home

TNT2User.exe

Freshy

This is a component of the Tightrope WebInstall, a setup program that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application TNT2User.exe by Freshy has been detected as adware by 9 anti-malware scanners. This file is typically installed with the program Findwide Toolbar by FindWide which is a potentially unwanted software program. While running, it connects to the Internet address d9.3f.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Freshy.com  (signed by Freshy)

Version:
2.0.0.1995

MD5:
a4dc06e5970b0d8e24170561febd282a

SHA-1:
b0a596cc5f30e3adf2835edb3d4c9255131537ab

SHA-256:
b3295aa31a7b02acd3da906990837ae123b14b937127a97ec67a8e1c3473a5da

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
2/24/2025 8:42:00 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/FindWide.Gen
8.3.1.6

AVG
Generic
2016.0.3034

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Adware.Toolbar.602
9.0.1.0210

ESET NOD32
Win32/Toolbar.TNT2.A potentially unwanted (variant)
9.11983

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
14.0.0.1663

Panda Antivirus
PUP/TNT2Toolbar
15.07.29.11

Qihoo 360 Security
Win32/Virus.WebToolbar.d46
1.0.0.1015

Reason Heuristics
PUP.Tightrope.Freshy (M)
15.7.29.11

File size:
676.3 KB (692,480 bytes)

Product version:
2.0.0.1995

Copyright:
© Freshy.com All Rights Reserved

Original file name:
TNT2User.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\tnt2\2.0.0.1995\tnt2user.exe

Digital Signature
Signed by:
Freshy

Authority:
VeriSign, Inc.

Valid from:
3/20/2013 5:30:00 AM

Valid to:
6/29/2016 5:29:59 AM

Subject:
CN=Freshy, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Freshy, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3FE613DB866C04EE49FDF0645F3F9391

File PE Metadata
Compilation timestamp:
7/21/2015 4:54:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:3dv0nUQtSQMb5a+oShJxqFTvtYezeYu3O43xX5qF7w9MRrJWrL4hDRVjEHT:NxbC2Uy+eYGOEWaqgPSDRVjgT

Entry address:
0x41940

Entry point:
E8, 6F, A6, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 3C, 0B, 47, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 5D, 65, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, CC, D5, FF, FF, 8D, 85, E0, FC, FF, FF, 83, C4, 0C, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
6.6186

Code size:
341 KB (349,184 bytes)

The file TNT2User.exe has been discovered within the following program.

Findwide Toolbar  by FindWide
This is a potentially unwanted web browser toolbar that delivers ads to the user's web browser including coupons, deals, or special offers from select merchants and stores.
search.findwide.com
86% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 18.55.c0ad.ip4.static.sl-reverse.com  (173.192.85.24:80)

TCP (HTTP):
Connects to static.ill.117.239.91.32/24.bsnl.in  (117.239.91.32:80)

TCP (HTTP):
Connects to d9.3f.6132.ip4.static.sl-reverse.com  (50.97.63.217:80)

TCP (HTTP):
Connects to static.ill.117.239.91.48/24.bsnl.in  (117.239.91.48:80)

TCP (HTTP):
Connects to a23-76-156-32.deploy.static.akamaitechnologies.com  (23.76.156.32:80)

TCP (HTTP):
Connects to a23-205-119-9.deploy.static.akamaitechnologies.com  (23.205.119.9:80)

TCP (HTTP):
Connects to 30.3a.1632.ip4.static.sl-reverse.com  (50.22.58.48:80)

Remove TNT2User.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.