home

SevereWeatherAlertsApp.exe

SevereWeatherAlertsApp

Weather Notifications LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application SevereWeatherAlertsApp.exe by Weather Notifications has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program Severe Weather Alerts by Weather Notifications, LLC which is a potentially unwanted software program.
Publisher:
Weather Notifications LLC  (signed and verified)

Product:
SevereWeatherAlertsApp

Version:
1.0.9.0

MD5:
5dad6355a4e6272cb3dc132f2618a1d1

SHA-1:
580e74baec15bc6d64438e4435d95b0f8a63e336

SHA-256:
6c876a1878736cdce407e1c82fd8f055d0db0b240a0f1c31d7fca77470aaac89

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
4/19/2024 5:04:34 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt
16753

ESET NOD32
MSIL/Adware.StrongVault (variant)
7.9190

Reason Heuristics
PUP.WeatherNotifications.W
14.8.8.1

Trend Micro House Call
TROJ_GEN.F47V0804
7.2.241

VIPRE Antivirus
SevereWeatherAlerts
24868

File size:
340.2 KB (348,384 bytes)

Product version:
1.0.9.0

Original file name:
SevereWeatherAlertsApp.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\severeweatheralerts\severeweatheralertsapp.exe

Digital Signature
Signed by:
Weather Notifications LLC

Authority:
COMODO CA Limited

Valid from:
6/13/2013 5:00:00 PM

Valid to:
6/14/2014 4:59:59 PM

Subject:
CN=Weather Notifications LLC, O=Weather Notifications LLC, STREET=250 Park Ave Ste 504, L=Minneapolis, S=MN, PostalCode=55415, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0D57C9460FE0C441B8FDD693F1AC6CD7

File PE Metadata
Compilation timestamp:
7/8/2013 4:24:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:fnOkOjKPb5VCblZrpO2NmtYalc1KUdIVZ2Q84Xp4XPmp:fnTOW5VCblZYUKqaFvp4XPmp

Entry address:
0x53AFD

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9230

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
327 KB (334,848 bytes)

The file SevereWeatherAlertsApp.exe has been discovered within the following programs.

Severe Weather Alerts  by Weather Notifications, LLC
Some versions of the Weather Notifications software bundles various potentially unwanted software such as toolbar and web browser extensions using the Tuguu DomalQ download manager.
www.severeweatheralerts.net
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-244-235-164.us-west-2.compute.amazonaws.com  (54.244.235.164:80)

TCP (HTTP):
Connects to server-52-84-141-239.yto50.r.cloudfront.net  (52.84.141.239:80)

TCP (HTTP):
Connects to ec2-54-245-252-128.us-west-2.compute.amazonaws.com  (54.245.252.128:80)

TCP (HTTP):
Connects to server-52-85-173-193.fra6.r.cloudfront.net  (52.85.173.193:80)

TCP (HTTP):
Connects to ec2-54-245-246-1.us-west-2.compute.amazonaws.com  (54.245.246.1:80)

TCP (HTTP):
Connects to server-54-230-191-55.maa3.r.cloudfront.net  (54.230.191.55:80)

TCP (HTTP):
Connects to server-54-230-95-92.fra2.r.cloudfront.net  (54.230.95.92:80)

TCP (HTTP):
Connects to ec2-54-214-40-129.us-west-2.compute.amazonaws.com  (54.214.40.129:80)

TCP (HTTP):
Connects to ec2-54-244-249-173.us-west-2.compute.amazonaws.com  (54.244.249.173:80)

TCP (HTTP):
Connects to server-54-240-186-122.mad50.r.cloudfront.net  (54.240.186.122:80)

TCP (HTTP):
Connects to server-52-84-87-74.yul62.r.cloudfront.net  (52.84.87.74:80)

TCP (HTTP):
Connects to ec2-54-244-95-248.us-west-2.compute.amazonaws.com  (54.244.95.248:80)

TCP (HTTP):
Connects to ec2-54-214-247-241.us-west-2.compute.amazonaws.com  (54.214.247.241:80)

TCP (HTTP):
Connects to akamai-130.120.cache.videotron.ca  (24.200.120.130:80)

TCP (HTTP):
Connects to server-54-240-186-156.mad50.r.cloudfront.net  (54.240.186.156:80)

TCP (HTTP):
Connects to server-54-240-186-105.mad50.r.cloudfront.net  (54.240.186.105:80)

TCP (HTTP):
Connects to server-54-230-206-226.atl50.r.cloudfront.net  (54.230.206.226:80)

TCP (HTTP):
Connects to server-54-230-191-68.maa3.r.cloudfront.net  (54.230.191.68:80)

TCP (HTTP):
Connects to server-54-230-122-71.dfw50.r.cloudfront.net  (54.230.122.71:80)

TCP (HTTP):
Connects to server-52-85-63-60.lhr50.r.cloudfront.net  (52.85.63.60:80)

Remove SevereWeatherAlertsApp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.