home

WeatherBug.exe

WeatherBug

WeatherBug

The application WeatherBug.exe by WeatherBug has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WeatherBug’.
Publisher:
WeatherBug  (signed and verified)

Product:
WeatherBug

Version:
1.0.0.0

MD5:
10a8342ec63837857c53fa60df946ed0

SHA-1:
7c821be1fa9e39834b2bab3a0452482fcc9f7e71

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 2:50:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WeatherB (M)
16.5.19.17

File size:
105.9 KB (108,456 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
WeatherBug.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\earth networks\weatherbug\weatherbug.exe

Digital Signature
Signed by:
WeatherBug

Authority:
Symantec Corporation

Valid from:
6/16/2015 3:00:00 AM

Valid to:
7/16/2018 2:59:59 AM

Subject:
CN=WeatherBug, O=WeatherBug, L=Germantown, S=Maryland, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
5753B94A4B4F428A574131A68539135D

File PE Metadata
Compilation timestamp:
5/5/2016 6:39:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:8MP0wEMimrXOI3bsb5xmMRAVO7ekXIxSWEV:8m0wEMJXG7mSJedxSWEV

Entry address:
0x19A8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0407

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
95 KB (97,280 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WeatherBug

Command:
C:\Program Files\earth networks\weatherbug\weatherbug.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-70-57-194.compute-1.amazonaws.com  (52.70.57.194:80)

TCP (HTTP):
Connects to f3.ff.a86c.ip4.static.sl-reverse.com  (108.168.255.243:80)

TCP (HTTP):
Connects to ec2-52-3-190-48.compute-1.amazonaws.com  (52.3.190.48:80)

TCP (HTTP):
Connects to ec2-52-19-228-209.eu-west-1.compute.amazonaws.com  (52.19.228.209:80)

TCP (HTTP SSL):
Connects to server-52-85-83-249.lax1.r.cloudfront.net  (52.85.83.249:443)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (52.216.82.139:80)

TCP (HTTP SSL):
Connects to ec2-54-247-105-135.eu-west-1.compute.amazonaws.com  (54.247.105.135:443)

TCP (HTTP):
Connects to ec2-54-175-95-160.compute-1.amazonaws.com  (54.175.95.160:80)

TCP (HTTP):
Connects to ec2-52-210-15-176.eu-west-1.compute.amazonaws.com  (52.210.15.176:80)

TCP (HTTP):
Connects to cache.google.com  (80.97.208.105:80)

TCP (HTTP):
Connects to a23-9-6-248.deploy.static.akamaitechnologies.com  (23.9.6.248:80)

TCP (HTTP):
Connects to a23-63-149-235.deploy.static.akamaitechnologies.com  (23.63.149.235:80)

TCP (HTTP):
Connects to a184-87-194-171.deploy.static.akamaitechnologies.com  (184.87.194.171:80)

TCP (HTTP):
Connects to a184-87-194-168.deploy.static.akamaitechnologies.com  (184.87.194.168:80)

TCP (HTTP):
Connects to a95-101-72-65.deploy.akamaitechnologies.com  (95.101.72.65:80)

TCP (HTTP):
Connects to s-prd-umpxl-adcom-scd-a.evip.aol.com  (152.163.13.4:80)

TCP (HTTP SSL):
Connects to server-54-230-197-95.lhr50.r.cloudfront.net  (54.230.197.95:443)

TCP (HTTP):
Connects to server-54-230-197-66.lhr50.r.cloudfront.net  (54.230.197.66:80)

TCP (HTTP):
Connects to server-54-230-197-203.lhr50.r.cloudfront.net  (54.230.197.203:80)

TCP (HTTP):
Connects to server-54-192-139-80.lax1.r.cloudfront.net  (54.192.139.80:80)

Remove WeatherBug.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.