× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 42cafc7fd69ab4de2c4a1a6fe069b6978be52fcfa23977828bf41a486dfe4a9f
File name: 6695b26d7875e3f0f8a5aed4661db790.virus
Detection ratio: 22 / 60
Analysis date: 2017-04-23 17:25:16 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20170423
Avira (no cloud) TR/Golroted.rxdae 20170423
AVware Trojan.Win32.Generic!BT 20170423
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9982 20170421
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170419
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.CSI 20170423
Fortinet MSIL/GenKryptik.LOY!tr 20170423
Sophos ML trojan.win32.skeeyah.a!rfn 20170413
Kaspersky Backdoor.MSIL.SpyGate.gpb 20170423
McAfee Artemis!6695B26D7875 20170423
McAfee-GW-Edition Artemis 20170423
Microsoft Trojan:Win32/Dynamer!ac 20170423
NANO-Antivirus Trojan.Win32.SpyGate.ekpqmt 20170423
Panda Trj/GdSda.A 20170423
Rising Downloader.Agent!8.B23 (cloud:Ry0AOcCOMd) 20170423
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Generic-S 20170423
TrendMicro TROJ_GEN.R00JC0DDN17 20170423
TrendMicro-HouseCall TROJ_GEN.R00JC0DDN17 20170423
VIPRE Trojan.Win32.Generic!BT 20170423
ZoneAlarm by Check Point Backdoor.MSIL.SpyGate.gpb 20170423
Ad-Aware 20170423
AegisLab 20170423
AhnLab-V3 20170423
Alibaba 20170421
ALYac 20170423
Arcabit 20170423
AVG 20170423
BitDefender 20170423
Bkav 20170422
CAT-QuickHeal 20170422
ClamAV 20170423
CMC 20170421
Comodo 20170423
Cyren 20170423
DrWeb 20170423
Emsisoft 20170423
F-Prot 20170423
F-Secure 20170423
GData 20170423
Ikarus 20170423
Jiangmin 20170422
K7AntiVirus 20170423
K7GW 20170423
Kingsoft 20170423
Malwarebytes 20170423
eScan 20170423
nProtect 20170423
Palo Alto Networks (Known Signatures) 20170423
Qihoo-360 20170423
SUPERAntiSpyware 20170423
Symantec Mobile Insight 20170422
Tencent 20170423
TheHacker 20170423
TotalDefense 20170423
Trustlook 20170423
VBA32 20170421
ViRobot 20170423
Webroot 20170423
WhiteArmor 20170409
Yandex 20170421
Zillya 20170421
Zoner 20170423
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
tor © 2017

Product tor
Original name tor.exe
Internal name tor.exe
File version 1.0.0.0
Description tor
Comments tor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-15 22:13:25
Entry Point 0x000166FE
Number of sections 4
.NET details
Module Version ID 10b9da40-2328-4049-bb3f-d2f6d524c048
TypeLib ID 69229135-df84-43df-8d7d-c8f70d53d226
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
tor

SubsystemVersion
4.0

Comments
tor

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
tor

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x166fe

OriginalFileName
tor.exe

MIMEType
application/octet-stream

LegalCopyright
tor 2017

FileVersion
1.0.0.0

TimeStamp
2017:04:15 23:13:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
tor.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
tor

CodeSize
83968

ProductName
tor

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 6695b26d7875e3f0f8a5aed4661db790
SHA1 b94069cc7b93156cc3621ab5baa4977276f06c57
SHA256 42cafc7fd69ab4de2c4a1a6fe069b6978be52fcfa23977828bf41a486dfe4a9f
ssdeep
1536:oiHN4Ed7o4b2N++8sglkjwh2qy1xqYWwI9cML4kU8baRcoMX2NCunncRu2AAlSfg:3HN4Ed7o4b2w+8sglkjU2qyKOI9tL4kz

authentihash 6909ec8a00cef69680ba04f2d6dc8eb6f7fe9bdaaeedfc58489bda142fefca31
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 87.0 KB ( 89088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-04-23 17:25:16 UTC ( 1 year, 10 months ago )
Last submission 2017-09-12 22:41:23 UTC ( 1 year, 5 months ago )
File names tor.exe
6695b26d7875e3f0f8a5aed4661db790.virobj
virussign.com_6695b26d7875e3f0f8a5aed4661db790.vir
6695b26d7875e3f0f8a5aed4661db790.virus
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!