» tnt2userps64.dll
Overview
Analysis
File Details

tnt2userps64.dll

Search.us.com

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The module tnt2userps64.dll by Search.us.com has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer.

File name:

tnt2userps64.dll

Publisher:

Search.us.com (signed and verified)

MD5:

da7221eeec9feca3f1607d1fc77cbd28

SHA-1:

7d7c509c7042c1c4dcfe2b2c8da7f5bada15feaa

SHA-256:

298f570748c0b57c734ec459526d7a6a2d3bcbf7c23f204c649f60297077dece

Scanner detections:

4 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 7:54:28 AM UTC (today)

Scan engine

Detection

Engine version

AVG

FindWide

2016.0.3173

ESET NOD32

Win32/Toolbar.TNT2.D potentially unwanted application

7.0.302.0

Reason Heuristics

PUP.Tightrope

15.1.22.16

VIPRE Antivirus

Trojan.Win32.Generic

37756

File size:

95.3 KB (97,552 bytes)

File type:

Dynamic link library (Win64 DLL)

Bundler/Installer:

Tightrope WebInstall

Common path:

C:\users\{user}\appdata\local\tnt2\2.0.0.1928\tnt2userps64.dll

Digital Signature

Signed by:

Search.us.com

Authority:

VeriSign, Inc.

Valid from:

3/20/2013 1:00:00 AM

Valid to:

3/20/2016 12:59:59 AM

Subject:

CN=Search.us.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Search.us.com, L=SAN FRANCISCO, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

53391509B5D4A87249DD2CCE767F64A2

File PE Metadata

Compilation timestamp:

1/10/2015 1:18:51 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:zjsTPbmZSywmkleCF/LVuuYeZvJ7uj+v3Z8tEsW0z7djmic:HsT+SjmkleCtLVuud4j+v3kFKic

Entry address:

0x13B8

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 9F, 13, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 4C, 61, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Code size:

29.5 KB (30,208 bytes)

Remove tnt2userps64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.