home

weatherbugsetup.exe

WeatherBug

The application weatherbugsetup.exe by WeatherBug has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from downloads.earthnetworks.com.s3.amazonaws.com.
Publisher:
WeatherBug  (signed and verified)

MD5:
43ed8c34303cbf64368fe3b3ddfbe55e

SHA-1:
b2ba00159e2fb2b8da042fb028d15e4d0bea47ef

SHA-256:
7627e4040214355f65100bfcaa6c4db8ddf9f3539fd46d5c0f51c97958a99f5a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/9/2024 1:51:46 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.7.8

File size:
2.8 MB (2,968,520 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\weatherbugsetup.exe

Digital Signature
Signed by:
WeatherBug

Authority:
Symantec Corporation

Valid from:
6/15/2015 8:00:00 PM

Valid to:
7/15/2018 7:59:59 PM

Subject:
CN=WeatherBug, O=WeatherBug, L=Germantown, S=Maryland, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
5753B94A4B4F428A574131A68539135D

File PE Metadata
Compilation timestamp:
12/10/2012 7:51:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

Entry address:
0x12C10

Entry point:
4F, 50, E3, A6, 0D, EF, 5E, 86, D7, 12, FC, CB, 16, 72, BC, 74, D4, 7E, A8, 28, 1D, CD, 50, F6, 51, ED, A4, F8, DB, 12, 67, 40, 42, EE, D5, D4, 37, 1B, FF, 35, 8D, F9, 6C, C2, D6, 52, 39, 4C, 76, 9C, B9, 7F, 1C, 56, DF, A6, D2, 83, C2, 35, DE, 2E, 28, 73, DA, 13, 92, 19, F9, CF, 20, DB, 57, 3D, 2A, 8D, 51, 0B, B3, 24, 0C, 4D, 3F, 42, 04, B6, 35, DE, 59, 8E, 46, 74, 74, 78, F6, 67, 30, 6B, 79, 88, 74, 78, 48, 66, 30, 45, 91, B2, DA, D3, F7, 62, 3E, 38, EF, 1A, 23, EC, 88, 86, 64, FE, 13, C9, A4, D2, 40, AC...
 
[+]

Entropy:
7.9480  (probably packed)

Code size:
97 KB (99,328 bytes)

The file weatherbugsetup.exe has been seen being distributed by the following URL.

http://downloads.earthnetworks.com.s3.amazonaws.com/DesktopApp10/Installer/.../WeatherBugSetup.exe

Remove weatherbugsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.