home

uninstall.exe

Tidy Network

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application uninstall.exe by Tidy Network has been detected as adware by 2 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program TidyNetwork by TidyNetwork. While running, it connects to the Internet address files.tidynetwork.com on port 80 using the HTTP protocol.
Publisher:
Tidy Network  (signed and verified)

MD5:
a56f2febd63f8e1085fc12cf228cd098

SHA-1:
79d730bf1bebd46e53415811fa111a71cc47fade

SHA-256:
9747d2049f705f63c3f1bf9ccf0b481456afc4c70a59065b7bcb80ad1d5a69d2

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/26/2024 9:48:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TidyNetwork.J
14.10.25.21

VIPRE Antivirus
Tidy2Network
34218

File size:
127.3 KB (130,344 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\tidynetwork\uninstall.exe

Digital Signature
Signed by:
Tidy Network

Authority:
VeriSign, Inc.

Valid from:
3/19/2013 7:00:00 PM

Valid to:
3/19/2016 6:59:59 PM

Subject:
CN=Tidy Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tidy Network, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B80FB156CAB4137B00AFF13BA26609D

File PE Metadata
Compilation timestamp:
10/22/2014 1:57:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:8VS1gAliH3fsajr6Wrzu+3VDN2rsgHLvwB1K:8VMliHUajrrC+3VDAr/Dn

Entry address:
0xADC7

Entry point:
E8, B9, 6B, 00, 00, E9, 89, FE, FF, FF, C7, 01, 6C, 6F, 41, 00, E9, 28, 6D, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 6C, 6F, 41, 00, E8, 15, 6D, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 24, EA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08, 51, 52, E8, 60, 13, 00, 00, 59, 59, 85, C0, 74, 04, 33, C0, EB, 24, F6, 06, 02, 74, 05, F6, 07, 08, 74, F2, 8B, 45, 10...
 
[+]

Entropy:
6.4630

Code size:
81.5 KB (83,456 bytes)

Program Uninstaller
Program name:
TidyNetwork

Display publisher:
TidyNetwork

Uninstall string:
C:\users\{user}\appdata\local\tidynetwork\uninstall.exe cid=trbucket01_solutionswide.com name=tidynetwork autoguid={3bdc919b-2570-31f7-c1d9-599902a9464f}


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to services.tidynetwork.com  (96.126.104.111:80)

 
http://services.tidynetwork.com/general/ping.php?tidyaction=tidyinstallbegin&tidyversion=5&tidyos=NT-Platform&tidyguid={...}&tidysourcetype=tidy&tidycompany=TidyNetwork.com&tidysourceid=

TCP (HTTP):
Connects to files.tidynetwork.com  (69.16.175.10:80)

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.