54-230-197-241.lhr50.r.cloudfront.net  (54.230.197.241:443)

TCP (HTTP SSL):
Connects to bligget.com  (162.243.131.155:443)

TCP (HTTP SSL):
Connects to server-54-230-197-188.lhr50.r.cloudfront.net  (54.230.197.188:443)

TCP (HTTP SSL):
Connects to server-54-192-11-167.lhr3.r.cloudfront.net  (54.192.11.167:443)

TCP (HTTP):
Connects to n1.datablocks.net  (199.212.255.136:80)

TCP (HTTP SSL):
Connects to server-52-84-64-81.ord51.r.cloudfront.net  (52.84.64.81:443)

TCP (HTTP):
Connects to n2.datablocks.net  (199.212.255.137:80)

TCP (HTTP):
Connects to 74-115-2-240.anchorfree.com  (74.115.2.240:80)

TCP (HTTP SSL):
Connects to 74-115-2-235.anchorfree.com  (74.115.2.235:443)

TCP (HTTP SSL):
Connects to 74-115-2-210.anchorfree.com  (74.115.2.210:443)

TCP (HTTP):
Connects to 74-115-1-135.anchorfree.com  (74.115.1.135:80)

TCP (HTTP SSL):
Connects to 74-115-0-195.anchorfree.com  (74.115.0.195:443)

TCP (HTTP):
Connects to server-54-192-44-204.fra6.r.cloudfront.net  (54.192.44.204:80)

TCP (HTTP):

TCP (HTTP):
Connects to 74-115-0-211.anchorfree.com  (74.115.0.211:80)

TCP (HTTP):
Connects to solitairematches.online  (67.205.176.123:80)

TCP (HTTP SSL):
Connects to server-54-192-9-251.lhr3.r.cloudfront.net  (54.192.9.251:443)

TCP (HTTP SSL):
Connects to s3-us-west-1.amazonaws.com  (54.231.235.65:443)

Remove stormalertsbrowser.exe - Powered by Reason Core Security