home

tidynetwork.exe

Tidy Network

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application tidynetwork.exe by Tidy Network has been detected as adware by 3 anti-malware scanners. Additionally, the file is typically installed by a number of programs including TidyNetwork by TidyNetwork.com and HelperApps by TidyNetwork.com, both potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d1t653m828c3x8.cloudfront.net and multiple other hosts.
Publisher:
PETN  (signed by Tidy Network)

Version:
5.1718

MD5:
e676685c7600df653f97824b6eb3814c

SHA-1:
c2a05a11cce0ed1568f1350d5a7a96080cfac902

SHA-256:
3a26e56476b2f10cd8cb2ff372cef66e26118709434df398de6c71d5601acb12

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/23/2024 2:13:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TidyNetwork.L
14.8.8.2

Sophos
Tidy Network
4.96

VIPRE Antivirus
Tidy2Network
24866

File size:
1.2 MB (1,250,600 bytes)

Product version:
5.1718

Copyright:
Copyright (C) 2013

Original file name:
petn.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\tidynetwork.exe

Digital Signature
Signed by:
Tidy Network

Authority:
VeriSign, Inc.

Valid from:
3/19/2013 5:00:00 PM

Valid to:
3/19/2016 4:59:59 PM

Subject:
CN=Tidy Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tidy Network, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B80FB156CAB4137B00AFF13BA26609D

File PE Metadata
Compilation timestamp:
12/11/2013 9:51:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:366yXovK60IbK6F0PS5CQz0ONvirHswi3iv5/sYB05QzD3J6USoj4PNU6oJ/:q6JTbBF0PSCQI+arswi3KNeQzkUBiS5

Entry address:
0x859BD

Entry point:
E8, 23, 9E, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, B8, 7E, 4A, 00, E8, 1D, 08, 00, 00, 6A, 0E, E8, 20, A0, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, B8, CC, 4A, 00, BA, B4, CC, 4A, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 27, DF, FF, FF, 59, FF, 76, 04, E8, 1E, DF, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 0C, 08, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, EC, 9E, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
7.4736

Code size:
601.5 KB (615,936 bytes)

The file tidynetwork.exe has been discovered within the following programs.

HelperApps  by TidyNetwork.com
Publisher's description - “TidyNetwork is a free browser add-on that brings you exclusive deals while you browse the Internet. For example, if you are looking for a new pair of shoes, TidyNetwork can help you find the lowest price from trusted stores, or even a coupon from the store you’re visiting.”
www.tidynetwork.com
81% remove it
TidyNetwork  by TidyNetwork.com
TidyNetwork is a potentially unwanted program that runs in the user's web browser as a toolbar and/or web extension depending on the browser.
www.tidynetwork.com/terms-of-use
77% remove it
 
Powered by Should I Remove It?

The file tidynetwork.exe has been seen being distributed by the following 2 URLs.

http://d1t653m828c3x8.cloudfront.net/bundles/.../TidyNetwork.exe

http://d3emsmln8xfj03.cloudfront.net/bundles/.../TidyNetwork.exe

Remove tidynetwork.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.