» tindertop.exe
Overview
Analysis
File Details
Behaviors (1)
Network (7)

tindertop.exe

TinderTop

The executable tindertop.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TinderTop’.

File name:

tindertop.exe

Publisher:

TinderTop (signed and verified)

MD5:

1cd00da57e37d7c4b0ac6adaa1660838

SHA-1:

e9e9dd0b76edd832882be5c202348146ffa9ab21

SHA-256:

06d26be980c3d38406bc8744fdf1931dfc5f0f96daaec622c2975694a66195fe

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/5/2024 6:32:06 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.8.2.14

File size:

49.1 MB (51,433,400 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\tindertop\tindertop.exe

Digital Signature

Signed by:

TinderTop

Authority:

TinderTop

Valid from:

10/17/2015 4:50:58 PM

Valid to:

10/14/2025 4:50:58 PM

Subject:

CN=TinderTop, O=TinderTop, S=Some-State, C=AU

Issuer:

CN=TinderTop, O=TinderTop, S=Some-State, C=AU

Serial number:

00EFDC498B7AF73041

File PE Metadata

Compilation timestamp:

3/5/2015 10:51:42 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

1572864:ytmRGIXff923imwJZMCDVVesWewFEUwO8:fRGIXff9hrfVQ5E3h

Entry address:

0x1C996D1

Entry point:

E8, 9A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, 38, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, 38, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, 38, EC, 02, 02, 74, 21, 6A, 17, E8, A9, 21, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75... 
[+]

Entropy:

7.0149

Code size:

34.9 MB (36,634,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

TinderTop

Command:

C:\users\{user}\appdata\roaming\tindertop\tindertop.exe su

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-sit4.fbcdn.net (31.13.78.17:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-sit4.facebook.com (31.13.78.35:443)

TCP (HTTP SSL):

Connects to server-54-192-159-88.sin3.r.cloudfront.net (54.192.159.88:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-sin6.facebook.com (157.240.7.35:443)

TCP (HTTP):

Connects to ec2-54-235-117-44.compute-1.amazonaws.com (54.235.117.44:80)

TCP (HTTP):

Connects to 41.220.75.113.mtnnigeria.net (41.220.75.113:80)

TCP (HTTP SSL):

Connects to wb-in-f95.1e100.net (66.102.1.95:443)

Remove tindertop.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.