tidynetwork.exe

Tidy Network

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application tidynetwork.exe by Tidy Network has been detected as adware by 7 anti-malware scanners. This file is typically installed with the program TidyNetwork by TidyNetwork.com which is a potentially unwanted software program. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from mirror.fastmirror4.com.
Publisher:
PETN  (signed by Tidy Network)

Version:
5.1829

MD5:
dd7043a9f0f83b86820ee69c595d0501

SHA-1:
22fdd515d3827cab0bc1cacc2094ee2782a6ef4a

SHA-256:
97155d9f42e18e0bba13459f987ea1e101d2eb4a4d4e0611f447a6189a3cae1c

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
11/5/2024 11:28:09 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader9.15143
9.0.1.0176

Malwarebytes
PUP.Optional.TidyNetwork.A
v2014.06.25.08

McAfee
Artemis!DD7043A9F0F8
5600.7088

Reason Heuristics
PUP.TidyNetwork.L
14.8.8.2

Sophos
Tidy Network
4.98

Trend Micro House Call
Suspicious_GEN.F47V0622
7.2.176

VIPRE Antivirus
Tidy2Network
30540

File size:
1.2 MB (1,291,048 bytes)

Product version:
5.1829

Copyright:
Copyright (C) 2013

Original file name:
petn.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\tidynetwork.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/19/2013 5:00:00 PM

Valid to:
3/19/2016 4:59:59 PM

Subject:
CN=Tidy Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tidy Network, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B80FB156CAB4137B00AFF13BA26609D

File PE Metadata
Compilation timestamp:
6/12/2014 1:49:36 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:yBjXSms82pCEIuz/eAgmi+pBdXpdXct4ydoDGoI8FCiLvquK0uK8Zij2PJR:0FH2QEIg/eWimLXpdXU40oDllCikEjAT

Entry address:
0x860FD

Entry point:
E8, 15, 9E, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 40, 80, 4A, 00, E8, 1D, 08, 00, 00, 6A, 0E, E8, 12, A0, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 98, CC, 4A, 00, BA, 94, CC, 4A, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, F0, DF, FF, FF, 59, FF, 76, 04, E8, E7, DF, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 0C, 08, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, DE, 9E, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
7.4947

Code size:
603.5 KB (617,984 bytes)

The file tidynetwork.exe has been discovered within the following program.

TidyNetwork  by TidyNetwork.com
TidyNetwork is a potentially unwanted program that runs in the user's web browser as a toolbar and/or web extension depending on the browser.
www.tidynetwork.com/terms-of-use
77% remove it
 
Powered by Should I Remove It?

The file tidynetwork.exe has been seen being distributed by the following URL.

Remove tidynetwork.exe - Powered by Reason Core Security