» Weather.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Network (83)

Weather.exe

WeatherBug Desktop

AWS Convergence Technologies, Inc.

The application Weather.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Weather’. This file is typically installed with the program WeatherBug by AWS Convergence Technologies. While running, it connects to the Internet address server-52-84-133-18.atl52.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

Weather.exe

Publisher:

AWS Convergence Technologies, Inc.

Product:

WeatherBug Desktop

Version:

6, 8, 0, 8

MD5:

f2596401db33c35e17d7f3fa7f38ef8b

SHA-1:

ef8d5826a2dedb41759dc309aad0b48dcb6d7f14

SHA-256:

c01a6bb2063deffe5fb8c599092065e47d2bf547ef438d576808879c7f9b97a8

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

While not adware or malicious, WeatherBug is typically bundled with various 3rd-party download managers as an offer which might be potentailly unwanted.

Analysis date:

4/26/2024 5:37:10 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Win.Reputation

14.4.2.23

File size:

1.6 MB (1,652,736 bytes)

Product version:

6, 8, 0, 8

Original file name:

Weather.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\aws\weatherbug\weather.exe

File PE Metadata

Compilation timestamp:

4/29/2010 9:35:38 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:w1xyLoBvMUuAC2JHZlp0MSf6G20Iju3rkpfv:wfyYvMUuz0HZHiRojPH

Entry address:

0x5F895

Entry point:

E8, C5, E7, 00, 00, E9, 78, FE, FF, FF, 6A, 10, 68, 58, 6F, 49, 00, E8, A1, 11, 00, 00, 8B, 5D, 08, 85, DB, 75, 0E, FF, 75, 0C, E8, 67, EA, FF, FF, 59, E9, CC, 01, 00, 00, 8B, 75, 0C, 85, F6, 75, 0C, 53, E8, 37, E9, FF, FF, 59, E9, B7, 01, 00, 00, 83, 3D, 2C, 6C, 4A, 00, 03, 0F, 85, 93, 01, 00, 00, 33, FF, 89, 7D, E4, 83, FE, E0, 0F, 87, 8A, 01, 00, 00, 6A, 04, E8, 3C, A4, 00, 00, 59, 89, 7D, FC, 53, E8, B5, C5, 00, 00, 59, 89, 45, E0, 3B, C7, 0F, 84, 9E, 00, 00, 00, 3B, 35, 1C, 6C, 4A, 00, 77, 49, 56, 53... 
[+]

Entropy:

6.1766

Code size:

510.5 KB (522,752 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Weather

Command:

C:\Program Files\aws\weatherbug\weather.exe 1

The file Weather.exe has been discovered within the following programs.

WeatherBug by AWS Convergence Technologies

WeatherBug provides live weather data and maintains a mesoscale network of weather stations and runs in the notification tray and background of Windows. At present, the desktop application of WeatherBug is designated for U.S. ZIP codes only. Non-U.S.

weather.weatherbug.com

59% remove it

WeatherBug Alert by AWS Convergence Technologies

Publisher's description - “WeatherBug manages and operates its own weather network that pin points weather conditions in your neighborhood like no other weather service can! WeatherBug Tracking Stations provide live weather information. Other weather companies' "live" data is often an hour or more old.”

48% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-34-198-227-118.compute-1.amazonaws.com (34.198.227.118:80)

TCP (HTTP):

Connects to ec2-52-72-77-121.compute-1.amazonaws.com (52.72.77.121:80)

TCP (HTTP):

Connects to ec2-52-70-20-216.compute-1.amazonaws.com (52.70.20.216:80)

TCP (HTTP):

Connects to server-52-84-133-18.atl52.r.cloudfront.net (52.84.133.18:80)

TCP (HTTP):

Connects to ec2-54-210-221-54.compute-1.amazonaws.com (54.210.221.54:80)

TCP (HTTP):

Connects to server-54-230-206-176.atl50.r.cloudfront.net (54.230.206.176:80)

TCP (HTTP):

Connects to ec2-52-206-179-97.compute-1.amazonaws.com (52.206.179.97:80)

TCP (HTTP):

Connects to m-prd-umpxl-adcom-mtc-b.evip.aol.com (149.174.28.143:80)

TCP (HTTP):

Connects to ec2-54-164-201-153.compute-1.amazonaws.com (54.164.201.153:80)

TCP (HTTP):

Connects to ec2-52-7-208-27.compute-1.amazonaws.com (52.7.208.27:80)

TCP (HTTP):

Connects to ec2-52-45-68-166.compute-1.amazonaws.com (52.45.68.166:80)

TCP (HTTP):

Connects to ec2-52-205-114-175.compute-1.amazonaws.com (52.205.114.175:80)

TCP (HTTP):

Connects to ec2-52-200-220-16.compute-1.amazonaws.com (52.200.220.16:80)

TCP (HTTP):

Connects to ec2-52-200-149-5.compute-1.amazonaws.com (52.200.149.5:80)

TCP (HTTP):

Connects to a23-60-139-56.deploy.static.akamaitechnologies.com (23.60.139.56:80)

TCP (HTTP):

Connects to a23-41-10-127.deploy.static.akamaitechnologies.com (23.41.10.127:80)

TCP (HTTP SSL):

Connects to a23-222-113-68.deploy.static.akamaitechnologies.com (23.222.113.68:443)

TCP (HTTP SSL):

Connects to a23-213-217-224.deploy.static.akamaitechnologies.com (23.213.217.224:443)

TCP (HTTP):

Connects to a184-50-239-114.deploy.static.akamaitechnologies.com (184.50.239.114:80)

TCP (HTTP):

Connects to 209-150-80-75.static.twtelecom.net (209.150.80.75:80)

Remove Weather.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.