» WeatherEye.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

WeatherEye.exe

WeatherEye

The Weather Network

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WeatherEye’. This is installed with WeatherEye.

File name:

WeatherEye.exe

Publisher:

Pelmorex Media Inc. (signed by The Weather Network)

Product:

WeatherEye

Version:

3.0.0.13

MD5:

f7e9d8de72862c885465d7bb17aee908

SHA-1:

9182db8f6efec580548572e683062becceb012cd

SHA-256:

005827bd9718c11de3b8a7f6d6578968a0dfab4db641bd18bda12d0a9b407a8f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 9:49:09 PM UTC (today)

File size:

301.9 KB (309,104 bytes)

Product version:

3.0

Original file name:

WeatherEye.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\theweathernetwork\weathereye\weathereye.exe

Digital Signature

Signed by:

The Weather Network

Authority:

VeriSign, Inc.

Valid from:

9/2/2008 8:00:00 PM

Valid to:

9/21/2011 7:59:59 PM

Subject:

CN=The Weather Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=The Weather Network, S=Ontario, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4FA584B47CB130E6B25062FB24EEE038

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:xpA4naWqhdMyi02AsH+ZBgPkh/GOGctLWBCXu8/iYjj9Q:xpJrqhdE2sHnkhuORRJjq

Entry address:

0x1237B0

Entry point:

60, BE, 00, 60, 4E, 00, 8D, BE, 00, B0, F1, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.8198 (probably packed)

Code size:

248 KB (253,952 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WeatherEye

Command:

C:\users\{user}\appdata\local\theweathernetwork\weathereye\weathereye.exe

The file WeatherEye.exe has been discovered within the following program.

WeatherEye by The Weather Network

Publisher's description - “The WeatherEye is like having our entire Weather Team on your PC. Always. Every minute you get the most up to date local forecasts, warnings, news, maps and more! WeatherEye shows forecasts of up to 5 days by default and 10 days.”

www.theweathernetwork.com/desktop

About 7% of users remove it

Scan WeatherEye.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.