home

Weather.exe

WeatherBug Desktop

AWS Convergence Technologies, Inc.

The application Weather.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Weather’. This file is typically installed with the program WeatherBug by Earth Networks, Inc..
Publisher:
AWS Convergence Technologies, Inc.

Product:
WeatherBug Desktop

Version:
6, 8, 0, 9

MD5:
31c59a396f478f55cb1de0d2ce371b3b

SHA-1:
4902e407fe0698c002b9d828f92387bf4c68d991

SHA-256:
f09aa8b0fd76805405fa90ab70b48849f1d32de141bf3ffe20bfaeaeada61556

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
While not adware or malicious, WeatherBug is typically bundled with various 3rd-party download managers as an offer which might be potentailly unwanted.

Analysis date:
11/22/2024 8:46:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Win.Reputation
14.4.2.23

File size:
1.6 MB (1,653,760 bytes)

Product version:
6, 8, 0, 9

Copyright:
Copyright © 2001-2010

Original file name:
Weather.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\aws\weatherbug\weather.exe

File PE Metadata
Compilation timestamp:
11/19/2012 8:16:25 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:T7IVeLXevtrOzni+lJJxqXSf6G20Iju3rkpfv:TUV7vtrOzn9l/xdRojPH

Entry address:
0x5F905

Entry point:
E8, D5, E7, 00, 00, E9, 78, FE, FF, FF, 6A, 10, 68, 78, 6F, 49, 00, E8, A1, 11, 00, 00, 8B, 5D, 08, 85, DB, 75, 0E, FF, 75, 0C, E8, 67, EA, FF, FF, 59, E9, CC, 01, 00, 00, 8B, 75, 0C, 85, F6, 75, 0C, 53, E8, 37, E9, FF, FF, 59, E9, B7, 01, 00, 00, 83, 3D, 34, 6C, 4A, 00, 03, 0F, 85, 93, 01, 00, 00, 33, FF, 89, 7D, E4, 83, FE, E0, 0F, 87, 8A, 01, 00, 00, 6A, 04, E8, 4C, A4, 00, 00, 59, 89, 7D, FC, 53, E8, C5, C5, 00, 00, 59, 89, 45, E0, 3B, C7, 0F, 84, 9E, 00, 00, 00, 3B, 35, 24, 6C, 4A, 00, 77, 49, 56, 53...
 
[+]

Entropy:
6.1745

Code size:
511 KB (523,264 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Weather

Command:
C:\Program Files\aws\weatherbug\weather.exe 1


The file Weather.exe has been discovered within the following programs.

WeatherBug  by Earth Networks, Inc.
Publisher's description - “WeatherBug is a leading source of weather information and a top destination for consumers worldwide.”
42% remove it
WeatherBug Alert  by AWS Convergence Technologies
Publisher's description - “WeatherBug manages and operates its own weather network that pin points weather conditions in your neighborhood like no other weather service can! WeatherBug Tracking Stations provide live weather information. Other weather companies' "live" data is often an hour or more old.”
48% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-34-198-227-118.compute-1.amazonaws.com  (34.198.227.118:80)

TCP (HTTP):
Connects to ec2-52-70-20-216.compute-1.amazonaws.com  (52.70.20.216:80)

TCP (HTTP):
Connects to ec2-52-200-220-16.compute-1.amazonaws.com  (52.200.220.16:80)

TCP (HTTP):
Connects to ec2-54-210-221-54.compute-1.amazonaws.com  (54.210.221.54:80)

TCP (HTTP):
Connects to ec2-52-72-77-121.compute-1.amazonaws.com  (52.72.77.121:80)

TCP (HTTP):
Connects to presentation-atl1.turn.com  (50.116.194.21:80)

TCP (HTTP SSL):
Connects to a23-36-69-23.deploy.static.akamaitechnologies.com  (23.36.69.23:443)

TCP (HTTP):
Connects to a23-200-39-41.deploy.static.akamaitechnologies.com  (23.200.39.41:80)

TCP (HTTP SSL):
Connects to a104-68-237-214.deploy.static.akamaitechnologies.com  (104.68.237.214:443)

TCP (HTTP SSL):
Connects to 208.185.50.80.IPYX-063360-004-ZYO.zip.zayo.com  (208.185.50.80:443)

TCP (HTTP):
Connects to 208.185.50.20.IPYX-063360-004-ZYO.zip.zayo.com  (208.185.50.20:80)

TCP (HTTP SSL):
Connects to 144.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net  (104.254.150.4:443)

TCP (HTTP):
Connects to server-54-230-7-215.dfw3.r.cloudfront.net  (54.230.7.215:80)

TCP (HTTP):
Connects to server-54-230-7-153.dfw3.r.cloudfront.net  (54.230.7.153:80)

TCP (HTTP):
Connects to server-54-230-7-131.dfw3.r.cloudfront.net  (54.230.7.131:80)

TCP (HTTP):
Connects to server-54-230-122-240.dfw50.r.cloudfront.net  (54.230.122.240:80)

TCP (HTTP):
Connects to server-52-84-133-222.atl52.r.cloudfront.net  (52.84.133.222:80)

TCP (HTTP):
Connects to server-52-84-133-18.atl52.r.cloudfront.net  (52.84.133.18:80)

TCP (HTTP):
Connects to server-52-84-132-57.atl52.r.cloudfront.net  (52.84.132.57:80)

TCP (HTTP SSL):
Connects to pr-west.pbp.vip.gq1.yahoo.com  (67.195.46.12:443)

Remove Weather.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.