home

tnodup.exe

TNod User & Password Finder

Tukero[X]Team

The application tnodup.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TNOD UP’. This file is typically installed with the program TNod User & Password Finder by Tukero[X]Team which is a potentially unwanted software program. While running, it connects to the Internet address 91-228-167-125.ptr.eset.com on port 80 using the HTTP protocol.
Publisher:
Tukero[X]Team

Product:
TNod User & Password Finder

Version:
1, 6, 0, 0

MD5:
62635a9df095583fecfcc30f759cb7da

SHA-1:
81d6ee34664a4fa4ebe2177931133cdd88964f43

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/27/2024 3:29:47 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Generik
4.0.3.15112

ESET NOD32
Generik.NATBXAJ potentially unwanted (variant)
9.12503

Malwarebytes
Trojan.Agent.CK
v2015.11.02.07

File size:
1.9 MB (2,028,032 bytes)

Product version:
1, 6, 0, 0

Copyright:
Copyleft 2007-2015

File type:
Executable application (Win32 EXE)

Language:
Espanhol (Equador)

File PE Metadata
Compilation timestamp:
11/2/2015 7:05:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
49152:iNpK3CTPSTLi64C8eRbSTeaPxItUcOU7m62/jmW:G4vi61RGTNPm5OU72qW

Entry address:
0x1000

Entry point:
68, 01, 90, 98, 00, E8, 01, 00, 00, 00, C3, C3, E0, 80, 3F, 4B, A4, 13, DE, D1, A4, E3, 42, A3, 37, AE, D2, 6B, BA, 6C, 22, DB, B1, F4, AA, 4A, 20, F6, EA, E8, 17, D4, D6, 04, 05, BF, 0A, 97, 93, 98, A2, 29, BE, 60, F6, 76, 29, DD, BF, AC, 71, 05, 98, EE, 49, DB, D6, EB, B3, D9, 01, 28, 85, D8, 14, 4B, 5C, BF, 88, 1A, AE, 34, 4D, DD, EB, 2C, 40, B0, 17, 22, D6, CC, 7C, C1, 38, 16, EA, 84, 86, 76, 46, A8, 04, 97, 7D, 67, 77, 49, 23, E6, 74, 8F, D8, 0B, 8E, 34, 68, 7C, 65, EF, 71, C5, B2, 9C, 64, 73, DC, 0C...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
3.9 MB (4,129,792 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TNOD UP

Command:
"C:\programas\tnod\tnodup.exe" \i


The file tnodup.exe has been discovered within the following program.

TNod User & Password Finder  by Tukero[X]Team
Publisher's description - “TNod User & Password Finder is software that is used to search the internet for activation keys for any version of NOD32 programs. In particular, it provides the username and password for ESET NOD32 Smart Security and ESET NOD32 Antivirus.”
tukero.blogspot.com
67% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 91-228-167-125.ptr.eset.com  (91.228.167.125:80)

Remove tnodup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.