Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

VersionsAdditional versions

30957 7.14%
70c91 7.14%
d762d 7.14%
83f5d 7.14%
4cb1b 7.14%
c5521 7.14%
506b0 35.71%
9ee81 14.29%
04119 7.14%
(Note, the developer publishes each variation of this file with the same version, but the hashes are unique.)

PE structurePE file structure

Show functions
Import table
advapi32.dll
CryptAcquireContextA, CryptGenRandom, RegCloseKey, RegOpenKeyExA, RegQueryValueExA, DeregisterEventSource, RegisterEventSourceA, ReportEventA
gdi32.dll
BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, DeleteDC, DeleteObject, GetBitmapBits, GetDeviceCaps, GetObjectA, SelectObject
kernel32.dll
CloseHandle, CreateFileA, CreateFileMappingA, CreateIoCompletionPort, CreatePipe, CreateProcessA, CreateSemaphoreA, DeleteCriticalSection, EnterCriticalSection, ExitProcess, FindClose, FindFirstFileA, FindNextFileA, FormatMessageA, FreeLibrary, GetCurrentThreadId, GetExitCodeProcess, GetFileSize, GetLastError, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, GetQueuedCompletionStatus, GetSystemDirectoryA, GetSystemInfo, GetSystemTimeAsFileTime, GetVersion, GetVersionExA, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InterlockedExchange, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LocalFree, MapViewOfFile, MultiByteToWideChar, OpenProcess, PeekNamedPipe, PostQueuedCompletionStatus, ReadFile, ReleaseSemaphore, SetHandleInformation, SetUnhandledExceptionFilter, Sleep, TerminateProcess, TlsGetValue, UnmapViewOfFile, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, GetCurrentProcessId, GetFileType, GetStdHandle, GetTickCount, GlobalMemoryStatus, QueryPerformanceCounter, SetLastError
libeay32.dll
DllMain
libssp-0.dll
__stack_chk_fail, __stack_chk_guard
msvcrt.dll
DllMain
shell32.dll
SHGetMalloc, SHGetPathFromIDListA, SHGetSpecialFolderLocation, SHGetSpecialFolderPathA
ssleay32.dll
SSL_CIPHER_get_name, SSL_CTX_check_private_key, SSL_CTX_ctrl, SSL_CTX_free, SSL_CTX_get_cert_store, SSL_CTX_new, SSL_CTX_set_verify, SSL_CTX_use_PrivateKey, SSL_CTX_use_certificate, SSL_accept, SSL_connect, SSL_ctrl, SSL_do_handshake, SSL_free, SSL_get_error, SSL_get_ex_data, SSL_get_ex_new_index, SSL_get_peer_cert_chain, SSL_get_peer_certificate, SSL_get_rbio, SSL_get_session, SSL_get_wbio, SSL_library_init, SSL_load_error_strings, SSL_new, SSL_pending, SSL_read, SSL_renegotiate, SSL_set_bio, SSL_set_cipher_list, SSL_set_ex_data, SSL_set_info_callback, SSL_set_verify, SSL_shutdown, SSL_state_string_long, SSL_write, SSLv23_method
user32.dll
GetDesktopWindow, GetProcessWindowStation, GetUserObjectInformationW, MessageBoxA
ws2_32.dll
WSACleanup, WSAGetLastError, WSAIoctl, WSASetLastError, WSAStartup, accept, bind, closesocket, connect, gethostbyname, gethostname, getservbyname, getsockname, getsockopt, htonl, htons, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, socket, shutdown

tor.exe

Remove tor.exe
MD5:   4cb1b09ccb671f9c5099e24cf1c42573
SHA1:   86db874de186e82a4f6866b9390e6e80528378df
SHA256:   3ca53742b446ff0b81f05d1e6e67b76d6e7c1dc12c0753c8f028e076835947e1
Warning 3 antivirus scanners has detected malware.

Overview

tor.exe is malware that runs as a service under the name Tor Win32 Service (tor) within the local user context. This is typically installed with the program Polipo 1.0.4.1 published by Juliusz Chroboczek.

DetailsDetails

File name:tor.exe
Typical file path:C:\Program Files\vidalia bundle\tor\tor.exe
Size:2.76 MB (2,897,422 bytes)
Digital DNA
PE subsystem:Windows Console
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Juliusz Chroboczek
12% remove
Polipo is a lightweight forwarding and caching web proxy server. Polipo is HTTP 1.1-compliant, supports IPv4, IPv6, traffic filtering and privacy-enhancement. To minimize latency, Polipo both pipelines multiple resource requests and multiplexes multiple transactions onto the same TCP/IP connection. Polipo can be configured to use on-disk cache and serve cached content when offline, perform various forms of content filtering and serve as...

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'tor' (Tor Win32 Service)
  • tor

MalwareMalware detections

Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
Antivirus engineEngine versionDetection
Antiy Labs AVL 2.0.3.7 NetTool/Win32.Tor.gen
Dr.Web 8.13.7.16 Trojan.DownLoader8.56801
Kaspersky 9.0.0.837 not-a-virus:NetTool.Win32.Tor.f

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 42.86%
Windows 7 Home Premium 28.57%
Windows 8.1 Pro 7.14%
Microsoft Windows XP 7.14%
Windows 7 Professional 7.14%
Windows Server 2012 Standard Evaluation 7.14%

Distribution by countryDistribution by country

Ireland installs about 14.29% of tor.exe.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 28.57%
Lenovo 28.57%
Acer 14.29%
Hewlett-Packard 14.29%
American Megatrends 14.29%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE