Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Additional versions
(Note, the developer publishes each variation of this file with the same version, but the hashes are unique.)
Relationships
tor.exe
| MD5: | c5521e99ceafbae9a71fcc49a06d0706 |
| SHA1: | 5819648e2bfe3cff58f9c150bdc87e268a7849da |
| SHA256: | dc55769ceebbc46e8edc4cb1bc666ee96a23927fc8c81609a508a737f28c31bb |
Warning 3 antivirus scanners has detected malware.
Overview
tor.exe is malware that runs as a service under the name Tor Win32 Service (tor) within the local user context. This is typically installed with the program Polipo 1.0.4.1 published by Juliusz Chroboczek.
Details
| File name: | tor.exe |
| Typical file path: | C:\Program Files\vidalia bundle\tor\tor.exe |
| Size: | 2.2 MB (2,308,605 bytes) |
| Digital DNA |
| PE subsystem: | Windows Console |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Programs
The following program will install this file
Polipo is a lightweight forwarding and caching web proxy server. Polipo is HTTP 1.1-compliant, supports IPv4, IPv6, traffic filtering and privacy-enhancement. To minimize latency, Polipo both pipelines multiple resource requests and multiplexes multiple transactions onto the same TCP/IP connection. Polipo can be configured to use on-disk cache and serve cached content when offline, perform various forms of content filtering and serve as...
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'tor' (Tor Win32 Service)
- tor
Malware detections
Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Antiy Labs AVL |
0.1.0.1 |
VCS/Environment.DigitalFN |
| Bkav Security |
1.3.0.4924 |
W32.HfsAutoB.D248 |
| ByteHero |
1.0.0.1 |
Trojan.Malware.KillAV.Gen.001 |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00489486% | |
| Kernel CPU: | 0.00229640% | |
| User CPU: | 0.00259846% | |
| Kernel CPU time: | 24,094 ms/min | |
| Context switches: | 96/sec | |
| Memory |
| Private memory: | 15.48 MB | |
| Private (maximum): | 19.96 MB | |
| Private (minimum): | 1.76 MB | |
| Non-paged memory: | 15.48 MB | |
| Virtual memory: | 70.56 MB | |
| Virtual memory (peak): | 76.73 MB | |
| Working set: | 7.81 MB | |
| Working set (peak): | 20.82 MB | |
| Page faults: | 247,231/min | |
| I/O |
| I/O read transfer: | 11.49 KB/sec | |
| I/O read operations: | 3/sec | |
| I/O write transfer: | 1.54 KB/sec | |
| I/O write operations: | 2/sec | |
| I/O other transfer: | 60.07 KB/sec | |
| I/O other operations: | 2,038/sec | |
| Resource allocations |
| Threads: | 2 | |
| Handles: | 140 | |
| GUI GDI count: | 4 | |
| GUI USER count: | 1 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 32-bit |
| Command line: | "C:\documents and settings\wo alles begann\desktop\tor\tor browser\app\.\tor.exe" -f "C:/documents and settings/wo alles begann/desktop/tor/tor browser/app/..\data\tor\torrc" datadirectory "C:/documents and settings/wo alles begann/desktop/tor/tor browser/data/tor" controlport 9151 __owningcontrollerprocess 3320 hashedcontrolpassword 16:2f7d75bf0e2900716012841e186534108559f3216dfd21ecc464ba3c1c |
| Owner: | User |
| Windows Service |
| Service name: | tor |
| Display name: | Tor Win32 Service |
| Description: | “Provides an anonymous Internet communication system” |
| Type: | Win32OwnProcess |
| Parent process: | vidalia.exe (Vidalia by vidalia-project.net) |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
42.86% |
|
| Windows 7 Home Premium |
28.57% |
|
| Windows 8.1 Pro |
7.14% |
|
| Microsoft Windows XP |
7.14% |
|
| Windows 7 Professional |
7.14% |
|
| Windows Server 2012 Standard Evaluation |
7.14% |
|
Distribution by country
Ireland installs about 14.29% of tor.exe.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
28.57% |
|
| Lenovo |
28.57% |
|
| Acer |
14.29% |
|
| Hewlett-Packard |
14.29% |
|
| American Megatrends |
14.29% |
|
