» a637664b-e92b-453d-bae4-70682cd68c21-5.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

a637664b-e92b-453d-bae4-70682cd68c21-5.exe

Weather It Up

Phoenix Media

The application a637664b-e92b-453d-bae4-70682cd68c21-5.exe, “Weather It Up exe” has been detected as adware by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Weather It Up by Phoenix Media which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Phoenix Media

Product:

Weather It Up

Description:

Weather It Up exe

Version:

1000.1000.1000.1000

MD5:

40beb59b6a1af4035cba812e3e56652f

SHA-1:

b2d18dbc426d29af432401334511f7dfb328e595

SHA-256:

60b6738d5a87907979d7029a7d2e91aec58585977cad14ddc27fe601f1c435bb

Scanner detections:

12 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/16/2024 8:22:45 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Adware.Plush.1

1029

Baidu Antivirus

Adware.Win32.Lyrics

4.0.3.14412

Bitdefender

Gen:Adware.Plush.1

1.0.20.510

Emsisoft Anti-Malware

Gen:Adware.Plush

8.14.04.12.04

ESET NOD32

Win32/Toolbar.CrossRider.AC (variant)

8.9648

F-Secure

Gen:Adware.Plush.1

11.2014-12-04_7

G Data

Gen:Adware.Plush

14.4.24

Malwarebytes

PUP.Optional.Sense.A

v2014.04.12.04

MicroWorld eScan

Gen:Adware.Plush.1

15.0.0.306

Reason Heuristics

PUP.Task.PhoenixMedia.g

14.8.1.0

Trend Micro House Call

TROJ_GEN.R0C1H05CH14

7.2.102

VIPRE Antivirus

Crossrider

27664

File size:

314 KB (321,536 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Weather It Up.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\weather it up\a637664b-e92b-453d-bae4-70682cd68c21-5.exe

File PE Metadata

Compilation timestamp:

4/10/2014 7:02:05 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:6rhW3qfagJbO0PCY9l4AqeEpTB0xd3uXu5:6tW3qPPCAiAqeEpTK

Entry address:

0x27561

Entry point:

E8, 91, 98, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A0, B6, 44, 00, E8, 59, 25, 00, 00, E8, D9, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 24, 98, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, EB, 55, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

233 KB (238,592 bytes)

Scheduled Task

Task name:

a637664b-e92b-453d-bae4-70682cd68c21-5

Trigger:

Logon (Runs on logon)

Action:

a637664b-e92b-453d-bae4-70682cd68c21-5.exe \cioaiv \ikwzao='weather it up' \khtfekxw=49136 \h

The file a637664b-e92b-453d-bae4-70682cd68c21-5.exe has been discovered within the following program.

Weather It Up by Phoenix Media

Displays advertising within the user's web browser on web pages where advertising would not normally appear. may be distribuited through OpenCandy.

82% remove it

Remove a637664b-e92b-453d-bae4-70682cd68c21-5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.