× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 553b2ada2a2e8474d14885a4323daa87f362bbf39c3523d36c272a4110d90006
File name: 553b2ada2a2e8474d14885a4323daa87f362bbf39c3523d36c272a4110d90006.vir
Detection ratio: 5 / 55
Analysis date: 2014-12-08 08:08:28 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
AVware Win32.Malware!Drop 20141208
Avast Win32:Trojan-gen 20141208
DrWeb Trojan.DownLoader11.20602 20141208
McAfee Artemis!A1749B60DD3C 20141208
VIPRE Win32.Malware!Drop 20141208
ALYac 20141208
AVG 20141209
Ad-Aware 20141208
AegisLab 20141208
Agnitum 20141205
AhnLab-V3 20141208
Antiy-AVL 20141208
Avira 20141208
Baidu-International 20141208
BitDefender 20141208
Bkav 20141206
ByteHero 20141208
CAT-QuickHeal 20141208
CMC 20141206
ClamAV 20141208
Comodo 20141208
Cyren 20141208
ESET-NOD32 20141208
F-Prot 20141208
F-Secure 20141209
Fortinet 20141208
GData 20141208
Ikarus 20141208
Jiangmin 20141207
K7AntiVirus 20141208
K7GW 20141208
Kaspersky 20141208
Kingsoft 20141208
Malwarebytes 20141208
McAfee-GW-Edition 20141208
MicroWorld-eScan 20141208
Microsoft 20141208
NANO-Antivirus 20141208
Norman 20141208
Panda 20141207
Qihoo-360 20141208
Rising 20141207
SUPERAntiSpyware 20141207
Sophos 20141208
Symantec 20141208
Tencent 20141208
TheHacker 20141205
TotalDefense 20141207
TrendMicro 20141208
TrendMicro-HouseCall 20141208
VBA32 20141205
ViRobot 20141208
Zillya 20141206
Zoner 20141204
nProtect 20141205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) 2014 Torproject

Publisher TorProject
Product Tor Browser 3.6.1
Original name TorBundle.exe
Internal name TorBundle.exe
File version 3.6.0.0
Description Tor Browser 3.6.1
Comments Tor Browser Bundle
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-09 20:44:48
Link date 9:44 PM 6/9/2014
Entry Point 0x019B679E
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ExifTool file metadata
SubsystemVersion
4.0

Comments
Tor Browser Bundle

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.6.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Tor Browser 3.6.1

CharacterSet
Unicode

InitializedDataSize
12288

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
(c) 2014 Torproject

FileVersion
3.6.0.0

TimeStamp
2014:06:09 21:44:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TorBundle.exe

FileAccessDate
2014:12:08 09:08:38+01:00

ProductVersion
3.6.0.0

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2014:12:08 09:08:38+01:00

OriginalFilename
TorBundle.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TorProject

CodeSize
26953728

ProductName
Tor Browser 3.6.1

ProductVersionNumber
3.6.0.0

EntryPoint
0x19b679e

ObjectFileType
Executable application

AssemblyVersion
3.6.1.0

File identification
MD5 a1749b60dd3ccc9fb4e1335326f1e0ac
SHA1 1b45edd186153fc47b279214f4f689520f50e3a5
SHA256 553b2ada2a2e8474d14885a4323daa87f362bbf39c3523d36c272a4110d90006
ssdeep
393216:UCKiAr8lNYADF2Ju6uvZngUhVvLiTtwydFiOj5GLTF6eRmY2fvqpYwJoTtIOgcou:KbQlxDF2o8twydsbLTF6dtXq6rTr4+

authentihash 64383d4e7cc1d94cc5c3dcd99db8f860dfe280e80902e3fa5393984a8a6b4e42
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 25.7 MB ( 26966528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID NSIS - Nullsoft Scriptable Install System (99.0%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
DOS Executable Generic (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe assembly via-tor

VirusTotal metadata
First submission 2014-06-24 16:49:47 UTC ( 1 year, 2 months ago )
Last submission 2014-12-08 08:08:28 UTC ( 8 months, 3 weeks ago )
File names TorBundle.exe
torbrowser-install-3.6.1_en-US.exe
553b2ada2a2e8474d14885a4323daa87f362bbf39c3523d36c272a4110d90006.vir
vti-rescan
553B2ADA2A2E8474D14885A4323DAA87F362BBF39C3523D36C272A4110D90006.dat
553b2ada2a2e8474d14885a4323daa87f362bbf39c3523d36c272a4110d90006
torbrowser-install-3.6.1_en-US.ex_
553B2ADA2A2E8474D14885A4323DAA87F362BBF39C3523D36C272A4110D90006
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!