» weather it up-bg.exe
Overview
Analysis
File Details
Programs (1)

weather it up-bg.exe

Weather It Up

Phoenix Media

The application weather it up-bg.exe, “Weather It Up exe” has been detected as adware by 6 anti-malware scanners. This file is typically installed with the program Weather It Up by Phoenix Media which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads.

File name:

Publisher:

Phoenix Media

Product:

Weather It Up

Description:

Weather It Up exe

Version:

1000.1000.1000.1000

MD5:

266b874f654715567887c7eb9eb55fd4

SHA-1:

67a35fa5b5b6d1705b97e886f278cc98a3debe73

SHA-256:

04cf0319a03350738642800246ba614495950512d6133def951794d7503c5f9e

Scanner detections:

6 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/26/2024 6:12:38 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.MulDrop

14.05.03

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.1453

ESET NOD32

Win32/Toolbar.CrossRider.AA (variant)

8.9752

Malwarebytes

PUP.Optional.WeatherItUp.A

v2014.05.03.04

Reason Heuristics

PUP.Crossrider.PhoenixMedia.Q

14.8.1.0

VIPRE Antivirus

Crossrider

28810

File size:

580 KB (593,920 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Weather It Up.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\weather it up\weather it up-bg.exe

File PE Metadata

Compilation timestamp:

4/10/2014 7:03:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:oYfCBSOOZjvxCW6r3rg5x7zxnALfnxcfMSGTB+gLbGVdn:QBlOZjvxCWQAhzZ0mMSGTIgWH

Entry address:

0x51F01

Entry point:

E8, 86, B2, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, AB, 48, 00, E8, 79, 01, 00, 00, E8, 16, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, 19, B2, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, AE, 11, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

452.5 KB (463,360 bytes)

The file weather it up-bg.exe has been discovered within the following program.

Weather It Up by Phoenix Media

Displays advertising within the user's web browser on web pages where advertising would not normally appear. may be distribuited through OpenCandy.

82% remove it

Remove weather it up-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.