home

searchus-tb10256.exe

Freshy

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application searchus-tb10256.exe by Freshy has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. It is also typically executed from the user's temporary directory.
Publisher:
TNT2  (signed by Freshy)

Product:
TNT2

Description:
Setup program

Version:
2.0.0.1057

MD5:
1727277b24e94bf88698f89b360f01de

SHA-1:
5289f2dc98171ef7251315fd9b2776ecd18e093a

SHA-256:
5bb78b50b2d1517c4fdf9836e1d5ba767d9a4bbac9f3825d6bd910267fb8d023

Scanner detections:
8 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 9:13:51 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
ASD.Prevention
2013.01.23

Avira AntiVirus
TR/Dropper.Gen
7.11.58.70

Comodo Security
TrojWare.Win32.Agent.~ftd
15008

McAfee
Artemis!1727277B24E9
5600.6976

MicroWorld eScan
TR/Dropper.Gen
15.0.0.864

Reason Heuristics
PUP.Installer.Freshy.Q
14.10.15.16

Trend Micro House Call
TROJ_GEN.RCBH1AM
7.2.288

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.18.4

File size:
1.1 MB (1,179,976 bytes)

Product version:
2.0.0.1057

Copyright:
All Rights Reserved

Original file name:
ToolbarInst.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tightrope WebInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\2\searchus-tb10256.exe

Digital Signature
Signed by:
Freshy

Authority:
VeriSign, Inc.

Valid from:
7/28/2011 7:00:00 PM

Valid to:
7/28/2013 6:59:59 PM

Subject:
CN=Freshy, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Freshy, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3FE2E83B02F14E8E282304CFC46C3524

File PE Metadata
Compilation timestamp:
7/26/2012 8:12:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:C9TXTArt7V49qUV5ffiSE0wHKmm8HTHKCzC5FhQ6G2QM:C9QFwqUVBaSE0wqwtsFhG2

Entry address:
0x34EC

Entry point:
E8, FF, 67, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, C0, 60, 41, 00, 57, FF, 35, A8, E1, 41, 00, FF, D6, FF, 35, A4, E1, 41, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, 86, 69, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, C2, 68, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Entropy:
7.9519  (probably packed)

Code size:
81.5 KB (83,456 bytes)

Remove searchus-tb10256.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.