home

TNT2User.exe

eShield

This is a component of the Tightrope WebInstall, a setup program that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application TNT2User.exe by eShield has been detected as adware by 6 anti-malware scanners. Additionally, the file is typically installed by a number of programs including TNT2-eld Toolbar by Search.us.com and eShield Browser Security by Search.us.com, both potentially unwanted software. While running, it connects to the Internet address d9.3f.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
eShield  (signed and verified)

Version:
2.0.0.2006

MD5:
a10ef5dbe77f39f62dc7c2350c0a8008

SHA-1:
866ec08b7a137056d664e415806964c114ffb0c3

SHA-256:
a99250c2eb098821dde3f01d0d0e1ac9e590d3e46f47cc9203044bad65f02625

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
4/24/2024 5:12:12 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/FindWide.Gen
8.3.2.2

AVG
Generic
2016.0.3003

Dr.Web
Adware.Toolbar.622
9.0.1.0240

ESET NOD32
Win32/Toolbar.TNT2.A potentially unwanted (variant)
9.12163

K7 AntiVirus
Adware
13.2017031

Reason Heuristics
PUP.Tightrope.eShield (M)
15.8.28.19

File size:
650.2 KB (665,808 bytes)

Product version:
2.0.0.2006

Copyright:
© Eshield All Rights Reserved

Original file name:
TNT2User.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\tnt2\2.0.0.2006\tnt2user.exe

Digital Signature
Signed by:
eShield

Authority:
VeriSign, Inc.

Valid from:
7/22/2014 3:00:00 AM

Valid to:
7/22/2017 2:59:59 AM

Subject:
CN=eShield, O=eShield, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3FB390EC6E5B675E625C0B342989627A

File PE Metadata
Compilation timestamp:
8/27/2015 1:43:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:rdvurUwEjQMcRyOP0EbwK9jxJ8tvDrJ9P0vWHn3xE6qFHJ9MRrJWrL4hDRh1:Jjc4/oB99aRzP0vWH3m7qgPSDRh1

Entry address:
0x41850

Entry point:
E8, FF, A5, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 3C, 0B, 47, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, E8, 64, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, CC, D5, FF, FF, 8D, 85, E0, FC, FF, FF, 83, C4, 0C, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
6.5564

Code size:
340.5 KB (348,672 bytes)

The file TNT2User.exe has been discovered within the following programs.

eShield Browser Security  by Search.us.com
This toolbar will install a Search.us.com web browser home page and search page hijacker.
64% remove it
TNT2-eld Toolbar  by Search.us.com
78% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to d9.3f.6132.ip4.static.sl-reverse.com  (50.97.63.217:80)

TCP (HTTP):
Connects to 18.55.c0ad.ip4.static.sl-reverse.com  (173.192.85.24:80)

TCP (HTTP):
Connects to a96-16-7-43.deploy.akamaitechnologies.com  (96.16.7.43:80)

TCP (HTTP):
Connects to a23-72-137-122.deploy.static.akamaitechnologies.com  (23.72.137.122:80)

TCP (HTTP):
Connects to 103-16-152-203-noc.bsccl.com  (103.16.152.203:80)

Remove TNT2User.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.