home

WeatherBug.exe

WeatherBug

WeatherBug

The application WeatherBug.exe by WeatherBug has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WeatherBug’.
Publisher:
WeatherBug  (signed and verified)

Product:
WeatherBug

Version:
1.0.0.0

MD5:
a9b2f73de87da55a2992fb4268111aed

SHA-1:
c48c849a6631df9095bfb5ce9712f693b1e10b6d

SHA-256:
d31161df585a21af6b7e5790740edb97c61fa7651e6c8ac93bd6efb585757ab2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/24/2024 5:27:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Startup.WeatherBug.K
14.3.16.13

File size:
143.3 KB (146,736 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
WeatherBug.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\earth networks\weatherbug\weatherbug.exe

Digital Signature
Signed by:
WeatherBug

Authority:
VeriSign, Inc.

Valid from:
5/14/2012 8:00:00 PM

Valid to:
6/29/2015 7:59:59 PM

Subject:
CN=WeatherBug, OU=Consumer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WeatherBug, L=Gaithersburg, S=Maryland, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6EC929230A6A4AC487B2FE40F8468FDD

File PE Metadata
Compilation timestamp:
11/13/2013 2:08:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:bMP0wEMimrXOI3bsb5xmMRAVO7ekXI6ibsb5xmMRAvO7e8:bm0wEMJXG7mSJed6YG7mSle8

Entry address:
0x19A8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6124

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
95 KB (97,280 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WeatherBug

Command:
C:\Program Files\earth networks\weatherbug\weatherbug.exe \fromrunkey


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-236-159-156.compute-1.amazonaws.com  (54.236.159.156:80)

TCP (HTTP):
Connects to ec2-107-23-73-195.compute-1.amazonaws.com  (107.23.73.195:80)

TCP (HTTP):
Connects to ec2-54-236-91-237.compute-1.amazonaws.com  (54.236.91.237:80)

TCP (HTTP):
Connects to ec2-54-236-185-95.compute-1.amazonaws.com  (54.236.185.95:80)

TCP (HTTP):
Connects to ec2-54-236-185-220.compute-1.amazonaws.com  (54.236.185.220:80)

TCP (HTTP):
Connects to ec2-54-236-162-53.compute-1.amazonaws.com  (54.236.162.53:80)

TCP (HTTP):
Connects to ec2-54-236-180-98.compute-1.amazonaws.com  (54.236.180.98:80)

TCP (HTTP):
Connects to ec2-54-236-177-211.compute-1.amazonaws.com  (54.236.177.211:80)

TCP (HTTP):
Connects to ec2-107-23-113-72.compute-1.amazonaws.com  (107.23.113.72:80)

TCP (HTTP):
Connects to ec2-107-23-110-5.compute-1.amazonaws.com  (107.23.110.5:80)

TCP (HTTP):
Connects to ec2-107-21-25-78.compute-1.amazonaws.com  (107.21.25.78:80)

TCP (HTTP):
Connects to ec2-107-21-10-181.compute-1.amazonaws.com  (107.21.10.181:80)

TCP (HTTP):
Connects to yv-in-f113.1e100.net  (74.125.21.113:80)

TCP (HTTP):
Connects to server-54-240-160-139.iad12.r.cloudfront.net  (54.240.160.139:80)

TCP (HTTP):
Connects to server-54-239-172-73.atl50.r.cloudfront.net  (54.239.172.73:80)

TCP (HTTP):
Connects to server-54-230-206-196.atl50.r.cloudfront.net  (54.230.206.196:80)

TCP (HTTP):
Connects to server-54-230-205-151.atl50.r.cloudfront.net  (54.230.205.151:80)

TCP (HTTP):
Connects to server-54-230-16-254.iad12.r.cloudfront.net  (54.230.16.254:80)

TCP (HTTP):
Connects to oasc18a.247realmedia.com  (208.71.122.19:80)

TCP (HTTP):
Connects to ec2-54-236-85-51.compute-1.amazonaws.com  (54.236.85.51:80)

Remove WeatherBug.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.