» weather it up-bho64.dll
Overview
Analysis
File Details
Programs (1)

weather it up-bho64.dll

Weather It Up

Phoenix Media

The module weather it up-bho64.dll, “Weather It Up BHO” has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program Weather It Up by Phoenix Media which is a potentially unwanted software program. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of Phoenix Media addon.

File name:

Publisher:

Phoenix Media

Product:

Weather It Up

Description:

Weather It Up BHO

Version:

1000.1000.1000.1000

MD5:

1a85bbdafaa858bbb1bd95f4b0102285

SHA-1:

8b8b4c877e75365fd632ff53cd00ee36f0da7462

SHA-256:

fe421aac7b5f441e6218129bada1945d11a2d5948411b107e4d238324e1c6c29

Scanner detections:

5 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/25/2024 12:12:20 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win64.Crossrider

4.0.3.1444

ESET NOD32

Win64/Toolbar.Crossrider (variant)

8.9635

Malwarebytes

PUP.Optional.WeatherItUp.A

v2014.04.04.08

Reason Heuristics

PUP.Crossrider.PhoenixMedia.T

14.8.1.0

VIPRE Antivirus

Crossrider

28012

File size:

936 KB (958,464 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Weather It Up.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\weather it up\weather it up-bho64.dll

File PE Metadata

Compilation timestamp:

2/12/2014 5:35:38 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:aFpTgJDBeC55YNFlDtyK3os2TghEE19qrg:aFqeC5gFtIK4LTuh/qrg

Entry address:

0x7712C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 6F, D3, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 00, AF, 06, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.1518

Code size:

623.5 KB (638,464 bytes)

The file weather it up-bho64.dll has been discovered within the following program.

Weather It Up by Phoenix Media

Displays advertising within the user's web browser on web pages where advertising would not normally appear. may be distribuited through OpenCandy.

82% remove it

Remove weather it up-bho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.