» TidyFavorites.exe
Overview
Analysis
File Details
Behaviors (1)

TidyFavorites.exe

Tidy Favorites

Dennis Nazarenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application TidyFavorites.exe by Dennis Nazarenko has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘TidyFavorites’.

File name:

TidyFavorites.exe

Publisher:

OrdinarySoft (signed by Dennis Nazarenko)

Product:

Tidy Favorites

Version:

4.1.0.0

MD5:

d65b2c20bf378a0d234e46012c76d598

SHA-1:

1e6b1b822a0149cee0f8d1c75ac4be1ac765baa1

SHA-256:

eb8950ca2690777462df422e9ae5938768e1368ade4918e212233c76ca984e00

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/17/2024 3:22:36 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.WebPick (M)

16.8.29.18

File size:

5.1 MB (5,335,784 bytes)

Product version:

4.1

Dennis Nazarenko

Trademarks:

Tidy Favorites

Original file name:

TidyFavorites.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\tidy favorites\tidyfavorites.exe

Digital Signature

Signed by:

Dennis Nazarenko

Authority:

The USERTRUST Network

Valid from:

11/2/2008 1:00:00 AM

Valid to:

11/3/2009 12:59:59 AM

Subject:

CN=Dennis Nazarenko, O=Dennis Nazarenko, POBox=15A, STREET=Jovtneva 7A, L=Vishneve, S=Kievskaya, PostalCode=08132, C=UA

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

009CA1956F3A54A095BA9D02BC02272CFA

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:InRbrCdKtBot1q928ax/GrpGDkOEs2FDoNu:It+KtBot1e2j/8G2s2Zp

Entry address:

0x42734C

Entry point:

55, 8B, EC, 83, C4, F0, B8, 44, 63, 82, 00, E8, A0, 0E, BE, FF, 6A, EC, A1, 4C, 82, 84, 00, 8B, 00, 8B, 40, 30, 50, E8, 6E, 1F, BE, FF, 0D, 80, 00, 00, 00, 25, FF, FF, FB, FF, 50, 6A, EC, A1, 4C, 82, 84, 00, 8B, 00, 8B, 40, 30, 50, E8, 21, 22, BE, FF, 6A, 00, A1, 4C, 82, 84, 00, 8B, 00, 8B, 40, 30, 50, E8, 7F, 22, BE, FF, A1, 4C, 82, 84, 00, 8B, 00, C6, 40, 5B, 00, 6A, 00, A1, 4C, 82, 84, 00, 8B, 00, 8B, 40, 30, 50, E8, 62, 22, BE, FF, A1, 4C, 82, 84, 00, 8B, 00, E8, 3A, B3, CA, FF, A1, 4C, 82, 84, 00, 8B... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

4.1 MB (4,351,488 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

TidyFavorites

Command:

"C:\Program Files\tidy favorites\tidyfavorites.exe"

Remove TidyFavorites.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.