tnodup-portable.exe

TNod User & Password Finder

Tukero[X]Team

The executable tnodup-portable.exe has been detected as malware by 4 anti-virus scanners. This file is typically installed with the program TNod User & Password Finder by Tukero[X]Team which is a potentially unwanted software program. While running, it connects to the Internet address um05.eset.com on port 80 using the HTTP protocol.
Publisher:
Tukero[X]Team

Product:
TNod User & Password Finder

Version:
1, 6, 0, 0

MD5:
5d4a433038eebee8950a0ae024cc9997

SHA-1:
130cbdc35bae01ee258dca7f77caead59115f5bb

SHA-256:
b6081fc9a8b4c841f0ad6492bdfaf83f0415804bcfd6f9dffa684599263d1fca

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/16/2024 5:49:32 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
hacktool program Tool.HackAv.43
9.0.1.05190

ESET NOD32
Win32/RiskWare.HackAV.RQ application
6.3.12010.0

F-Secure
Riskware.Application.PassView.BP
5.15.154

Malwarebytes
Trojan.Agent.CK
v2015.12.23.04

File size:
5.3 MB (5,592,576 bytes)

Product version:
1, 6, 0, 0

Copyright:
Copyleft 2007-2015

File type:
Executable application (Win32 EXE)

Language:
Spanish (Ecuador)

File PE Metadata
Compilation timestamp:
12/19/2015 6:07:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
98304:oTVcwCUuwFzXnZ16Co5GyiM3i9QRQP+8OqpqeSZXb:oJcwHFrWCqAJPLnS

Entry address:
0x32FBC2

Entry point:
E8, 28, 0C, 00, 00, E9, 4E, FE, FF, FF, E9, 00, 00, 00, 00, 6A, 10, 68, B0, 88, 91, 00, E8, F3, 08, 00, 00, 33, DB, 89, 5D, E0, 88, 5D, E7, 89, 5D, FC, 3B, 5D, 10, 74, 1A, 8B, 4D, 14, E8, 90, 07, 00, 00, 8B, 4D, 08, FF, 55, 14, 8B, 45, 0C, 01, 45, 08, 43, 89, 5D, E0, EB, E1, B0, 01, 88, 45, E7, C7, 45, FC, FE, FF, FF, FF, E8, 0E, 00, 00, 00, E8, F9, 08, 00, 00, C2, 14, 00, 8B, 5D, E0, 8A, 45, E7, 84, C0, 75, 0F, FF, 75, 18, 53, FF, 75, 0C, FF, 75, 08, E8, 1E, F1, FF, FF, C3, 55, 8B, EC, 6A, 00, FF, 15, AC...
 
[+]

Entropy:
6.4349

Code size:
3.9 MB (4,131,328 bytes)

The file tnodup-portable.exe has been discovered within the following program.

TNod User & Password Finder  by Tukero[X]Team
Publisher's description - “TNod User & Password Finder is software that is used to search the internet for activation keys for any version of NOD32 programs. In particular, it provides the username and password for ESET NOD32 Smart Security and ESET NOD32 Antivirus.”
tukero.blogspot.com
67% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to um05.eset.com  (91.228.167.132:80)

TCP (HTTP):
Connects to 91-228-165-81.ptr.eset.com  (91.228.165.81:80)

TCP (HTTP):
Connects to TIG-Net17-99.trueintergateway.com  (27.123.17.99:80)

TCP (HTTP):
Connects to 91-228-167-125.ptr.eset.com  (91.228.167.125:80)

TCP (HTTP):
Connects to um11.eset.com  (91.228.166.88:80)

TCP (HTTP):
Connects to TIG-Net17-91.trueintergateway.com  (27.123.17.91:80)

TCP (HTTP):
Connects to TIG-Net17-35.trueintergateway.com  (27.123.17.35:80)

TCP (HTTP):
Connects to TIG-Net17-26.trueintergateway.com  (27.123.17.26:80)

TCP (HTTP):
Connects to TIG-Net17-20.trueintergateway.com  (27.123.17.20:80)

TCP (HTTP):
Connects to mil04s25-in-f19.1e100.net  (216.58.205.83:80)

TCP (HTTP):
Connects to cache.google.com  (190.182.24.57:80)

Remove tnodup-portable.exe - Powered by Reason Core Security