» tidyfavoritiesservice.exe
Overview
Analysis
File Details

tidyfavoritiesservice.exe

Dennis Nazarenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application tidyfavoritiesservice.exe by Dennis Nazarenko has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

Dennis Nazarenko (signed and verified)

MD5:

884b8a9272349a607c66bb057a00d6e9

SHA-1:

0ddc59cf1d072e1e2f7d12365ff24c496f4cbc4c

SHA-256:

b379c750310d290be971a555766ede8ff583d59812a52d7e68a29e9b3ff0a7a8

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/17/2024 3:18:31 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.WebPick (M)

16.10.12.11

File size:

470.7 KB (482,040 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\common files\tidy favorites\tidyfavoritiesservice.exe

Digital Signature

Signed by:

Dennis Nazarenko

Authority:

The USERTRUST Network

Valid from:

11/1/2008 5:00:00 PM

Valid to:

11/2/2009 3:59:59 PM

Subject:

CN=Dennis Nazarenko, O=Dennis Nazarenko, POBox=15A, STREET=Jovtneva 7A, L=Vishneve, S=Kievskaya, PostalCode=08132, C=UA

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

009CA1956F3A54A095BA9D02BC02272CFA

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:90ZUFkoSf7hSwPbE5HIS///G8rYvw6CX6+nlfSCDyEifX5Eb+fVkDmQ4lKeu5KoJ:y2FxchSwPb4sEtfIfX5kTDN4y5X

Entry address:

0x64CA8

Entry point:

55, 8B, EC, 83, C4, F0, B8, 30, 4A, 46, 00, E8, 74, 1C, FA, FF, A1, 04, 64, 46, 00, 8B, 00, E8, B0, ED, FE, FF, A1, 04, 64, 46, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, B0, 64, 46, 00, A1, 04, 64, 46, 00, 8B, 00, 8B, 15, 4C, 48, 46, 00, E8, A5, ED, FE, FF, E8, 98, E1, F9, FF, 48, 7D, 0C, A1, 04, 64, 46, 00, 8B, 00, E8, FD, EE, FE, FF, 6A, FF, 6A, FF, E8, F8, 1E, FA, FF, 50, E8, 8A, 20, FA, FF, A1, 04, 64, 46, 00, 8B, 00, E8, F6, ED, FE, FF, E8, 85, F7, F9, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6107

Developed / compiled with:

Microsoft Visual C++

Code size:

399.5 KB (409,088 bytes)

Remove tidyfavoritiesservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.