home

tnodup.exe

TNod User & Password Finder

Tukero[X]Team

The application tnodup.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TNOD UP’. This file is typically installed with the program TNod User & Password Finder by Tukero[X]Team which is a potentially unwanted software program. While running, it connects to the Internet address mail152.anonymouse.org on port 80 using the HTTP protocol.
Publisher:
Tukero[X]Team

Product:
TNod User & Password Finder

Version:
1, 4, 1, 0

MD5:
0ea8529b45b2d02bfe8ddef94abc283e

SHA-1:
93797738f6eb18b8da79957077292bde6a51e1a5

SHA-256:
a1e18bc272e7d5618496a6d32ad6b1fbea550ec76cf112b5ac1499c0366f6fdd

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 12:09:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.393045
1116

Agnitum Outpost
Riskware.RiskWare
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-140115

AVG
PSW.Generic9
2015.0.3594

Baidu Antivirus
Malware.Win32.Agent
4.0.3.14115

Bitdefender
Application.Generic.393045
1.0.20.75

Clam AntiVirus
Win.Trojan.393045
0.98/18155

Comodo Security
UnclassifiedMalware
17602

ESET NOD32
Win32/RiskWare.HackAV.DM
8.9282

F-Secure
Application.Generic.393045
11.2014-15-01_4

G Data
Application.Generic.393045
14.1.22

IKARUS anti.virus
not-a-virus:AdWare.Win32.AdMedia
t3scan.2.2.29

K7 AntiVirus
Riskware
13.175.10814

Kaspersky
not-a-virus:PSWTool.Win32.TNod
14.0.0.4463

Malwarebytes
Trojan.Agent.CK
v2014.01.15.10

McAfee
Artemis!0EA8529B45B2
5600.7250

MicroWorld eScan
Application.Generic.393045
15.0.0.45

Norman
keygen.P
11.20140115

Rising Antivirus
PE:Trojan.Win32.Generic.12DC38EF!316422383
23.00.65.14113

Sophos
Troj/KeyGen-HQ
4.96

VIPRE Antivirus
Trojan.Win32.Generic
25384

XVirus List
Win.Detected
2.3.31

File size:
1.8 MB (1,892,352 bytes)

Product version:
1, 4, 1, 0

Copyright:
Copyleft 2007-2011

File type:
Executable application (Win64 EXE)

Language:
Espagnol (Équateur)

Common path:
C:\Program Files\tnod user & password finder\tnodup.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
24576:vW5ZM2i4Xa1pHf4hTfOfJ1Vz04RAJISi4bgvyr9JVTr8k:vvZm4RuVbgE/TQk

Entry point:
E8, 5E, D1, 00, 00, E9, 78, FE, FF, FF, 6A, 10, 68, 98, 3A, 5A, 00, E8, 20, 92, 00, 00, 33, C0, 89, 45, E0, 89, 45, FC, 89, 45, E4, 8B, 45, E4, 3B, 45, 10, 7D, 13, 8B, 75, 08, 8B, CE, FF, 55, 14, 03, 75, 0C, 89, 75, 08, FF, 45, E4, EB, E5, C7, 45, E0, 01, 00, 00, 00, C7, 45, FC, FE, FF, FF, FF, E8, 08, 00, 00, 00, E8, 27, 92, 00, 00, C2, 14, 00, 83, 7D, E0, 00, 75, 11, FF, 75, 18, FF, 75, E4, FF, 75, 0C, FF, 75, 08, E8, 45, EE, FF, FF, C3, 8B, FF, 55, 8B, EC, B8, FF, FF, 00, 00, 8B, C8, 83, EC, 14, 66, 39...
 
[+]

Entropy:
6.3497

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TNOD UP

Command:
"C:\Program Files\tnod user & password finder\tnodup.exe" \i


The file tnodup.exe has been discovered within the following program.

TNod User & Password Finder  by Tukero[X]Team
Publisher's description - “TNod User & Password Finder is software that is used to search the internet for activation keys for any version of NOD32 programs. In particular, it provides the username and password for ESET NOD32 Smart Security and ESET NOD32 Antivirus.”
tukero.blogspot.com
67% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mail125.anonymouse.org  (193.200.150.125:80)

TCP (HTTP):
Connects to mail82.anonymouse.org  (193.200.150.82:80)

TCP (HTTP):
Connects to mail152.anonymouse.org  (193.200.150.152:80)

Remove tnodup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.