home

weather_free.exe

The Free Weather

ShenZhen Enode Techology co,.Ltd

The executable weather_free.exe, “Windows free weather tool” has been detected as malware by 2 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘efkmdbiiwpzu’.
Publisher:
ShenZhen Enode Techology co,.Ltd

Product:
The Free Weather

Description:
Windows free weather tool

Version:
2,0,1,5000028

MD5:
9a38d058b238e4f862303a9de9a19cfa

SHA-1:
35e3492b036621cd314577bbb75d2114f5dca596

SHA-256:
711b3cc2adbcac10e5460f22ffd8408a3e6a3fe3ffbbc0eca44502b8815e9d4c

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
4/1/2025 8:37:03 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Agent.YRB trojan
6.3.12010.0

F-Secure
Variant.Graftor.350450
5.16.24

File size:
387.5 KB (396,800 bytes)

Product version:
2,0,1,5000028

Copyright:
Copyright (C) 2015

Original file name:
weather_free.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\sti\efkmdbiiwpzu\weather_free.exe

File PE Metadata
Compilation timestamp:
3/14/2017 11:15:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x2416C

Entry point:
E8, 6D, 05, 00, 00, E9, 69, FE, FF, FF, 3B, 0D, 64, 1A, 46, 00, F2, 75, 02, F2, C3, F2, E9, FC, 06, 00, 00, FF, 25, A4, 73, 42, 00, 55, 8B, EC, 83, 61, 04, 00, 83, 61, 08, 00, 8B, 45, 08, 89, 41, 04, 8B, C1, C7, 01, A4, 7B, 42, 00, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 98, 48, FF, FF, C7, 06, A4, 7B, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, AC, 7B, 42, 00, C7, 01, A4, 7B, 42, 00, C3, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 65, 48, FF, FF, C7...
 
[+]

Code size:
148.5 KB (152,064 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
efkmdbiiwpzu

Command:
"C:\users\sti\efkmdbiiwpzu\weather_free.exe" thydvujbdahyen


Remove weather_free.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.