» weathereye.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (2)

weathereye.exe

The Weather Network

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WeatherEye’. This is installed with multiple programs including The Weather Network and WeatherEye.

File name:

weathereye.exe

Publisher:

Pelmorex Media Inc. (signed by The Weather Network)

Version:

3.0.0.14

MD5:

e8592697d55b515379f781faf199c73a

SHA-1:

338a7f89caaa0af253c7d1fb0bb849ec8efcc6f2

SHA-256:

569d5180458c42c7b9463f4cb69b4fb71997b3900e9efc379a768dbe4302b765

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 10:52:57 AM UTC (today)

File size:

303.6 KB (310,920 bytes)

Product version:

3.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\météomédia\weathereye.exe

Digital Signature

Signed by:

The Weather Network

Authority:

VeriSign, Inc.

Valid from:

8/17/2011 8:00:00 PM

Valid to:

9/20/2014 7:59:59 PM

Subject:

CN=The Weather Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=The Weather Network, S=Ontario, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

28D441F0081B6D7B9F2D9E8CE76AA5A6

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:f38p/LcpLqwy0mDEFuHZIxXm+ZmFrwsM9EA6cN28Zzs/iYjj9+:fsdLc00luHZyXDV3gYsjo

Entry address:

0x123760

Entry point:

60, BE, 00, 60, 4E, 00, 8D, BE, 00, B0, F1, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA]

Code size:

248 KB (253,952 bytes)

Scheduled Task

Task name:

{8EE6D90A-1B80-4230-86C2-D6433A693BA0}

Trigger:

Registration (Runs on registration)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WeatherEye

Command:

C:\users\{user}\appdata\local\météomédia\weathereye.exe

The file weathereye.exe has been discovered within the following programs.

The Weather Network by The Weather Network

Publisher's description - “Hold the power of weather knowledge right in the palm of your hand with The Weather Network App for Android, available on Android phones and tablets. You can access current conditions, short term, long term and hourly forecasts and much more.”

www.theweathernetwork.com

About 1% of users remove it

WeatherEye by The Weather Network

Publisher's description - “The WeatherEye is like having our entire Weather Team on your PC. Always. Every minute you get the most up to date local forecasts, warnings, news, maps and more! WeatherEye shows forecasts of up to 5 days by default and 10 days.”

www.theweathernetwork.com/desktop

About 7% of users remove it

Scan weathereye.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.