tnod-1.4.2.3-final-setup.exe

TNod User & Password Finder

Tukero[X]Team

The application tnod-1.4.2.3-final-setup.exe has been detected as a potentially unwanted program by 36 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program TNod User & Password Finder by Tukero[X]Team which is a potentially unwanted software program.
Publisher:
Tukero[X]Team

Product:
TNod User & Password Finder

Description:
Installer. NSIS

Version:
1.4.2.3

MD5:
57712fe52623737e2313d63494ec5ec5

SHA-1:
433c165e328a41a25e29985ecc9a51ac9d5d35f1

SHA-256:
5c3e0e664646da183fbd705e4af1ae997124d69a05d33d93318f020679b8f056

Scanner detections:
36 / 68

Status:
Potentially unwanted

Analysis date:
2/27/2014 11:28:00 AM UTC  (eight months ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10154123
1106

Agnitum Outpost
RiskWare.HackAV
7.1.1

Avira AntiVirus
TR/Zusy.11827.2
7.11.126.170

avast!
Win32:Malware-gen
2014.9-140124

AVG
Fat-Obfuscated
2015.0.3584

Baidu Antivirus
HackTool.Win32.HackAV
4.0.3.14124

Bitdefender
Trojan.Generic.10154123
1.0.20.120

Bkav FE
W32.Clod8cb.Trojan
1.3.0.4923

Clam AntiVirus
Win.Trojan.Zusy-90
0.98/18155

Comodo Security
UnclassifiedMalware
17660

Dr.Web
Trojan.Click2.49081
9.0.1.024

Emsisoft Anti-Malware
Trojan.Generic.10154123
8.14.01.24.04

ESET NOD32
Win32/RiskWare.HackAV.JA (variant)
8.9327

Fortinet FortiGate
W32/RiskWare_HackAV.JA
1/24/2014

F-Secure
Packed:W32/PeCan.A
11.2014-24-01_6

G Data
Trojan.Generic.10154123
14.1.24

IKARUS anti.virus
Virus.Fat.Obfuscated
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.10926

K7 Gateway Antivirus
Trojan
13.175.10926

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
331020.49267

Malwarebytes
Trojan.Agent.CK
v2014.01.24.04

McAfee
Artemis!57712FE52623
5600.7240

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-PKR.G
7.7240

MicroWorld eScan
Trojan.Generic.10154123
15.0.0.72

NANO AntiVirus
Trojan.Win32.Click2.bwoqvx
0.28.0.57380

Norman
Redosdru.LS
10.20140124

nProtect
Trojan.Generic.10154123
14.01.23.02

Panda Antivirus
Trj/CI.A
14.01.24.04

Qihoo 360 Security
Win32/Trojan.462
1.0.0.1015

Quick Heal
(Suspicious) - DNAScan
1.14.12.00

Reason Heuristics
Unnamed.Threat.27
14.2.27.6

Rising Antivirus
PE:Trojan.Win32.Generic.1569EDD2!359263698
23.00.65.14122

Sophos
Mal/Generic-S
4.97

Trend Micro House Call
TROJ_SPNR.03H013
7.2.24

Trend Micro
TROJ_SPNR.03H013
10.465.24

VIPRE Antivirus
Trojan.Win32.Generic
25714

File size:
1003.7 KB (1,027,827 bytes)

Product version:
1.4.2.3

Copyright:
© Tukero

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Program Files\eset\tnod-1.4.2.3-final-setup\tnod-1.4.2.3-final-setup.exe

File PE Metadata
Compilation timestamp:
12/6/2009 5:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:Y9FHVMWuuAx3A+gkpicLJln3U6Oj8qTQaPEQBkshk:YpMWuuneiwl3bsTQac0kn

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9755

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file tnod-1.4.2.3-final-setup.exe has been discovered within the following programs.

TNod User & Password Finder  by Tukero[X]Team
Publisher's description - “TNod User & Password Finder is software that is used to search the internet for activation keys for any version of NOD32 programs. In particular, it provides the username and password for ESET NOD32 Smart Security and ESET NOD32 Antivirus.”
tukero.blogspot.com
67% remove it
 
Powered by Should I Remove It?

The file tnod-1.4.2.3-final-setup.exe has been seen being distributed by the following URL.

chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/persistent/.../qloVgb5D

36 / 68    (PUP)
tnodup.exe  (cce10ca3fd0349441fe83ec58f51eccc9c460b91)

1 / 68      (inconclusive)
Au_.exe  (f50ff92ed9ba5e1a943689a4e3835b8ea76f3117)

39 / 68    (PUP)
tnod-1.4.0.15-setup.exe  (d9258906c84abd12731d9536cb12ccb46c77443e)

1 / 68      (inconclusive)
uninst-tnod.exe  (75dbc344061ef8bc2760a0f5fca872e4d372173b)

34 / 68    (PUP)
tnod-1.4.2.1-final-setup.exe  (e178215075cd39572db503f4d5d1364795268685)

38 / 68    (PUP)
tnod-1.4.2.0-final-setup.exe  (4d06fe6ef4453d1a947ec97288450722af29ce52)

29 / 68    (PUP)
tnod-1.4.1.0-final-setup-r2.exe  (8fcc9f5c235218d4ad968af743d03179ed8c55c9)

Detection Incidence by Country