» tindertop.exe
Overview
Analysis
File Details
Behaviors (1)
Network (56)

tindertop.exe

TinderTop

The executable tindertop.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TinderTop’. While running, it connects to the Internet address cache.google.com on port 80 using the HTTP protocol.

File name:

tindertop.exe

Publisher:

TinderTop (signed and verified)

MD5:

00b1f77f3cc97ecad10c674be859d831

SHA-1:

cafb1ccad5ab8633f8c7a2d568f0c89ee02fea2b

SHA-256:

f6120da631979c78b3f1e2e74fd821ebcd7697ff88a8f05ceebee2c9f22d33ea

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/26/2024 10:23:28 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.8.2.14

File size:

49 MB (51,349,736 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\tindertop\tindertop.exe

Digital Signature

Signed by:

TinderTop

Authority:

TinderTop

Valid from:

10/17/2015 10:50:58 AM

Valid to:

10/14/2025 10:50:58 AM

Subject:

CN=TinderTop, O=TinderTop, S=Some-State, C=AU

Issuer:

CN=TinderTop, O=TinderTop, S=Some-State, C=AU

Serial number:

00EFDC498B7AF73041

File PE Metadata

Compilation timestamp:

2/20/2016 3:43:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

786432:muK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQkSjKvP:/wC64r1c6ZgnUSrLpbUAdBUQq6/BLIP3

Entry address:

0x1C9A031

Entry point:

E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75... 
[+]

Entropy:

7.0071

Code size:

34.9 MB (36,634,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

TinderTop

Command:

C:\users\{user}\appdata\roaming\tindertop\tindertop.exe su

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 34.f4.c1ad.ip4.static.sl-reverse.com (173.193.244.52:80)

TCP (HTTP):

Connects to gha.g.ebay.com (66.211.184.152:80)

TCP (HTTP SSL):

Connects to d0.91.6132.ip4.static.sl-reverse.com (50.97.145.208:443)

TCP (HTTP SSL):

Connects to cache.google.com (187.86.12.185:443)

TCP (HTTP):

Connects to a104-89-12-89.deploy.static.akamaitechnologies.com (104.89.12.89:80)

TCP (HTTP):

Connects to a104-89-12-42.deploy.static.akamaitechnologies.com (104.89.12.42:80)

TCP (HTTP):

Connects to a104-89-12-167.deploy.static.akamaitechnologies.com (104.89.12.167:80)

TCP (HTTP):

Connects to a104-89-12-139.deploy.static.akamaitechnologies.com (104.89.12.139:80)

TCP (HTTP SSL):

Connects to a104-80-47-89.deploy.static.akamaitechnologies.com (104.80.47.89:443)

TCP (HTTP):

Connects to 179.185.161.19.static.adsl.gvt.net.br (179.185.161.19:80)

TCP (HTTP SSL):

Connects to m-prd-umpxl-shared-mr1-blue-a.evip.aol.com (152.163.50.3:443)

TCP (HTTP SSL):

Connects to a104-89-12-219.deploy.static.akamaitechnologies.com (104.89.12.219:443)

TCP (HTTP SSL):

Connects to rtr3.l7.search.vip.bf1.yahoo.com (63.250.200.63:443)

TCP (HTTP SSL):

Connects to pprd1-rtr2.manhattan.vip.bf1.yahoo.com (72.30.203.224:443)

TCP (HTTP):

Connects to a23-4-242-61.deploy.static.akamaitechnologies.com (23.4.242.61:80)

TCP (HTTP):

Connects to a23-2-12-111.deploy.static.akamaitechnologies.com (23.2.12.111:80)

TCP (HTTP):

Connects to a23-14-213-165.deploy.static.akamaitechnologies.com (23.14.213.165:80)

TCP (HTTP):

Connects to a23-14-211-50.deploy.static.akamaitechnologies.com (23.14.211.50:80)

TCP (HTTP SSL):

Connects to a104-80-44-133.deploy.static.akamaitechnologies.com (104.80.44.133:443)

TCP (HTTP):

Connects to a.tribalfusion.com (204.11.109.65:80)

Remove tindertop.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.