» TNT2User.exe
Overview
Analysis
File Details
Programs (2)

TNT2User.exe

Findwide

This is a component of the Tightrope WebInstall, a setup program that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application TNT2User.exe by Findwide has been detected as adware by 3 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Search.us.com by Freshy and FindWide.com by FindWide, both potentially unwanted software.

File name:

TNT2User.exe

Publisher:

Findwide (signed and verified)

Version:

2.0.0.1378

MD5:

3e1190a298cbf85c327f51fe4fe09d79

SHA-1:

06598c9008b0928878f1f9bb1230ab762a026542

SHA-256:

f16180755f33cb1a13394e2879459b92f5d5d086dd6d11ff8a93a54f3d8d22e8

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

12/28/2024 12:04:47 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

PUA.Win32.TNT2

4.0.3.15125

ESET NOD32

Win32/Toolbar.TNT2.A potentially unwanted (variant)

9.12296

Reason Heuristics

PUP.Tightrope.Findwide (M)

15.12.5.12

File size:

589.9 KB (604,088 bytes)

Product version:

2.0.0.1378

Original file name:

TNT2User.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\tnt2\2.0.0.1378\tnt2user.exe

Digital Signature

Signed by:

Findwide

Authority:

VeriSign, Inc.

Valid from:

4/1/2012 8:00:00 PM

Valid to:

4/3/2013 7:59:59 PM

Subject:

CN=Findwide, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Findwide, L=San Francisco, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4DA4730894ED337B96666A0979D619C2

File PE Metadata

Compilation timestamp:

12/17/2012 12:48:06 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:D9QZ0qR35CIkJ5gXaQahUALI8Yd26NeRG9y:DWZTRJwvgXaQRaZRGE

Entry address:

0x31DA6

Entry point:

E8, CC, 76, 00, 00, E9, 89, FE, FF, FF, C7, 01, 08, E5, 44, 00, E9, 9E, 2F, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 08, E5, 44, 00, E8, 8B, 2F, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 2E, DC, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08, 51, 52, E8, 01, 14, 00, 00, 59, 59, 85, C0, 74, 04, 33, C0, EB, 24, F6, 06, 02, 74, 05, F6, 07, 08, 74, F2, 8B, 45, 10... 
[+]

Entropy:

6.6133

Code size:

281.5 KB (288,256 bytes)

The file TNT2User.exe has been discovered within the following programs.

FindWide.com by FindWide

FindWide is a potentially unwanted application that runs in the web browser as a toolbar and web extension.

search.findwide.com

67% remove it

Search.us.com by Freshy

The Search.US Toolbar (My.Search.Us) is a Freshy powered toolbar for Intenet Explorer and Firefox.

search.us.com

85% remove it

Remove TNT2User.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.