home

stormwatchsetup_dist_1.0.1.10.exe

StormWatch

Local Weather LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application stormwatchsetup_dist_1.0.1.10.exe by Local Weather has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dmrm038s4vkzd.cloudfront.net and multiple other hosts.
Publisher:
Local Weather LLC  (signed and verified)

Product:
StormWatch

Version:
1.0.1.10

MD5:
bd3f0b83ff93cf1ab74c7a3b8b424618

SHA-1:
4d5bcaf7da3328a7d1bd1a0cf7a1bda849aa2827

SHA-256:
284e044594b2315cd5ee53d5febddc77b7150e8c91055da69e31a7bcb46367a2

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/26/2024 8:07:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.LocalWeather.AA
14.9.17.15

VIPRE Antivirus
Blinkx/SevereWeatherAlerts
33096

File size:
397.2 KB (406,712 bytes)

Product version:
1.0.1.10

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\stormwatchsetup_dist_1.0.1.10.exe

Digital Signature
Signed by:
Local Weather LLC

Authority:
COMODO CA Limited

Valid from:
10/13/2013 5:00:00 PM

Valid to:
10/14/2014 4:59:59 PM

Subject:
CN=Local Weather LLC, O=Local Weather LLC, STREET="250 Park Ave #504", L=Minneapolis, S=MN, PostalCode=55415, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1E363E3CA4E0B46A71B002CFAF51DED1

File PE Metadata
Compilation timestamp:
12/5/2009 3:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ySoYH5Jejc3p41TEB4KCQAJFDGm3qpcuF9T8KLNHi34BfZhCVzx:AY7eO8QWtQAOuqpPWKLNHeSi9

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.7411

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file stormwatchsetup_dist_1.0.1.10.exe has been seen being distributed by the following 7 URLs.

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/StromWatch_Keydownload/.../StormWatchSetup_dist_1.0.1.10.exe

http://cdn.download4desktop.com/Installer/.../StormWatchSetup_dist_1.0.1.10.exe

http://cdn.airdlr4.com/downloads/offers/.../StormWatchSetup_dist_1.0.1.10.exe

http://dl1.downserver3.com/Installer/.../StormWatchSetup_dist_1027.exe

http://stormwatchfreeversion.com/StormWatchSetup_dist_1.0.1.10.exe

http://dm930xmxv1gqs.cloudfront.net/bundles/.../StormWatchSetup_dist_1.0.1.10.exe

http://prod-vertidocs.net.s3.amazonaws.com/StormWatchSetup_dist_1.0.1.10.exe

Remove stormwatchsetup_dist_1.0.1.10.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.