WeatherBug.exe

WeatherBug

WeatherBug

The application WeatherBug.exe by WeatherBug has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WeatherBug’.
Publisher:
WeatherBug  (signed and verified)

Product:
WeatherBug

Version:
1.0.0.0

MD5:
68936a201779104ef24e082151a34550

SHA-1:
ad55ade943a65131e9665f7dc93725f67227e435

SHA-256:
d836ee812d068fd5fff66df66c240c534a2a3628b7ec2c6fcce1a63e983759cb

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/25/2024 2:33:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WeatherBug.K
14.5.6.16

File size:
143.3 KB (146,736 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
WeatherBug.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\earth networks\weatherbug\weatherbug.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/14/2012 5:00:00 PM

Valid to:
6/29/2015 4:59:59 PM

Subject:
CN=WeatherBug, OU=Consumer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WeatherBug, L=Gaithersburg, S=Maryland, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6EC929230A6A4AC487B2FE40F8468FDD

File PE Metadata
Compilation timestamp:
4/1/2014 9:18:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:bMP0wEMimrXOI3bsb5xmMRAVO7ekXIsibsb5xmMRAvO7e6B:bm0wEMJXG7mSJedsYG7mSlei

Entry address:
0x19A8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6124

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
95 KB (97,280 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WeatherBug

Command:
C:\Program Files\earth networks\weatherbug\weatherbug.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-54-239-172-33.atl50.r.cloudfront.net  (54.239.172.33:443)

TCP (HTTP):
Connects to ec2-52-5-56-47.compute-1.amazonaws.com  (52.5.56.47:80)

TCP (HTTP SSL):
Connects to ec2-52-26-176-164.us-west-2.compute.amazonaws.com  (52.26.176.164:443)

TCP (HTTP):
Connects to server-54-239-172-74.atl50.r.cloudfront.net  (54.239.172.74:80)

TCP (HTTP):
Connects to ec2-54-174-157-225.compute-1.amazonaws.com  (54.174.157.225:80)

TCP (HTTP):
Connects to ec2-54-173-212-230.compute-1.amazonaws.com  (54.173.212.230:80)

TCP (HTTP):
Connects to ec2-52-4-239-237.compute-1.amazonaws.com  (52.4.239.237:80)

TCP (HTTP):
Connects to ec2-52-4-126-170.compute-1.amazonaws.com  (52.4.126.170:80)

TCP (HTTP):
Connects to ec2-54-236-176-16.compute-1.amazonaws.com  (54.236.176.16:80)

TCP (HTTP):
Connects to ec2-52-6-56-51.compute-1.amazonaws.com  (52.6.56.51:80)

TCP (HTTP):
Connects to server-54-239-172-198.atl50.r.cloudfront.net  (54.239.172.198:80)

TCP (HTTP):
Connects to server-54-239-172-148.atl50.r.cloudfront.net  (54.239.172.148:80)

TCP (HTTP):
Connects to server-54-230-206-249.atl50.r.cloudfront.net  (54.230.206.249:80)

TCP (HTTP SSL):
Connects to server-54-230-206-120.atl50.r.cloudfront.net  (54.230.206.120:443)

TCP (HTTP):
Connects to server-54-230-206-119.atl50.r.cloudfront.net  (54.230.206.119:80)

TCP (HTTP):
Connects to ec2-54-236-169-21.compute-1.amazonaws.com  (54.236.169.21:80)

TCP (HTTP SSL):
Connects to ec2-54-225-136-51.compute-1.amazonaws.com  (54.225.136.51:443)

TCP (HTTP):
Connects to ec2-52-44-169-55.compute-1.amazonaws.com  (52.44.169.55:80)

TCP (HTTP):
Connects to ec2-52-2-53-238.compute-1.amazonaws.com  (52.2.53.238:80)

TCP (HTTP):
Connects to ec2-52-205-224-206.compute-1.amazonaws.com  (52.205.224.206:80)

Remove WeatherBug.exe - Powered by Reason Core Security