» 37c55077-63d0-4892-ac8c-90bd8624ed1e-3.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

37c55077-63d0-4892-ac8c-90bd8624ed1e-3.exe

Weather It Up

Phoenix Media

This file runs as a background process as part of the Crossrider framework which enables the included web browser extension. The application 37c55077-63d0-4892-ac8c-90bd8624ed1e-3.exe, “Weather It Up exe” has been detected as adware by 6 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Weather It Up by Phoenix Media which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Phoenix Media

Product:

Weather It Up

Description:

Weather It Up exe

Version:

1000.1000.1000.1000

MD5:

33228f598da86af0cab83c67d06af2d3

SHA-1:

3882b8b4a5cf1b9db5af2d5c70a08709a77bd437

Scanner detections:

6 / 68

Status:

Adware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/27/2024 3:57:50 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14516

Bkav FE

W32.CrossRider.Trojan

1.3.0.4959

ESET NOD32

Win32/Toolbar.CrossRider.AD (variant)

8.9727

Malwarebytes

PUP.Optional.WeatherItUp.A

v2014.05.16.06

Reason Heuristics

PUP.Task.PhoenixMedia.g

14.8.1.0

VIPRE Antivirus

Crossrider

28606

File size:

1.8 MB (1,861,120 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Weather It Up.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\weather it up\37c55077-63d0-4892-ac8c-90bd8624ed1e-3.exe

File PE Metadata

Compilation timestamp:

4/17/2014 10:03:04 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:O0Yb0fkXKgl8UXc5kK7zvpSI9TlUzn+nPRx:O0YGk7+UX/

Entry address:

0xDFAD4

Entry point:

E8, 60, 09, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 93, 0A, 01, 00, 3B, 30, 7C, 07, E8, 8A, 0A, 01, 00, 8B, 30, E8, 7D, 0A, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, A7, 5D, 00, 00, 8B, F0, 85, F6, 75, 07, B8, D0, 99, 53, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, FA, 30, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, D0, 99, 53, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 83, EC... 
[+]

Code size:

1021.5 KB (1,046,016 bytes)

Scheduled Task

Task name:

37c55077-63d0-4892-ac8c-90bd8624ed1e-3

Path:

C:\WINXP\Tasks\37c55077-63d0-4892-ac8c-90bd8624ed1e-3.job

Trigger:

Logon (Runs on logon)

Action:

37c55077-63d0-4892-ac8c-90bd8624ed1e-3.exe \gahxtbdlg=dccplyplsjk\+n3yupmmfndxio9ram6kkngdfxi

The file 37c55077-63d0-4892-ac8c-90bd8624ed1e-3.exe has been discovered within the following program.

Weather It Up by Phoenix Media

Displays advertising within the user's web browser on web pages where advertising would not normally appear. may be distribuited through OpenCandy.

82% remove it

Remove 37c55077-63d0-4892-ac8c-90bd8624ed1e-3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.