weatherbugalert.exe

Weatherbug Alert Control Module

WeatherBug

The application weatherbugalert.exe by WeatherBug has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WeatherBugAlert’. This file is typically installed with the program WeatherBug by Earth Networks, Inc..
Publisher:
AWS Convergence Technologies  (signed by WeatherBug)

Product:
Weatherbug Alert Control Module

Version:
1.3.0.1

MD5:
5eef47a4155886a6789d468be4e4b761

SHA-1:
fae9f8cc02a579e712c9ad1fe24c1828c2ecc17d

SHA-256:
d2af362d34fa56bde5397ef471cf0dc2d7d37d98fe7528e4f353ef00d6dac4e2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 12:22:21 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Startup.WeatherBug.P
14.3.16.13

File size:
435.6 KB (446,080 bytes)

Product version:
1.3.0.1

Copyright:
AWS Convergence Tech, 2007 All Rights Reserved

Original file name:
WAT.dll

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\aws\weatherbug alert\weatherbugalert.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/4/2006 8:00:00 PM

Valid to:
6/30/2009 7:59:59 PM

Subject:
CN=WeatherBug, OU=Consumer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WeatherBug, L=Gaithersburg, S=Maryland, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
37BA9A6E807E4CC566D9E69FE45E7EB7

File PE Metadata
Compilation timestamp:
5/23/2007 10:48:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:SxkSxPdIqoKqHy/6T9ZeF9nSGf45/KCB8Tm:E6DeF9nSGW/bBT

Entry address:
0x31B6B

Entry point:
E8, 16, 9B, 00, 00, E9, 16, FE, FF, FF, 6A, 00, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, E8, 8E, 9B, 00, 00, 83, C4, 14, C3, 8B, 44, 24, 04, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 44, 24, 04, D1, F8, 48, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0...
 
[+]

Entropy:
6.2691

Code size:
288 KB (294,912 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WeatherBugAlert

Command:
"C:\Program Files\aws\weatherbug alert\weatherbugalert.exe" \st


The file weatherbugalert.exe has been discovered within the following programs.

WeatherBug  by Earth Networks, Inc.
Publisher's description - “WeatherBug is a leading source of weather information and a top destination for consumers worldwide.”
42% remove it
WeatherBug Alert  by AWS Convergence Technologies
Publisher's description - “WeatherBug manages and operates its own weather network that pin points weather conditions in your neighborhood like no other weather service can! WeatherBug Tracking Stations provide live weather information. Other weather companies' "live" data is often an hour or more old.”
48% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-236-124-249.compute-1.amazonaws.com  (54.236.124.249:80)

TCP (HTTP):
Connects to ec2-107-23-97-203.compute-1.amazonaws.com  (107.23.97.203:80)

TCP (HTTP):
Connects to ec2-107-23-18-28.compute-1.amazonaws.com  (107.23.18.28:80)

Remove weatherbugalert.exe - Powered by Reason Core Security