home

uninstall.exe

Tidy Network

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application uninstall.exe by Tidy Network has been detected as adware by 2 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program TidyNetwork by TidyNetwork. While running, it connects to the Internet address files.tidynetwork.com on port 80 using the HTTP protocol.
Publisher:
Tidy Network  (signed and verified)

MD5:
c7e6f854edcd51efe0e1051cea687e36

SHA-1:
602e36a87cafcb1374269ae90c4e64063ce220d0

SHA-256:
a043a95ee9b58b5436a2cd3fd6b4ac9e2de952169cfd42a24d45d5e076dee29d

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/27/2024 6:13:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TidyNetwork.J
14.12.11.12

VIPRE Antivirus
Tidy2Network
35458

File size:
127.3 KB (130,344 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\tidynetwork\uninstall.exe

Digital Signature
Signed by:
Tidy Network

Authority:
VeriSign, Inc.

Valid from:
3/20/2013 12:00:00 AM

Valid to:
3/19/2016 11:59:59 PM

Subject:
CN=Tidy Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tidy Network, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B80FB156CAB4137B00AFF13BA26609D

File PE Metadata
Compilation timestamp:
11/4/2014 8:02:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:uVS1gAliH3fsajr6Wrzu+3VDoJrsgvMvw/:uVMliHUajrrC+3VDGr/Aa

Entry address:
0xADC7

Entry point:
E8, B9, 6B, 00, 00, E9, 89, FE, FF, FF, C7, 01, 6C, 6F, 41, 00, E9, 28, 6D, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 6C, 6F, 41, 00, E8, 15, 6D, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 24, EA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08, 51, 52, E8, 60, 13, 00, 00, 59, 59, 85, C0, 74, 04, 33, C0, EB, 24, F6, 06, 02, 74, 05, F6, 07, 08, 74, F2, 8B, 45, 10...
 
[+]

Entropy:
6.4624

Code size:
81.5 KB (83,456 bytes)

Program Uninstaller
Program name:
TidyNetwork

Display publisher:
TidyNetwork

Uninstall string:
C:\users\{user}\appdata\local\tidynetwork\uninstall.exe cid=tr2uk07 name="tidynetwork" autoguid={9387ba1f-b13e-3a65-fe61-91315a61f242}


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to services.tidynetwork.com  (96.126.104.111:80)

 
http://services.tidynetwork.com/general/ping.php?tidyaction=tidyinstallbegin&tidyversion=5&tidyos=NT-Platform&tidyguid={...}&tidysourcetype=tidy&tidycompany=TidyNetwork.com&tidysourceid=

TCP (HTTP):
Connects to files.tidynetwork.com  (69.16.175.10:80)

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.