StormWatch.exe

StormWatch

Local Weather LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application StormWatch.exe by Local Weather has been detected as adware by 2 anti-malware scanners. This file is typically installed with the program StormWatch by Local Weather LLC which is a potentially unwanted software program. While running, it connects to the Internet address ocsp.comodoca.com on port 80 using the HTTP protocol.
Publisher:
Weather Protector LLC  (signed by Local Weather LLC)

Product:
StormWatch

Version:
1.5.0.0

MD5:
4a733a67a57aabc854435c8537a62a8a

SHA-1:
6ae5b381de73d7c62742cdd0db849c95e88ad5f5

SHA-256:
399aa48073b5cdf3017cddb80121e7d193a631d96625206875aac1f70b5c48f0

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/24/2024 1:45:15 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.LocalWeather.K
14.9.6.16

VIPRE Antivirus
Blinkx/SevereWeatherAlerts
32838

File size:
157.2 KB (160,936 bytes)

Product version:
1.5.0.0

Copyright:
Copyright © 2014. All Rights Reserved.

Trademarks:
StormWatch is a trademark of Weather Protector LLC

Original file name:
StormWatch.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\stormwatch\stormwatch.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
10/13/2013 5:00:00 PM

Valid to:
10/14/2014 4:59:59 PM

Subject:
CN=Local Weather LLC, O=Local Weather LLC, STREET="250 Park Ave #504", L=Minneapolis, S=MN, PostalCode=55415, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1E363E3CA4E0B46A71B002CFAF51DED1

File PE Metadata
Compilation timestamp:
8/21/2014 12:38:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:w5z5GFMSvsqYULBJSz8got+ikvtXXEts80r1d2JqMSTf63Hbqwmel1GFfsIA0YMl:+6RSnFJvtXQshd2JqJyegOts/04hxw

Entry address:
0xC87E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
3.8747

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
42.5 KB (43,520 bytes)

The file StormWatch.exe has been discovered within the following programs.

StormWatch  by Local Weather LLC
StormWatch is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.
84% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a72-246-151-16.deploy.akamaitechnologies.com  (72.246.151.16:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):
Connects to a2-16-100-56.deploy.akamaitechnologies.com  (2.16.100.56:80)

Remove StormWatch.exe - Powered by Reason Core Security