home

tmp00000001470f18e6e30d1c1f

Severe Weather Alerts

Weather Notifications LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The file tmp00000001470f18e6e30d1c1f, “SevereWeatherAlerts” by Weather Notifications has been detected as adware by 2 anti-malware scanners.
Publisher:
Weather Notifications, LLC  (signed by Weather Notifications LLC)

Product:
Severe Weather Alerts

Description:
SevereWeatherAlerts

Version:
1.21.0.0

MD5:
ce38799729ae73be911c3eb6c99c184e

SHA-1:
a5fac0b3d7f314f5bf8d4867289419bad9083702

SHA-256:
09e457ecbda236cd80a0e99f6d17c99d82c9443f0a5222fde3e73878d1224587

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/23/2024 4:47:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Weather.WeatherN (M)
16.3.19.7

VIPRE Antivirus
Threat.4793388
29708

File size:
512 KB (524,288 bytes)

Product version:
1.21.0.0

Copyright:
Copyright © 2013. All Rights Reserved.

Original file name:
SevereWeatherAlerts.exe

Language:
Language Neutral

Common path:
C:\windows\temp\tmp00000001470f18e6e30d1c1f

Digital Signature
Signed by:
Weather Notifications LLC

Authority:
COMODO CA Limited

Valid from:
6/14/2013 12:00:00 AM

Valid to:
6/14/2014 11:59:59 PM

Subject:
CN=Weather Notifications LLC, O=Weather Notifications LLC, STREET=250 Park Ave Ste 504, L=Minneapolis, S=MN, PostalCode=55415, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0D57C9460FE0C441B8FDD693F1AC6CD7

File PE Metadata
Compilation timestamp:
7/1/2013 10:09:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:ZwiE8RzzX1IDgX4/t4H5g2b5ESjo0dFF5ZkEf:4kL1/X4/t4H5g2b5ESjogF5ZkEf

Entry address:
0xBECE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8923

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

Remove tmp00000001470f18e6e30d1c1f - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.