home

tidynetwork009.exe

TidyNetwork

This is part of the Tidy Network web browser add-in that will inject double underline text-link ads in the browser (may be identified by 'Tidy Network advertisements'). The application tidynetwork009.exe by TidyNetwork has been detected as adware by 3 anti-malware scanners. This file is typically installed with the program TidyNetwork.com which is a potentially unwanted software program. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from files.tidynetwork.com. While running, it connects to the Internet address files.tidynetwork.com on port 80 using the HTTP protocol.
Publisher:
Tidy Network  (signed by TidyNetwork)

Version:
4.1412

MD5:
c17edd32a37403e2fd7660be8832b52b

SHA-1:
6d20eb49a210232d36e57bc71b640934f32b3669

SHA-256:
bcd133f6bebc3c06620a8c376732c846657435ef4ed8996eb4e216c3c5b044bd

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Injects in-text advertising within the web browser.

Analysis date:
5/9/2025 6:05:48 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Heur.Suspicious
17685

Reason Heuristics
PUP.TidyNetwork.O
14.3.15.23

Sophos
Tidy Network
4.97

File size:
369.3 KB (378,152 bytes)

Product version:
4.1412

Copyright:
Copyright (C) 2012 Tidy Network

Original file name:
tidynetw.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\3\tidynetwork009.exe

Digital Signature
Signed by:
TidyNetwork

Authority:
VeriSign, Inc.

Valid from:
4/1/2012 7:00:00 PM

Valid to:
4/3/2013 6:59:59 PM

Subject:
CN=TidyNetwork, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TidyNetwork, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
73BCDD4C3C34A0BE5932E4A0E110E394

File PE Metadata
Compilation timestamp:
1/28/2013 1:09:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:4ZMOTAcTWphy0FBfH7nX5FEsRobRbS5obpLf4u+PtF7qXz:4jTAcTePH7fE8YR3bpbBiuXz

Entry address:
0x11704

Entry point:
E8, FF, 7A, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, A8, 5E, 42, 00, E8, 66, 65, 00, 00, 6A, 0E, E8, FC, 7C, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 7C, 96, 42, 00, BA, 78, 96, 42, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 9E, F3, FF, FF, 59, FF, 76, 04, E8, 95, F3, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 55, 65, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, C8, 7B, 00, 00, 59, C3, CC, CC, 8B, 54, 24, 04...
 
[+]

Entropy:
7.4941

Code size:
122.5 KB (125,440 bytes)

The file tidynetwork009.exe has been discovered within the following program.

TidyNetwork.com  by TidyNetwork.com
From the Terms of Service - "By accessing the Sites and downloading the Software, you hereby grant the Company permission to display promotional information, advertisements, and offers for third-party products, offers or services (collectively “Advertisements”) from Company’s advertising partners (collectively “Partners”).
www.tidynetwork.com
83% remove it
 
Powered by Should I Remove It?

The file tidynetwork009.exe has been seen being distributed by the following URL.

http://files.tidynetwork.com/.../tidynetwork.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to services.tidynetwork.com  (96.126.104.111:80)

 
http://services.tidynetwork.com/general/ping.php?tidyaction=tidyinstallbegin&tidyversion=5&tidyos=NT-Platform&tidyguid={...}&tidysourcetype=tidy&tidycompany=TidyNetwork.com&tidysourceid=

TCP (HTTP):
Connects to files.tidynetwork.com  (69.16.175.10:80)

Remove tidynetwork009.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.