home

tindertop.exe

TinderTop

The executable tindertop.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address 2.250.178.107.bc.googleusercontent.com on port 443.
Publisher:
TinderTop  (signed and verified)

MD5:
6f611da9e3ec121e703ed2b8312d289f

SHA-1:
74ae9322c38b3af937a2f35d519c1ff8cd491475

SHA-256:
97888eb12a33a5427b51bb435dbcfe8451062d3e2410eb2ed992c0f71c87f6c8

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/5/2024 6:30:46 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.2.14

File size:
49 MB (51,351,560 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\tindertop\tindertop.exe

Digital Signature
Signed by:
TinderTop

Authority:
TinderTop

Valid from:
10/17/2015 6:50:58 AM

Valid to:
10/14/2025 6:50:58 AM

Subject:
CN=TinderTop, O=TinderTop, S=Some-State, C=AU

Issuer:
CN=TinderTop, O=TinderTop, S=Some-State, C=AU

Serial number:
00EFDC498B7AF73041

File PE Metadata
Compilation timestamp:
2/20/2016 1:43:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:euK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQkxPLx/:nwC64r1c6ZgnUSrLpbUAdBUQq6/BLIZh

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Code size:
34.9 MB (36,634,112 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 186-229-127-53.ded.intelignet.com.br  (186.229.127.53:80)

TCP (HTTP SSL):
Connects to 107.154.132.27.ip.incapdns.net  (107.154.132.27:443)

TCP (HTTP SSL):
Connects to a104-83-191-248.deploy.static.akamaitechnologies.com  (104.83.191.248:443)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.fra.yahoo.com  (77.238.180.11:443)

TCP (HTTP SSL):
Connects to a23-211-153-17.deploy.static.akamaitechnologies.com  (23.211.153.17:443)

TCP (HTTP SSL):
Connects to a104-88-131-198.deploy.static.akamaitechnologies.com  (104.88.131.198:443)

TCP (HTTP SSL):
Connects to a104-83-12-240.deploy.static.akamaitechnologies.com  (104.83.12.240:443)

TCP (HTTP):
Connects to a92-122-241-200.deploy.akamaitechnologies.com  (92.122.241.200:80)

TCP (HTTP):
Connects to a84-53-133-43.deploy.akamaitechnologies.com  (84.53.133.43:80)

TCP (HTTP):
Connects to a84-53-132-50.deploy.akamaitechnologies.com  (84.53.132.50:80)

TCP (HTTP):
Connects to a72-247-214-153.deploy.akamaitechnologies.com  (72.247.214.153:80)

TCP (HTTP SSL):
Connects to a23-223-109-129.deploy.static.akamaitechnologies.com  (23.223.109.129:443)

TCP (HTTP):
Connects to a23-223-105-194.deploy.static.akamaitechnologies.com  (23.223.105.194:80)

TCP (HTTP):
Connects to a23-214-209-212.deploy.static.akamaitechnologies.com  (23.214.209.212:80)

TCP (HTTP):
Connects to 233.245.178.107.bc.googleusercontent.com  (107.178.245.233:80)

TCP (HTTP SSL):
Connects to 2.250.178.107.bc.googleusercontent.com  (107.178.250.2:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-gru2.fbcdn.net  (157.240.12.16:443)

TCP (HTTP):
Connects to unassigned-ip.vshosting.cz  (217.16.184.199:80)

TCP (HTTP):
Connects to smartsupp.vshosting.cz  (217.16.184.198:80)

TCP (HTTP SSL):
Connects to server-52-84-203-98.tpe50.r.cloudfront.net  (52.84.203.98:443)

Remove tindertop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.