WeatherBug.exe

WeatherBug

WeatherBug

The application WeatherBug.exe by WeatherBug has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WeatherBug’.
Publisher:
WeatherBug  (signed and verified)

Product:
WeatherBug

Version:
1.0.0.0

MD5:
3ace46f9adc754045ebe0a9c1b9005b1

SHA-1:
274a918576baf43f67a6ddcb32cdbc19342a2037

SHA-256:
7360deb8ca8935ae4a3975b347e418b5053e7ea5b933c3eed6718a96f62d94d7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/15/2024 3:48:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WeatherBug.K
14.3.27.17

File size:
143.3 KB (146,736 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
WeatherBug.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\earth networks\weatherbug\weatherbug.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/14/2012 8:00:00 PM

Valid to:
6/29/2015 7:59:59 PM

Subject:
CN=WeatherBug, OU=Consumer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WeatherBug, L=Gaithersburg, S=Maryland, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6EC929230A6A4AC487B2FE40F8468FDD

File PE Metadata
Compilation timestamp:
3/9/2014 9:20:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:QMP0wEMimrXOI3bsb5xmMRAVO7ekXI4ibsb5xmMRAvO7eQ:Qm0wEMJXG7mSJed4YG7mSleQ

Entry address:
0x19A8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6117

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
95 KB (97,280 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WeatherBug

Command:
C:\Program Files\earth networks\weatherbug\weatherbug.exe \fromrunkey


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-236-185-220.compute-1.amazonaws.com  (54.236.185.220:80)

TCP (HTTP):
Connects to ec2-54-236-159-156.compute-1.amazonaws.com  (54.236.159.156:80)

TCP (HTTP):
Connects to server-54-230-204-79.atl50.r.cloudfront.net  (54.230.204.79:80)

TCP (HTTP):
Connects to server-54-230-16-124.iad12.r.cloudfront.net  (54.230.16.124:80)

TCP (HTTP):
Connects to ec2-54-85-49-85.compute-1.amazonaws.com  (54.85.49.85:80)

TCP (HTTP):
Connects to ec2-54-236-91-237.compute-1.amazonaws.com  (54.236.91.237:80)

TCP (HTTP):
Connects to ec2-54-236-177-211.compute-1.amazonaws.com  (54.236.177.211:80)

TCP (HTTP):
Connects to ec2-54-236-176-16.compute-1.amazonaws.com  (54.236.176.16:80)

TCP (HTTP):
Connects to ec2-54-209-177-11.compute-1.amazonaws.com  (54.209.177.11:80)

TCP (HTTP):
Connects to ec2-52-2-53-238.compute-1.amazonaws.com  (52.2.53.238:80)

TCP (HTTP):
Connects to ec2-107-23-73-195.compute-1.amazonaws.com  (107.23.73.195:80)

TCP (HTTP):
Connects to ec2-107-23-25-40.compute-1.amazonaws.com  (107.23.25.40:80)

TCP (HTTP):
Connects to ec2-107-23-186-128.compute-1.amazonaws.com  (107.23.186.128:80)

TCP (HTTP):
Connects to ec2-107-21-25-78.compute-1.amazonaws.com  (107.21.25.78:80)

Remove WeatherBug.exe - Powered by Reason Core Security