home

weather it up-chromeinstaller.exe

Weather It Up

Phoenix Media

The application weather it up-chromeinstaller.exe, “Weather It Up exe” has been detected as adware by 6 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Weather It Up by Phoenix Media which is a potentially unwanted software program. The file utilizes the Crossrider browser extension platform. ChromeInstaller is the component designed to install and manage the extension's Google Chrome integration.
Publisher:
Phoenix Media

Product:
Weather It Up

Description:
Weather It Up exe

Version:
1000.1000.1000.1000

MD5:
ff77aecbfc8195bef96d3c21c50a9c62

SHA-1:
c17f309c70a14b508f5cf3e53d90f5195d0e2d18

SHA-256:
3fb30c9ddf8232ae84047c813e3bbfe64c676ec9d7b9c65633634750586274e1

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install the extension for Gogole Chrome.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/18/2024 7:17:38 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Lyrics
4.0.3.1452

herdProtect (fuzzy)
variant of free ven-chromeinstaller.exe (Adware)
2014.5.2.2

Malwarebytes
PUP.Optional.AddPusHD.A
v2014.03.16.12

Reason Heuristics
PUP.Crossrider.Task.DD
14.8.1.0

Trend Micro House Call
TROJ_GEN.F47V0316
7.2.122

VIPRE Antivirus
Crossrider
27754

File size:
2 MB (2,051,584 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Weather It Up.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\weather it up\weather it up-chromeinstaller.exe

File PE Metadata
Compilation timestamp:
3/10/2014 12:04:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:IibYKzvp4B6PAj3osVuBcx4O+4DGR1pSIkfTiUzn+nPRx:IisK14B6PAj3osVZyOx

Entry address:
0xFFE74

Entry point:
E8, 50, 09, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 83, 0A, 01, 00, 3B, 30, 7C, 07, E8, 7A, 0A, 01, 00, 8B, 30, E8, 6D, 0A, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, A7, 5D, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 30, 30, 56, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, FA, 30, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 30, 30, 56, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 73, EC...
 
[+]

Entropy:
6.8532

Code size:
1.1 MB (1,199,616 bytes)

Scheduled Task
Task name:
Weather It Up-chromeinstaller

Trigger:
Logon (Runs on logon)

Action:
weather it up-chromeinstaller.exe \rawdata=fppcn6ohprfw8tporyi3kaqof9frindqrl4mq1x\x


The file weather it up-chromeinstaller.exe has been discovered within the following program.

Weather It Up  by Phoenix Media
Displays advertising within the user's web browser on web pages where advertising would not normally appear. may be distribuited through OpenCandy.
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/000582/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove weather it up-chromeinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.