home

freshytoolbar.exe

TNT2

Freshy

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application freshytoolbar.exe by Freshy has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. It is also typically executed from the user's temporary directory.
Publisher:
Freshy.com  (signed by Freshy)

Product:
TNT2

Description:
Setup program

Version:
2.0.0.1976

MD5:
2ff2248cd2d983c3b6005f31295dfecd

SHA-1:
6215cb2902cf81193114f8de5c80f409a4373657

SHA-256:
cd7a61457369b749079cfb2ae35c34ad0be1a183c0603663cf61618090b687e1

Scanner detections:
20 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
2/24/2025 8:59:46 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/FindWide.Gen
8.3.1.6

avast!
Win32:Malware-gen
2014.9-150806

AVG
Generic
2016.0.3026

Baidu Antivirus
Adware.Win32.Toolbar
4.0.3.1586

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Toolbar.602
9.0.1.0218

ESET NOD32
Win32/Toolbar.TNT2.F potentially unwanted
9.11102

Fortinet FortiGate
Riskware/Agent
8/6/2015

IKARUS anti.virus
PUA.TNT2
t3scan.1.8.6.0

K7 AntiVirus
Riskware
13.206.16567

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
14.0.0.1624

McAfee
Artemis!2FF2248CD2D9
5600.6682

Panda Antivirus
PUP/TNT2Toolbar
15.08.06.06

Qihoo 360 Security
Win32/Virus.WebToolbar.d46
1.0.0.1015

Reason Heuristics
PUP.Tightrope.Freshy.Bundler (M)
15.8.6.6

Sophos
Generic PUA DP
4.98

Trend Micro House Call
Suspicious_GEN.F47V0106
7.2.218

Trend Micro
TROJ_GEN.R00GC0ODR15
10.465.06

VIPRE Antivirus
Trojan.Win32.Generic
42020

Zillya! Antivirus
Adware.Agent.Win32.55548
2.0.0.2163

File size:
1.4 MB (1,495,808 bytes)

Product version:
2.0.0.1976

Copyright:
© Freshy.com All Rights Reserved

Original file name:
ToolbarInst.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tightrope WebInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\81\freshytoolbar.exe

Digital Signature
Signed by:
Freshy

Authority:
VeriSign, Inc.

Valid from:
3/19/2013 8:00:00 PM

Valid to:
6/28/2016 7:59:59 PM

Subject:
CN=Freshy, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Freshy, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3FE613DB866C04EE49FDF0645F3F9391

File PE Metadata
Compilation timestamp:
4/8/2015 1:41:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:0qY17p4DB5AE2yGfJy0m2STM12apTDkn7s8G/dKES8NmWE47VOn1msD:syBikGBbm2STMUapUulKEVNwH0sD

Entry address:
0x529D

Entry point:
E8, 40, 69, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, DF, 41, 00, E8, FD, 12, 00, 00, E8, 6C, 18, 00, 00, 0F, B7, F0, 6A, 02, E8, D3, 68, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 24, 33, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9353  (probably packed)

Code size:
93.5 KB (95,744 bytes)

Remove freshytoolbar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.