StormWatch.exe

StormWatch

Weather Protector LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application StormWatch.exe by Weather Protector has been detected as adware by 2 anti-malware scanners. This file is typically installed with the program StormWatch by Local Weather LLC which is a potentially unwanted software program.
Publisher:
Weather Protector LLC  (signed and verified)

Product:
StormWatch

Version:
2.0.0.0

MD5:
0382488b37ef695ee981a93d5c940f18

SHA-1:
70e92674ffd4e190a994b21a513ef432befbf8fb

SHA-256:
6634d88e3716a78bcb3a97165e3fbc842d3c1369f28c8b1de856d03aa46b76b6

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/24/2024 4:39:15 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.StormWatch.A
v2014.11.26.07

Reason Heuristics
PUP.WeatherProtector.K
14.12.16.12

File size:
159.2 KB (162,992 bytes)

Product version:
2.0.0.0

Copyright:
Copyright © 2014. All Rights Reserved.

Trademarks:
StormWatch is a trademark of Weather Protector LLC

Original file name:
StormWatch.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\stormwatch\stormwatch.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/12/2014 8:00:00 PM

Valid to:
6/13/2015 7:59:59 PM

Subject:
CN=Weather Protector LLC, O=Weather Protector LLC, STREET="101 Colorado St #2309", L=Austin, S=TX, PostalCode=78701, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0F678993FB0EAFD79536EEA5A8B5A02E

File PE Metadata
Compilation timestamp:
11/22/2014 2:03:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:V11ldi8XT59zFuiPqozIiXpEts8Fr9aiqMSX2XHbqwmel1GFfsIA0YMZ8xhNe:liu+ojXpwsaaiqc+gOts/0Ah8

Entry address:
0xD1AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 70, 00, 00, 80, 10, 00, 00, 00, 88, 00, 00, 80, 18, 00, 00, 00, A0, 00...
 
[+]

Entropy:
3.9234

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
44.5 KB (45,568 bytes)

The file StormWatch.exe has been discovered within the following programs.

StormWatch  by Local Weather LLC
StormWatch is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.
84% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a92-122-200-182.deploy.akamaitechnologies.com  (92.122.200.182:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to wifi.free.fr  (212.27.40.236:443)

TCP (HTTP):
Connects to a95-100-96-242.deploy.akamaitechnologies.com  (95.100.96.242:80)

TCP (HTTP):
Connects to a92-123-72-176.deploy.akamaitechnologies.com  (92.123.72.176:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-40-246-157.deploy.static.akamaitechnologies.com  (23.40.246.157:80)

TCP (HTTP):
Connects to a23-214-66-217.deploy.static.akamaitechnologies.com  (23.214.66.217:80)

Remove StormWatch.exe - Powered by Reason Core Security