Weather.exe

WeatherBug Desktop

AWS Convergence Technologies, Inc.

The application Weather.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including WeatherBug by AWS Convergence Technologies and WeatherBug Alert by AWS Convergence Technologies.
Publisher:
AWS Convergence Technologies, Inc.

Product:
WeatherBug Desktop

Version:
6, 8, 0, 6

MD5:
701dfda2fe95adf7f42f7ad853e5d0a3

SHA-1:
a4122b605cac030f8fedc8e4eb1b72395c24a3ab

SHA-256:
ca48bee977af75d6aebaa2cbcce41a322a6eecb0339a750b3bb3e7a2a6a944d0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
While not adware or malicious, WeatherBug is typically bundled with various 3rd-party download managers as an offer which might be potentailly unwanted.

Analysis date:
12/25/2024 1:48:36 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Win.Reputation
14.4.2.23

File size:
1.6 MB (1,653,248 bytes)

Product version:
6, 8, 0, 6

Copyright:
Copyright © 2001-2009

Original file name:
Weather.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\aws\weatherbug\weather.exe

File PE Metadata
Compilation timestamp:
11/16/2009 11:34:47 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:GZ7KlvxGEb7Hg7hsNB0j2Sf6G20Iju3rkpfvS:GIltb7Hg7UBoRojPH

Entry address:
0x5F8F5

Entry point:
E8, C7, E7, 00, 00, E9, 78, FE, FF, FF, 6A, 10, 68, 58, 6F, 49, 00, E8, A1, 11, 00, 00, 8B, 5D, 08, 85, DB, 75, 0E, FF, 75, 0C, E8, 67, EA, FF, FF, 59, E9, CC, 01, 00, 00, 8B, 75, 0C, 85, F6, 75, 0C, 53, E8, 37, E9, FF, FF, 59, E9, B7, 01, 00, 00, 83, 3D, 2C, 6C, 4A, 00, 03, 0F, 85, 93, 01, 00, 00, 33, FF, 89, 7D, E4, 83, FE, E0, 0F, 87, 8A, 01, 00, 00, 6A, 04, E8, 3C, A4, 00, 00, 59, 89, 7D, FC, 53, E8, B6, C5, 00, 00, 59, 89, 45, E0, 3B, C7, 0F, 84, 9E, 00, 00, 00, 3B, 35, 1C, 6C, 4A, 00, 77, 49, 56, 53...
 
[+]

Entropy:
6.1765

Code size:
511 KB (523,264 bytes)

The file Weather.exe has been discovered within the following programs.

WeatherBug  by AWS Convergence Technologies
WeatherBug provides live weather data and maintains a mesoscale network of weather stations and runs in the notification tray and background of Windows. At present, the desktop application of WeatherBug is designated for U.S. ZIP codes only. Non-U.S.
weather.weatherbug.com
59% remove it
WeatherBug Alert  by AWS Convergence Technologies
Publisher's description - “WeatherBug manages and operates its own weather network that pin points weather conditions in your neighborhood like no other weather service can! WeatherBug Tracking Stations provide live weather information. Other weather companies' "live" data is often an hour or more old.”
48% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-34-198-227-118.compute-1.amazonaws.com  (34.198.227.118:80)

TCP (HTTP):
Connects to a23-192-204-145.deploy.static.akamaitechnologies.com  (23.192.204.145:80)

TCP (HTTP):
Connects to ec2-52-72-77-121.compute-1.amazonaws.com  (52.72.77.121:80)

TCP (HTTP):
Connects to server-54-230-159-145.sin3.r.cloudfront.net  (54.230.159.145:80)

TCP (HTTP):
Connects to server-54-230-159-217.sin3.r.cloudfront.net  (54.230.159.217:80)

TCP (HTTP):
Connects to server-54-230-159-199.sin3.r.cloudfront.net  (54.230.159.199:80)

TCP (HTTP):
Connects to ec2-52-70-20-216.compute-1.amazonaws.com  (52.70.20.216:80)

TCP (HTTP):
Connects to server-54-230-159-170.sin3.r.cloudfront.net  (54.230.159.170:80)

TCP (HTTP):
Connects to a23-77-236-200.deploy.static.akamaitechnologies.com  (23.77.236.200:80)

TCP (HTTP SSL):
Connects to a23-77-189-132.deploy.static.akamaitechnologies.com  (23.77.189.132:443)

TCP (HTTP SSL):
Connects to server-52-84-4-135.ord54.r.cloudfront.net  (52.84.4.135:443)

TCP (HTTP):
Connects to ec2-54-210-221-54.compute-1.amazonaws.com  (54.210.221.54:80)

TCP (HTTP):
Connects to ec2-52-7-208-27.compute-1.amazonaws.com  (52.7.208.27:80)

TCP (HTTP):
Connects to ec2-52-200-45-254.compute-1.amazonaws.com  (52.200.45.254:80)

TCP (HTTP):
Connects to a45-121-219-211.deploy.akamaitechnologies.com  (45.121.219.211:80)

TCP (HTTP SSL):
Connects to a23-77-185-54.deploy.static.akamaitechnologies.com  (23.77.185.54:443)

TCP (HTTP SSL):
Connects to a23-77-174-98.deploy.static.akamaitechnologies.com  (23.77.174.98:443)

TCP (HTTP):
Connects to a118-215.98-122.deploy.akamaitechnologies.com  (118.215.98.122:80)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.156.25:80)

TCP (HTTP SSL):
Connects to um-21.btrll.com  (162.208.22.39:443)

Remove Weather.exe - Powered by Reason Core Security