» uninstall.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (1)

uninstall.exe

Tidy Network

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application uninstall.exe by Tidy Network has been detected as adware by 2 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program PETN by PETN. This file is typically installed with the program TidyNetwork by TidyNetwork.com which is a potentially unwanted software program.

File name:

uninstall.exe

Publisher:

Tidy Network (signed and verified)

MD5:

d5737734761f166971e4288b9ac630bf

SHA-1:

e9edda70ab1f0003de6872e3caafe489386a57d2

SHA-256:

3ff6d04300b87aed71c1c50d33fca1eb1c4e3beb2db7417e0d071e936e79e94a

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/26/2024 9:53:23 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.TidyNetwork.J

14.8.24.3

VIPRE Antivirus

Tidy2Network

32426

File size:

127.3 KB (130,344 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\petn\uninstall.exe

Digital Signature

Signed by:

Tidy Network

Authority:

VeriSign, Inc.

Valid from:

3/19/2013 5:00:00 PM

Valid to:

3/19/2016 4:59:59 PM

Subject:

CN=Tidy Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tidy Network, L=SAN FRANCISCO, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5B80FB156CAB4137B00AFF13BA26609D

File PE Metadata

Compilation timestamp:

8/19/2014 10:51:17 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:MvS1gAliHqgsKje6Wrzm+/ihpTNsAbjvwG:MvMliHkKjerq+/ihhNfn3

Entry address:

0xADC7

Entry point:

E8, B9, 6B, 00, 00, E9, 89, FE, FF, FF, C7, 01, 5C, 6F, 41, 00, E9, 28, 6D, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 5C, 6F, 41, 00, E8, 15, 6D, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 24, EA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08, 51, 52, E8, 60, 13, 00, 00, 59, 59, 85, C0, 74, 04, 33, C0, EB, 24, F6, 06, 02, 74, 05, F6, 07, 08, 74, F2, 8B, 45, 10... 
[+]

Entropy:

6.4619

Code size:

81.5 KB (83,456 bytes)

2 Program Uninstaller

Program name:

PETN

Display publisher:

PETN

Uninstall string:

C:\users\{user}\appdata\local\petn\uninstall.exe cid=installmetrix4 name="petn" autoguid={6e17fb1e-84c1-4b8e-a91b-4c9239a41c1a}

Program name:

TidyNetwork

Display publisher:

TidyNetwork

Uninstall string:

C:\users\{user}\appdata\local\tidynetwork\uninstall.exe cid=trmix16 name=tidynetwork autoguid={9f1158ff-1817-375c-f8e1-f85191c3f440}

The file uninstall.exe has been discovered within the following program.

TidyNetwork by TidyNetwork.com

TidyNetwork is a potentially unwanted program that runs in the user's web browser as a toolbar and/or web extension depending on the browser.

www.tidynetwork.com/terms-of-use

77% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.