weather it up-bg.exe

Weather It Up

Phoenix Media

The application weather it up-bg.exe, “Weather It Up exe” has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program Weather It Up by Phoenix Media which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads.
Publisher:
Phoenix Media

Product:
Weather It Up

Description:
Weather It Up exe

Version:
1000.1000.1000.1000

MD5:
780154fec7e7d7c4e9a342a95b7bc469

SHA-1:
38baf84266d919bd5d8cc44c3b220805fbf803b7

SHA-256:
0b6d1812ac3aa306f7e2282657ccd7cf1bdd011b29c61da1217f4e2496661ff1

Scanner detections:
5 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
8/1/2014 4:20:28 AM UTC  (three months ago)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.MulDrop
14.04.04

ESET NOD32
Win32/Toolbar.CrossRider.AA (variant)
8.9548

Malwarebytes
PUP.Optional.WeatherItUp.A
v2014.04.04.05

Reason Heuristics
PUP.Crossrider.PhoenixMedia.Q
14.8.1.0

VIPRE Antivirus
Crossrider
27438

File size:
787.5 KB (806,400 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Weather It Up.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\weather it up\weather it up-bg.exe

File PE Metadata
Compilation timestamp:
2/12/2014 5:38:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:INsR0zH1CLlfWcThihaHEKlgtwvnUuUg98MS/dSiKTLkSNl:INsR0xCLZfvkKlPfFmP/AZTwSNl

Entry address:
0x77537

Entry point:
E8, 90, B2, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, E5, 4B, 00, E8, 73, 01, 00, 00, E8, 10, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, 23, B2, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A8, 11, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4299

Code size:
625.5 KB (640,512 bytes)

The file weather it up-bg.exe has been discovered within the following program.

Weather It Up  by Phoenix Media
Displays advertising within the user's web browser on web pages where advertising would not normally appear. may be distribuited through OpenCandy.
82% remove it
 
Powered by Should I Remove It?

There are 5 known versions of weather it up-bg.exe by Phoenix Media.

7 / 68      (Adware)
weather it up-bg.exe  1000.1000.1000.1000  (851c71a563ab43dc828ccc6b20d69750920bcaab)

22 / 68    (Adware)
weather it up-bg.exe  1000.1000.1000.1000  (95fbaf9f5106412d7f9014fed6e5190342ec51db)

6 / 68      (Adware)
weather it up-bg.exe  1000.1000.1000.1000  (67a35fa5b5b6d1705b97e886f278cc98a3debe73)

8 / 68      (Adware)
weather it up-bg.exe  1000.1000.1000.1000  (0d4e47b8b14e623387215a94e4b937cd7b4f82ae)

4 / 68      (Adware)
weather it up-bg.exe  1000.1000.1000.1000  (1db6ad099af5c73459b11d05ac984d3f0b8be1b1)

4 / 68      (Adware)
weather it up-bho.dll  (6fbede4f22aee8e8baaf380d04dbc9c533a56d77)

4 / 68      (Adware)
weather it up-codedownloader.exe  (270296a728391256a2e4866ccc937695acba6df9)

4 / 68      (Adware)
weather it up-enabler.exe  (6497f3e0e950144d4513d1c6f535649afdac9649)

4 / 68      (Adware)
weather it up-firefoxinstaller.exe  (632394da4ebfa4f54e30137f5f38005326ef72f7)

5 / 68      (Adware)
weather it up-updater.exe  (e89d546ba71ccd2868075b36b7c92bcd47997852)

3 / 68      (Adware)
weather it up-buttonutil.exe  (fa350d4d6a036e3e5589dbabb304ed8af5b60dd6)

6 / 68      (Adware)
weather it up-chromeinstaller.exe  (c17f309c70a14b508f5cf3e53d90f5195d0e2d18)

5 / 68      (Adware)
weather it up-buttonutil64.exe  (bfbbb834c3d94fa2eed7bf39e779d5c5db8d9765)

5 / 68      (Adware)
weather it up-bho64.dll  (8b8b4c877e75365fd632ff53cd00ee36f0da7462)

13 / 68    (Adware)
a637664b-e92b-453d-bae4-70682cd68c21-2.exe  (37cc2a74f828a85a6bcf3d8697da86b30eaab7b8)

16 / 68    (Adware)
a637664b-e92b-453d-bae4-70682cd68c21-3.exe  (a66dc8e52152d5fc0bdc3d7b9efaf1d4a447e2e6)

13 / 68    (Adware)
a637664b-e92b-453d-bae4-70682cd68c21-4.exe  (2be979b51d6409c9d4a5e36885d96921f532d1ad)

12 / 68    (Adware)
a637664b-e92b-453d-bae4-70682cd68c21-5.exe  (b2d18dbc426d29af432401334511f7dfb328e595)

22 / 68    (Adware)
37c55077-63d0-4892-ac8c-90bd8624ed1e-2.exe  (e756778a8176e149ba0681e1627c69ac079c3bf4)

6 / 68      (Adware)
37c55077-63d0-4892-ac8c-90bd8624ed1e-3.exe  (3882b8b4a5cf1b9db5af2d5c70a08709a77bd437)

Detection Incidence by Country