» weatheralerts.exe
Overview
Analysis
File Details
Downloads (1)

weatheralerts.exe

Weather Alerts

Local Weather LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application weatheralerts.exe by Local Weather has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from i.desktopweatheralerts00.desktopweatheralerts.com.

File name:

weatheralerts.exe

Publisher:

Local Weather LLC (signed and verified)

Product:

Weather Alerts

Description:

Application

Version:

1.4.0.0

MD5:

fb39a20c5aac7d1ed5b090b738afb2b9

SHA-1:

4e68ba9461bc9af19f801d082bd95b45742be902

SHA-256:

663d918b767667bf9a81ba5dbca914541122872a6f1122f0e7fb1feef9625adb

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

4/26/2024 11:52:51 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Win32.Madanf

8.13.12.21.11

Reason Heuristics

PUP.LocalWeather.N

14.8.8.1

Trend Micro House Call

TROJ_GEN.F47V1202

7.2.355

File size:

234.9 KB (240,544 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\weatheralerts.exe

Digital Signature

Signed by:

Local Weather LLC

Authority:

COMODO CA Limited

Valid from:

10/13/2013 7:00:00 PM

Valid to:

10/14/2014 6:59:59 PM

Subject:

CN=Local Weather LLC, O=Local Weather LLC, STREET="250 Park Ave #504", L=Minneapolis, S=MN, PostalCode=55415, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1E363E3CA4E0B46A71B002CFAF51DED1

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:je34uS31q1UpeWYUpnElmgEJNdbEN7xByhjCNUOl:oSl4UIpUpn3gEDdEN7vYCiOl

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.8342

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file weatheralerts.exe has been seen being distributed by the following URL.

http://i.desktopweatheralerts00.desktopweatheralerts.com/inst/software/.../weatheralerts.exe

Remove weatheralerts.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.