tnodup.exe

TNod User & Password Finder

Tukero[X]Team

The application tnodup.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TNOD UP’. This file is typically installed with the program TNod User & Password Finder by Tukero[X]Team which is a potentially unwanted software program. While running, it connects to the Internet address um05.eset.com on port 80 using the HTTP protocol.
Publisher:
Tukero[X]Team

Product:
TNod User & Password Finder

Version:
1, 4, 2, 3

MD5:
18947d264d3e605199f07cae18c1d8e6

SHA-1:
cce10ca3fd0349441fe83ec58f51eccc9c460b91

SHA-256:
7ebfbda5059c85da34a32401e9e994c9460362f228d842f1d89a9479c9d9830a

Scanner detections:
31 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 1:25:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10154123
1149

Agnitum Outpost
RiskWare.HackAV
7.1.1

AhnLab V3 Security
Trojan/Win32.Gen
2013.12.30

Avira AntiVirus
TR/Zusy.11827.3
7.11.122.174

avast!
Win32:Malware-gen
2014.9-131125

AVG
Fat-Obfuscated
2014.0.3645

Baidu Antivirus
Malware.Win32.RiskTool
4.0.3.131125

Bitdefender
Trojan.Generic.10154123
1.0.20.1645

Bkav FE
HW32.CDB
1.3.0.4613

Clam AntiVirus
Win.Trojan.Zusy-91
0.98/18155

Comodo Security
UnclassifiedMalware
17518

Dr.Web
Trojan.Click2.49081
9.0.1.0329

Emsisoft Anti-Malware
Trojan.Generic.10154123
8.13.11.25.07

ESET NOD32
Win32/RiskWare.HackAV.JA (variant)
7.9190

Fortinet FortiGate
W32/RiskWare_HackAV.JA
11/25/2013

F-Secure
Packed:W32/PeCan.A
11.2013-29-12_1

G Data
Trojan.Generic.10154123
13.11.22

IKARUS anti.virus
Virus.Fat.Obfuscated
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10656

Malwarebytes
Trojan.Agent.CK
v2013.11.25.07

McAfee
RDN/Generic PUP.x!bmh
5600.7269

MicroWorld eScan
Trojan.Generic.10154123
14.0.0.987

NANO AntiVirus
Trojan.Win32.Click2.bwoqvx
0.28.0.57029

Norman
Redosdru.LS
11.20131125

Panda Antivirus
Trj/CI.A
13.11.25.07

Quick Heal
(Suspicious) - DNAScan
11.13.12.00

Reason Heuristics
Unnamed.Threat.71
14.3.1.1

Sophos
Mal/Generic-S
4.96

Trend Micro House Call
TROJ_SPNR.29GI13
7.2.329

Trend Micro
TROJ_SPNR.29GI13
10.465.25

VIPRE Antivirus
Trojan-Dropper.Win32.Resdro.b
24876

File size:
1000.7 KB (1,024,748 bytes)

Product version:
1, 4, 2, 3

Copyright:
Copyleft 2007-2011

File type:
Executable application (Win32 EXE)

Language:
Spagnolo (Ecuador)

Common path:
C:\Program Files\tnod user & password finder\tnodup.exe

File PE Metadata
Compilation timestamp:
7/1/2013 7:26:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:8R3PaResZZ/rOK1zSWiRUQqdXRZ8zGLPv:WWXOKoWPdhvLH

Entry address:
0x2096A9

Entry point:
E8, 02, 00, 00, 00, 6F, C9, 87, 0C, 24, 8D, 89, BA, 02, 00, 00, 87, 0C, 24, E9, A7, 02, 00, 00, 5A, D1, 0F, 84, 44, FA, FF, FF, E9, 94, 01, 00, 00, 91, E9, FA, F9, FF, FF, EC, 8B, 77, 3C, E9, 01, 03, 00, 00, 18, B6, 03, CE, E9, 08, 04, 00, 00, 49, 84, DB, E9, 5A, 03, 00, 00, 13, 84, 0F, 85, 56, 00, 00, 00, E9, D2, 03, 00, 00, 0F, 84, 08, FE, FF, FF, E9, 07, 01, 00, 00, 01, 1A, E9, 7B, FF, FF, FF, 3D, A9, 0F, 86, F4, FD, FF, FF, E9, E8, FA, FF, FF, 25, 00, 00, FF, FF, E9, 33, FE, FF, FF, 9E, 69, 8B, 43, 08...
 
[+]

Code size:
1.3 MB (1,334,784 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TNOD UP

Command:
"C:\Program Files\tnod user & password finder\tnodup.exe" \i


The file tnodup.exe has been discovered within the following programs.

TNod User & Password Finder  by Tukero[X]Team
Publisher's description - “TNod User & Password Finder is software that is used to search the internet for activation keys for any version of NOD32 programs. In particular, it provides the username and password for ESET NOD32 Smart Security and ESET NOD32 Antivirus.”
tukero.blogspot.com
67% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to um05.eset.com  (91.228.167.132:80)

TCP (HTTP):
Connects to unassigned.psychz.net  (108.171.244.158:80)

TCP (HTTP):
Connects to um11.eset.com  (91.228.166.88:80)

TCP (HTTP):
Connects to sa-in-f132.1e100.net  (74.125.200.132:80)

TCP (HTTP):
Connects to nrt13s50-in-f19.1e100.net  (172.217.25.83:80)

TCP (HTTP):
Connects to mil04s23-in-f1.1e100.net  (172.217.23.97:80)

TCP (HTTP):
Connects to ec2-54-72-9-51.eu-west-1.compute.amazonaws.com  (54.72.9.51:80)

TCP (HTTP):
Connects to 91-228-167-125.ptr.eset.com  (91.228.167.125:80)

Remove tnodup.exe - Powered by Reason Core Security