weathermini.exe

The Desktop Weather

ShenZhen Enode Techology co,.Ltd

The application weathermini.exe, “The Desktop Weather mini setup” by ShenZhen Enode Techology co,.Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address i0-h0-s3.p0-gig.cdngp.net on port 80 using the HTTP protocol.
Publisher:
ShenZhen Enode Techology co,.Ltd  (signed and verified)

Product:
The Desktop Weather

Description:
The Desktop Weather mini setup

Version:
1.2.0.7

MD5:
52b85518ffbcc6f7287b4c55ba546faa

SHA-1:
c572981c630b0d7f22c525879cefe2a77fc22917

SHA-256:
2002eeb01dce4bad21c3e12381a859a66d778ef5570535754c8e6941123c2376

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/13/2017 9:46:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TheDesktopWeatherService.ShenZhenEnodeTechologycoLtd.Installer.Meta (L)
15.12.1.11

File size:
1022.8 KB (1,047,392 bytes)

Product version:
1.2.0.7

Copyright:
Copyright (C) 2014

Original file name:
The Desktop Weather mini setup

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pc faster\5.1.0.0\weathermini.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/8/2015 4:00:00 PM

Valid to:
2/9/2016 3:59:59 PM

Subject:
CN="ShenZhen Enode Techology co,.Ltd", OU=Security, O="ShenZhen Enode Techology co,.Ltd", L=ShenZhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
33B6F565ED7052F8A3936B7D48C82056

File PE Metadata
Compilation timestamp:
3/11/2015 3:51:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:9Vlp5zJObVKNjCbGVwBQMwUNG67pSX6aq7Upuv6nflh1y3dWONERTA56IJ/58LTr:9Vlp51OpmVwiUv8fs3YOt6IJojg10

Entry address:
0x696D0

Entry point:
E8, 63, 67, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 98, 94, 49, 00, E8, CE, 42, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 44, 83, 4A, 00, 03, 75, 43, 6A, 04, E8, 4D, 69, 00, 00, 59, 83, 65, FC, 00, 56, E8, 75, 69, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 96, 69, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, 39, 68, 00, 00, 59, C3, 56, 6A, 00, FF, 35, AC, 69, 4A, 00, FF, 15, FC, 80, 48, 00, 85, C0, 75, 16, E8, A4, 41, 00...
 
[+]

Entropy:
6.1445

Code size:
538 KB (550,912 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to i0-h0-s1009.p0-mia.cdngp.net  (174.35.36.14:80)

TCP (HTTP):
Connects to i0-h0-s1115.p4-dfw.cdngp.net  (174.35.21.94:80)

TCP (HTTP):
Connects to i0-h0-s1022.p1-iad.cdngp.net  (66.114.52.18:80)

TCP (HTTP):
Connects to i0-h0-s4.p0-gig.cdngp.net  (174.35.87.69:80)

TCP (HTTP):
Connects to i0-h0-s3.p0-gig.cdngp.net  (174.35.87.68:80)

TCP (HTTP):
Connects to i0-h0-s2105.p9-jfk.cdngp.net  (174.35.73.214:80)

TCP (HTTP):
Connects to i0-h0-s1078.p4-dfw.cdngp.net  (174.35.21.165:80)

TCP (HTTP):
Connects to i0-h0-s1053.p4-dfw.cdngp.net  (174.35.21.26:80)

TCP (HTTP):
Connects to i0-h0-s1040.p0-mia.cdngp.net  (174.35.36.73:80)

TCP (HTTP):
Connects to i0-h0-s1010.p1-iad.cdngp.net  (66.114.52.6:80)

TCP (HTTP):
Connects to i0-h0-s1002.p1-iad.cdngp.net  (174.35.27.71:80)

Remove weathermini.exe - Powered by Reason Core Security