» weatherdisplay.exe
Overview
Analysis
File Details
Behaviors (1)

weatherdisplay.exe

Weather Display

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘weatherdisplay’.

File name:

weatherdisplay.exe

Publisher:

Weather Display (signed and verified)

Product:

Weather Display

Version:

1.0.0.0

MD5:

6d6f0d5144546645deca5aafe971d010

SHA-1:

deaedeb27aac120a508c46ad7e5393ab7320418b

SHA-256:

4c356af1736d3ff49113dad4548424bf3b40467108264c84aa88201140cc8071

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 3:26:39 AM UTC (today)

File size:

47.5 MB (49,840,656 bytes)

Product version:

1.0.0.0

Weather Display Ltd

Trademarks:

Weather Display

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Weather Display

Authority:

COMODO CA Limited

Valid from:

3/10/2015 1:00:00 AM

Valid to:

3/10/2016 12:59:59 AM

Subject:

CN=Weather Display, OU=Weather Display, O=Weather Display, STREET=10 West Coast Road, STREET=RD4, L=Waiuku, S=Franklin, PostalCode=2684, C=NZ

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

679D22F85F94FDAC94756E3531502C66

File PE Metadata

Compilation timestamp:

10/22/2015 6:39:39 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

786432:Wvu1uSe2wGopR+uE9TdDUtikwBXi3FhK1bTGt6aW:Wvu1feE8+9xkwBXi3XQl

Entry address:

0x1F970E8

Entry point:

55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, 2C, BE, 36, 02, E8, C5, B6, 07, FE, 8B, 1D, F4, 35, 3C, 02, 8B, 35, C8, 2B, 3C, 02, 8B, 06, E8, 62, DE, 2B, FE, 8B, 0E, B2, 01, A1, F8, 90, F0, 01, E8, C4, 2D, 2B, FE, 89, 03, 8B, 03, E8, D3, 8F, 2B, FE, 8B, 03, 8B, 10, FF, 92, B4, 00, 00, 00, 8B, 06, BA, 08, 7C, 39, 02, E8, 65, D8, 2B, FE, 8B, 0D, 68, 08, 3C, 02, 8B, 06, 8B, 15, B8, DA, 23, 02, E8, 3A, DE, 2B, FE, 8B, 03, 8B, 80, C0, 03, 00, 00, BA, 34, 7C, 39, 02, E8, B8, 9F, 1B, FE, 8B, 03, 8B, B8, CC, 03, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

31.6 MB (33,123,328 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

weatherdisplay

Command:

C:\wdisplay\weatherdisplay.exe

Scan weatherdisplay.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.