searchus-tb10273.exe

Freshy

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application searchus-tb10273.exe by Freshy has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Tightrope WebInstall installer. It is also typically executed from the user's temporary directory.
Publisher:
TNT2  (signed by Freshy)

Product:
TNT2

Description:
Setup program

Version:
2.0.0.1158

MD5:
2d202906043294db2e5d298d1a2eb809

SHA-1:
477c262e724d09d518267ec548508afb668f1443

SHA-256:
717517db52c4c4783883154aa07bf66e77f3ec6794678f329ef66a75f6a42e11

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 4:31:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Tightrope.Freshy.Bundler (M)
16.3.14.9

File size:
1.2 MB (1,290,080 bytes)

Product version:
2.0.0.1158

Copyright:
All Rights Reserved

Original file name:
ToolbarInst.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tightrope WebInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\4\searchus-tb10273.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/29/2011 5:30:00 AM

Valid to:
7/29/2013 5:29:59 AM

Subject:
CN=Freshy, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Freshy, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3FE2E83B02F14E8E282304CFC46C3524

File PE Metadata
Compilation timestamp:
10/12/2012 2:26:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:g+nFUSi+s0kwrDlEgPJyrzco7tCyhtN9eEc51DYwR6akAh8VMs4BjUis:gi7209DOgPUtCyhnuzXkAeVMs4OH

Entry address:
0x35E8

Entry point:
E8, FD, 67, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, C4, 60, 41, 00, 57, FF, 35, 88, E1, 41, 00, FF, D6, FF, 35, 84, E1, 41, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, 84, 69, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, C0, 68, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Entropy:
7.9571  (probably packed)

Code size:
82 KB (83,968 bytes)

Remove searchus-tb10273.exe - Powered by Reason Core Security