» tnodup-portable.exe
Overview
Analysis
File Details
Programs (1)
Network (11)

tnodup-portable.exe

TNod User & Password Finder

Tukero[X]Team

The executable tnodup-portable.exe has been detected as malware by 4 anti-virus scanners. This file is typically installed with the program TNod User & Password Finder by Tukero[X]Team which is a potentially unwanted software program. While running, it connects to the Internet address um05.eset.com on port 80 using the HTTP protocol.

File name:

tnodup-portable.exe

Publisher:

Tukero[X]Team

Product:

TNod User & Password Finder

Version:

1, 6, 0, 0

MD5:

5d4a433038eebee8950a0ae024cc9997

SHA-1:

130cbdc35bae01ee258dca7f77caead59115f5bb

SHA-256:

b6081fc9a8b4c841f0ad6492bdfaf83f0415804bcfd6f9dffa684599263d1fca

Scanner detections:

4 / 68

Status:

Malware

Analysis date:

4/26/2024 4:29:37 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

hacktool program Tool.HackAv.43

9.0.1.05190

ESET NOD32

Win32/RiskWare.HackAV.RQ application

6.3.12010.0

F-Secure

Riskware.Application.PassView.BP

5.15.154

Malwarebytes

Trojan.Agent.CK

v2015.12.23.04

File size:

5.3 MB (5,592,576 bytes)

Product version:

1, 6, 0, 0

Copyleft 2007-2015

File type:

Executable application (Win32 EXE)

Language:

Spanish (Ecuador)

File PE Metadata

Compilation timestamp:

12/19/2015 6:07:07 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

98304:oTVcwCUuwFzXnZ16Co5GyiM3i9QRQP+8OqpqeSZXb:oJcwHFrWCqAJPLnS

Entry address:

0x32FBC2

Entry point:

E8, 28, 0C, 00, 00, E9, 4E, FE, FF, FF, E9, 00, 00, 00, 00, 6A, 10, 68, B0, 88, 91, 00, E8, F3, 08, 00, 00, 33, DB, 89, 5D, E0, 88, 5D, E7, 89, 5D, FC, 3B, 5D, 10, 74, 1A, 8B, 4D, 14, E8, 90, 07, 00, 00, 8B, 4D, 08, FF, 55, 14, 8B, 45, 0C, 01, 45, 08, 43, 89, 5D, E0, EB, E1, B0, 01, 88, 45, E7, C7, 45, FC, FE, FF, FF, FF, E8, 0E, 00, 00, 00, E8, F9, 08, 00, 00, C2, 14, 00, 8B, 5D, E0, 8A, 45, E7, 84, C0, 75, 0F, FF, 75, 18, 53, FF, 75, 0C, FF, 75, 08, E8, 1E, F1, FF, FF, C3, 55, 8B, EC, 6A, 00, FF, 15, AC... 
[+]

Entropy:

6.4349

Code size:

3.9 MB (4,131,328 bytes)

The file tnodup-portable.exe has been discovered within the following program.

TNod User & Password Finder by Tukero[X]Team

Publisher's description - “TNod User & Password Finder is software that is used to search the internet for activation keys for any version of NOD32 programs. In particular, it provides the username and password for ESET NOD32 Smart Security and ESET NOD32 Antivirus.”

tukero.blogspot.com

67% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to um05.eset.com (91.228.167.132:80)

TCP (HTTP):

Connects to 91-228-165-81.ptr.eset.com (91.228.165.81:80)

TCP (HTTP):

Connects to TIG-Net17-99.trueintergateway.com (27.123.17.99:80)

TCP (HTTP):

Connects to 91-228-167-125.ptr.eset.com (91.228.167.125:80)

TCP (HTTP):

Connects to um11.eset.com (91.228.166.88:80)

TCP (HTTP):

Connects to TIG-Net17-91.trueintergateway.com (27.123.17.91:80)

TCP (HTTP):

Connects to TIG-Net17-35.trueintergateway.com (27.123.17.35:80)

TCP (HTTP):

Connects to TIG-Net17-26.trueintergateway.com (27.123.17.26:80)

TCP (HTTP):

Connects to TIG-Net17-20.trueintergateway.com (27.123.17.20:80)

TCP (HTTP):

Connects to mil04s25-in-f19.1e100.net (216.58.205.83:80)

TCP (HTTP):

Connects to cache.google.com (190.182.24.57:80)

Remove tnodup-portable.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.