home

tidynetwork.exe

Tidy Network

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application tidynetwork.exe by Tidy Network has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program TidyNetwork by TidyNetwork.com which is a potentially unwanted software program. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from mirror.fastmirror4.com. While running, it connects to the Internet address 3e.3a.1632.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
PETN  (signed by Tidy Network)

Version:
5.1776

MD5:
a05a9d92d6b11bdb175498f063df5c02

SHA-1:
f32630eed386fc08d0cf2fa5a135fa4a2a0ee303

SHA-256:
ee97c83da5bca695134204427c8a4b358f425b6ea96018ebc419b73f8ee894b1

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
11/23/2024 2:15:26 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader9.15143
9.0.1.0125

Reason Heuristics
PUP.TidyNetwork.L
14.8.8.2

Sophos
Tidy Network
4.98

Trend Micro House Call
TROJ_GEN.F47V0430
7.2.125

VIPRE Antivirus
Tidy2Network
28892

File size:
1.2 MB (1,290,024 bytes)

Product version:
5.1776

Copyright:
Copyright (C) 2013

Original file name:
petn.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\10\tidynetwork.exe

Digital Signature
Signed by:
Tidy Network

Authority:
VeriSign, Inc.

Valid from:
3/19/2013 7:00:00 PM

Valid to:
3/19/2016 6:59:59 PM

Subject:
CN=Tidy Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tidy Network, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B80FB156CAB4137B00AFF13BA26609D

File PE Metadata
Compilation timestamp:
4/21/2014 5:48:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:aKrC/P6BbsEYvCFW82/4Y83Sh3MqX/VfydyEoI8FviLuquF0xK8Zij9s:jMCBCvCg82B6M3MqXdf0yvlviDEj9s

Entry address:
0x85E5D

Entry point:
E8, 15, 9E, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 00, 80, 4A, 00, E8, 1D, 08, 00, 00, 6A, 0E, E8, 12, A0, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 98, CC, 4A, 00, BA, 94, CC, 4A, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, F0, DF, FF, FF, 59, FF, 76, 04, E8, E7, DF, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 0C, 08, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, DE, 9E, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
7.4937

Code size:
603 KB (617,472 bytes)

The file tidynetwork.exe has been discovered within the following program.

TidyNetwork  by TidyNetwork.com
TidyNetwork is a potentially unwanted program that runs in the user's web browser as a toolbar and/or web extension depending on the browser.
www.tidynetwork.com/terms-of-use
77% remove it
 
Powered by Should I Remove It?

The file tidynetwork.exe has been seen being distributed by the following URL.

http://mirror.fastmirror4.com/.../TidyNetwork.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 3e.3a.1632.ip4.static.sl-reverse.com  (50.22.58.62:80)

Remove tidynetwork.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.