» SevereWeatherAlertsBrowser.exe
Overview
Analysis
File Details
Programs (1)
Network (48)

SevereWeatherAlertsBrowser.exe

SevereWeatherAlertsBrowser

Weather Notifications LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application SevereWeatherAlertsBrowser.exe by Weather Notifications has been detected as adware by 2 anti-malware scanners. This file is typically installed with the program Severe Weather Alerts by Weather Notifications, LLC which is a potentially unwanted software program. While running, it connects to the Internet address ussj02.proinity.net on port 80 using the HTTP protocol.

File name:

Publisher:

Weather Notifications LLC (signed and verified)

Product:

SevereWeatherAlertsBrowser

Version:

1.0.9.0

MD5:

65c5ac31bc867c0ac16a05002b78b110

SHA-1:

828506ebaef9536376d173022c0198bbfa324d85

SHA-256:

d77797ea67a8ba795f9d98df39d667f50ef457970a0ae20964215c6d1ff60781

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/24/2024 8:04:15 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.WeatherNotifications.AA

14.8.8.1

VIPRE Antivirus

SevereWeatherAlerts

25758

File size:

112.2 KB (114,920 bytes)

Product version:

1.0.9.0

Original file name:

SevereWeatherAlertsBrowser.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\severeweatheralerts\severeweatheralertsbrowser.exe

Digital Signature

Signed by:

Weather Notifications LLC

Authority:

COMODO CA Limited

Valid from:

6/13/2013 8:00:00 PM

Valid to:

6/14/2014 7:59:59 PM

Subject:

CN=Weather Notifications LLC, O=Weather Notifications LLC, STREET=250 Park Ave Ste 504, L=Minneapolis, S=MN, PostalCode=55415, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0D57C9460FE0C441B8FDD693F1AC6CD7

File PE Metadata

Compilation timestamp:

7/8/2013 7:24:45 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:jPHaxvvOlAwhVm/3BjwEZ/K0bHMfk8hjXlg8ojOkQ62PDnrS6zthES:jPaCPm/3BcEYaMfLX6PmPrrtMS

Entry address:

0x1AA9A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.3223

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

99 KB (101,376 bytes)

The file SevereWeatherAlertsBrowser.exe has been discovered within the following programs.

Severe Weather Alerts by Weather Notifications, LLC

Some versions of the Weather Notifications software bundles various potentially unwanted software such as toolbar and web browser extensions using the Tuguu DomalQ download manager.

www.severeweatheralerts.net

87% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to a23-197-98-170.deploy.static.akamaitechnologies.com (23.197.98.170:443)

TCP (HTTP SSL):

Connects to ec2-54-70-154-98.us-west-2.compute.amazonaws.com (54.70.154.98:443)

TCP (HTTP SSL):

Connects to ec2-54-243-102-33.compute-1.amazonaws.com (54.243.102.33:443)

TCP (HTTP SSL):

Connects to ec2-54-148-151-184.us-west-2.compute.amazonaws.com (54.148.151.184:443)

TCP (HTTP SSL):

Connects to ec2-52-40-101-149.us-west-2.compute.amazonaws.com (52.40.101.149:443)

TCP (HTTP SSL):

Connects to ec2-50-18-122-13.us-west-1.compute.amazonaws.com (50.18.122.13:443)

TCP (HTTP SSL):

Connects to ec2-184-169-175-68.us-west-1.compute.amazonaws.com (184.169.175.68:443)

TCP (HTTP SSL):

Connects to b-app04-07.boldchat.com (66.150.108.65:443)

TCP (HTTP SSL):

Connects to a23-197-99-245.deploy.static.akamaitechnologies.com (23.197.99.245:443)

TCP (HTTP):

Connects to a23-197-50-40.deploy.static.akamaitechnologies.com (23.197.50.40:80)

TCP (HTTP):

Connects to a23-197-50-177.deploy.static.akamaitechnologies.com (23.197.50.177:80)

TCP (HTTP SSL):

Connects to 142.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net (104.254.150.37:443)

TCP (HTTP SSL):

Connects to spdc.pbp.vip.gq1.yahoo.com (67.195.33.91:443)

TCP (HTTP):

Connects to ec2-54-244-89-23.us-west-2.compute.amazonaws.com (54.244.89.23:80)

TCP (HTTP SSL):

Connects to 145.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net (104.254.150.58:443)

TCP (HTTP SSL):

Connects to t-sj2.mplxtms.com (64.156.167.65:443)

TCP (HTTP SSL):

Connects to ec2-50-112-247-1.us-west-2.compute.amazonaws.com (50.112.247.1:443)

TCP (HTTP SSL):

Connects to b-app04-05.boldchat.com (66.150.108.91:443)

TCP (HTTP SSL):

Connects to a23-197-96-147.deploy.static.akamaitechnologies.com (23.197.96.147:443)

TCP (HTTP SSL):

Connects to www.networksolutions.com (205.178.187.13:443)

Remove SevereWeatherAlertsBrowser.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.