home

weatheralerts.exe

Weather Alerts

Local Weather LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application weatheralerts.exe by Local Weather has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from i.desktopweatheralerts00.desktopweatheralerts.com.
Publisher:
Local Weather LLC  (signed and verified)

Product:
Weather Alerts

Description:
Application

Version:
1.4.0.0

MD5:
b7a4dfcdab207aea6795b94417107c87

SHA-1:
7c12922cf3ee826da96a75c11146fe95db2bf5a9

SHA-256:
a823ef14fef15876147932404c9f7db5233bba6e5dfa916f9f435a13d8cdec92

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 11:10:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.LocalWeather.N
14.8.8.1

File size:
235.1 KB (240,736 bytes)

Copyright:
Local Weather LLC © 2014. All Rights Reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\weatheralerts.exe

Digital Signature
Signed by:
Local Weather LLC

Authority:
COMODO CA Limited

Valid from:
10/14/2013 4:00:00 AM

Valid to:
10/15/2014 3:59:59 AM

Subject:
CN=Local Weather LLC, O=Local Weather LLC, STREET="250 Park Ave #504", L=Minneapolis, S=MN, PostalCode=55415, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1E363E3CA4E0B46A71B002CFAF51DED1

File PE Metadata
Compilation timestamp:
12/6/2009 2:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Pe34uZUDjGZipeWYUpnNLizeNdbEN7xByhjCNUO9:cZUWZiIpUpn5iAdEN7vYCiO9

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8346

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file weatheralerts.exe has been seen being distributed by the following URL.

http://i.desktopweatheralerts00.desktopweatheralerts.com/inst/software/.../weatheralerts.exe

Remove weatheralerts.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.