weather it up-bg.exe

Weather It Up

Phoenix Media

The application weather it up-bg.exe, “Weather It Up exe” has been detected as adware by 8 anti-malware scanners. This file is typically installed with the program Weather It Up by Phoenix Media which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Phoenix Media

Product:
Weather It Up

Description:
Weather It Up exe

Version:
1000.1000.1000.1000

MD5:
8cca77495d85f3d1564a5b0f407f2588

SHA-1:
0d4e47b8b14e623387215a94e4b937cd7b4f82ae

SHA-256:
593ad8880b685880f35337dae511a6acc9f15eda5a78c8a9e4f6de2bb725d8dc

Scanner detections:
8 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/5/2024 2:37:20 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.MulDrop
14.03.16

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14316

ESET NOD32
Win32/Toolbar.CrossRider.AA (variant)
8.9546

herdProtect (fuzzy)
2014.5.2.2

Malwarebytes
PUP.Optional.WeatherItUp.A
v2014.03.16.01

Reason Heuristics
PUP.Crossrider.PhoenixMedia.Q
14.8.1.0

Trend Micro House Call
TROJ_GEN.F47V0310
7.2.122

VIPRE Antivirus
Crossrider
27404

File size:
792 KB (811,008 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Weather It Up.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\weather it up\weather it up-bg.exe

File PE Metadata
Compilation timestamp:
3/10/2014 12:06:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:toV21Yx+G4Yg/0I9Xx5oFBgRMoR8L8YvwIGWScMMScG3qX2KtHeYSPIx5U6iGTri:toV21c+GG8giLJyIceTJHkN

Entry address:
0x77877

Entry point:
E8, 90, B2, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, F4, 4B, 00, E8, 73, 01, 00, 00, E8, 10, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, 23, B2, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A8, 11, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4306

Code size:
626 KB (641,024 bytes)

The file weather it up-bg.exe has been discovered within the following program.

Weather It Up  by Phoenix Media
Displays advertising within the user's web browser on web pages where advertising would not normally appear. may be distribuited through OpenCandy.
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

Remove weather it up-bg.exe - Powered by Reason Core Security