stormwatchapp.exe

Weather Protector LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application stormwatchapp.exe by Weather Protector has been detected as adware by 3 anti-malware scanners. This file is typically installed with the program StormWatch by Local Weather LLC which is a potentially unwanted software program. While running, it connects to the Internet address server-54-230-197-181.lhr50.r.cloudfront.net on port 443.
Publisher:
Weather Protector LLC  (signed and verified)

Version:
1.0.1.36

MD5:
163a52b95746396568d1ad6fb94e8344

SHA-1:
fc3a455f0fb2672bc95cb6935c777fc86fd76978

SHA-256:
18ef8ffc77a176736129c4bdb384ef8aa089e3bb9e081915f73c4b46837ace5d

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
9/26/2017 4:49:50 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Verti.K potentially unwanted application
7.0.302.0

Malwarebytes
PUP.Optional.StormWatch.A
v2014.11.27.12

Reason Heuristics
PUP.WeatherProtector.N
14.12.16.12

File size:
1.4 MB (1,465,880 bytes)

Product version:
1.0.1.36

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\stormwatch\stormwatchapp.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/12/2014 8:00:00 PM

Valid to:
6/13/2015 7:59:59 PM

Subject:
CN=Weather Protector LLC, O=Weather Protector LLC, STREET="101 Colorado St #2309", L=Austin, S=TX, PostalCode=78701, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00833BECDB30CAD96C0E0AC4DF14A0329F

File PE Metadata
Compilation timestamp:
11/25/2014 2:47:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:4RWKabEiIM1tj3RKmSeuXZiacQn9v5WcChdY5DzmEeZtpfKk5OAH3hRfDXzzjTDR:vPbJF/ChfIezm/8anD06z

Entry address:
0x4A393

Entry point:
E8, 50, C7, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, E0, 81, 52, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 29, A2, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, A9, C3, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
5.9280

Code size:
896 KB (917,504 bytes)

The file stormwatchapp.exe has been discovered within the following programs.

StormWatch  by Local Weather LLC
StormWatch is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.
84% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-54-192-9-181.lhr3.r.cloudfront.net  (54.192.9.181:443)

TCP (HTTP SSL):
Connects to server-54-192-9-221.lhr3.r.cloudfront.net  (54.192.9.221:443)

TCP (HTTP SSL):
Connects to server-54-192-48-8.jfk5.r.cloudfront.net  (54.192.48.8:443)

TCP (HTTP SSL):
Connects to server-52-84-133-9.atl52.r.cloudfront.net  (52.84.133.9:443)

TCP (HTTP SSL):
Connects to server-54-230-78-26.cdg50.r.cloudfront.net  (54.230.78.26:443)

TCP (HTTP SSL):
Connects to server-52-84-133-95.atl52.r.cloudfront.net  (52.84.133.95:443)

TCP (HTTP SSL):
Connects to server-54-192-9-229.lhr3.r.cloudfront.net  (54.192.9.229:443)

TCP (HTTP SSL):
Connects to server-52-85-89-131.jfk6.r.cloudfront.net  (52.85.89.131:443)

TCP (HTTP SSL):
Connects to server-54-230-78-206.cdg50.r.cloudfront.net  (54.230.78.206:443)

TCP (HTTP SSL):
Connects to server-54-230-7-120.dfw3.r.cloudfront.net  (54.230.7.120:443)

TCP (HTTP SSL):
Connects to server-52-84-26-169.ewr50.r.cloudfront.net  (52.84.26.169:443)

TCP (HTTP SSL):
Connects to server-54-230-202-229.fra50.r.cloudfront.net  (54.230.202.229:443)

TCP (HTTP SSL):
Connects to server-54-230-197-181.lhr50.r.cloudfront.net  (54.230.197.181:443)

TCP (HTTP SSL):
Connects to server-54-230-15-101.ams1.r.cloudfront.net  (54.230.15.101:443)

TCP (HTTP SSL):
Connects to server-54-192-129-128.ams50.r.cloudfront.net  (54.192.129.128:443)

TCP (HTTP SSL):
Connects to server-52-85-107-53.jax1.r.cloudfront.net  (52.85.107.53:443)

TCP (HTTP SSL):
Connects to server-52-84-133-77.atl52.r.cloudfront.net  (52.84.133.77:443)

TCP (HTTP SSL):
Connects to server-52-84-125-55.iad16.r.cloudfront.net  (52.84.125.55:443)

TCP (HTTP SSL):
Connects to ec2-184-72-44-197.us-west-1.compute.amazonaws.com  (184.72.44.197:443)

TCP (HTTP SSL):
Connects to ec2-184-169-144-163.us-west-1.compute.amazonaws.com  (184.169.144.163:443)

Remove stormwatchapp.exe - Powered by Reason Core Security