» weather-it-up_20140422.exe
Overview
Analysis
File Details
Downloads (1)

weather-it-up_20140422.exe

Gknpzbkzavlwqk

Nqcfjupqlgmb

The application weather-it-up_20140422.exe has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d3emsmln8xfj03.cloudfront.net.

File name:

Publisher:

Nqcfjupqlgmb

Product:

Gknpzbkzavlwqk

Description:

Yzcdirlgpxl

Version:

17.5.25.19

MD5:

91e4876961cf989a347958bf77418660

SHA-1:

bae261ce3c9c3f6a90729b597b44cb1a2ef3095e

SHA-256:

a3773b5b3954187b9b5fc1d987d5ba85cf60677faad1737b239756e28ed276af

Scanner detections:

12 / 68

Status:

Adware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/16/2024 7:45:42 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.938121

997

Agnitum Outpost

PUA.Agent

7.1.1

avast!

Other:PUP-gen [PUP]

2014.9-140514

Dr.Web

Trojan.Crossrider.12143

9.0.1.0134

Fortinet FortiGate

Adware/Agent

5/14/2014

F-Secure

Adware.Generic.938121

11.2014-14-05_4

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.3869

McAfee

Artemis!91E4876961CF

5600.7131

MicroWorld eScan

Adware.Generic.938121

15.0.0.402

NANO AntiVirus

Riskware.Win32.Agent.cwulpv

0.28.0.59608

Reason Heuristics

PUP.Downloader.Nqcfjupqlgmb.W

14.5.14.6

Trend Micro House Call

TROJ_GEN.F47V0424

7.2.134

File size:

6.5 MB (6,809,909 bytes)

Bdcnhoemeesnzw

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\weather-it-up_20140422.exe

File PE Metadata

Compilation timestamp:

12/4/2012 2:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:HJVoPe9V8ir8qhrtc7ksrgu/umkvcoTMdhbHo:pxJLhhEJgGuR09HE

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

The file weather-it-up_20140422.exe has been seen being distributed by the following URL.

http://d3emsmln8xfj03.cloudfront.net/bundles/.../weather-it-up_20140422.exe

Remove weather-it-up_20140422.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.