SWAUpdater.exe

Severe Weather Alerts Updater

Weather Notifications LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application SWAUpdater.exe by Weather Notifications has been detected as adware by 2 anti-malware scanners. This file is typically installed with the program Severe Weather Alerts by Weather Notifications, LLC which is a potentially unwanted software program.
Publisher:
Weather Notifications, LLC  (signed by Weather Notifications LLC)

Product:
Severe Weather Alerts Updater

Description:
SWAUpdater

Version:
1.2.0.0

MD5:
b71e1957c2899a44f8dda1891aa8cc66

SHA-1:
80ff57965e534466b38cfc29bb1cccdbd2d7104b

SHA-256:
ce8cc5436bda31440b86e414f29fc13bd7a5bea381ec4f00e0a31e5fbed94cb1

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/23/2024 11:28:14 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WeatherNotifications.K
14.8.8.1

VIPRE Antivirus
SevereWeatherAlerts
25758

File size:
30.2 KB (30,920 bytes)

Product version:
1.2.0.0

Copyright:
Copyright © 2013. All Rights Reserved.

Original file name:
SWAUpdater.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\severeweatheralerts\swaupdater.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/13/2013 8:00:00 PM

Valid to:
6/14/2014 7:59:59 PM

Subject:
CN=Weather Notifications LLC, O=Weather Notifications LLC, STREET=250 Park Ave Ste 504, L=Minneapolis, S=MN, PostalCode=55415, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0D57C9460FE0C441B8FDD693F1AC6CD7

File PE Metadata
Compilation timestamp:
6/25/2013 12:43:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:Jy4u5DBsncruBNPX19ho9PCxMMC187IHy1LV2:JTG1+RfF9ho8xh7oGg

Entry address:
0x401E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
3.8965

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
12 KB (12,288 bytes)

The file SWAUpdater.exe has been discovered within the following program.

Severe Weather Alerts  by Weather Notifications, LLC
Some versions of the Weather Notifications software bundles various potentially unwanted software such as toolbar and web browser extensions using the Tuguu DomalQ download manager.
www.severeweatheralerts.net
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-204-32-67.compute-1.amazonaws.com  (54.204.32.67:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

Remove SWAUpdater.exe - Powered by Reason Core Security