» WeatherEye.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

WeatherEye.exe

WeatherEye

The Weather Network

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WeatherEye’. This is installed with WeatherEye.

File name:

WeatherEye.exe

Publisher:

Pelmorex Media Inc. (signed by The Weather Network)

Product:

WeatherEye

Version:

3.0.0.13

MD5:

ee38d491d51fb79b7ca55500f20cd802

SHA-1:

67eaa83ba64ccfb85de1066a8bb1f5c761bfe5fb

SHA-256:

a5d338df7ee9ba539bbbe99b507b20ccbcdb507a0eb5a78d9e4424c9a0354bc5

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 11:19:11 PM UTC (a few moments ago)

File size:

304.3 KB (311,584 bytes)

Product version:

3.0

Original file name:

WeatherEye.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\theweathernetwork\weathereye\weathereye.exe

Digital Signature

Signed by:

The Weather Network

Authority:

VeriSign, Inc.

Valid from:

8/17/2011 5:00:00 PM

Valid to:

9/20/2014 4:59:59 PM

Subject:

CN=The Weather Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=The Weather Network, S=Ontario, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

28D441F0081B6D7B9F2D9E8CE76AA5A6

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:/pA4naWqhdMyi02AsH+ZBgPkh/GOGctLWBCXu8/iYjj9:/pJrqhdE2sHnkhuORRJj

Entry address:

0x1237B0

Entry point:

60, BE, 00, 60, 4E, 00, 8D, BE, 00, B0, F1, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.8206

Packer / compiler:

UPX 2.90LZMA]

Code size:

248 KB (253,952 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WeatherEye

Command:

C:\users\{user}\appdata\local\theweathernetwork\weathereye\weathereye.exe

The file WeatherEye.exe has been discovered within the following program.

WeatherEye by The Weather Network

Publisher's description - “The WeatherEye is like having our entire Weather Team on your PC. Always. Every minute you get the most up to date local forecasts, warnings, news, maps and more! WeatherEye shows forecasts of up to 5 days by default and 10 days.”

www.theweathernetwork.com/desktop

About 7% of users remove it

Scan WeatherEye.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.