Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

VersionsAdditional versions

30957 7.14%
70c91 7.14%
d762d 7.14%
83f5d 7.14%
4cb1b 7.14%
c5521 7.14%
506b0 35.71%
9ee81 14.29%
04119 7.14%
(Note, the developer publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
CryptAcquireContextA, CryptGenRandom, RegCloseKey, RegOpenKeyExA, RegQueryValueExA, DeregisterEventSource, RegisterEventSourceA, ReportEventA
gdi32.dll
BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, DeleteDC, DeleteObject, GetBitmapBits, GetDeviceCaps, GetObjectA, SelectObject
kernel32.dll
CloseHandle, CreateFileA, CreateFileMappingA, CreateIoCompletionPort, CreatePipe, CreateProcessA, CreateSemaphoreA, DeleteCriticalSection, EnterCriticalSection, ExitProcess, FindClose, FindFirstFileA, FindNextFileA, FormatMessageA, FreeLibrary, GetCurrentThreadId, GetExitCodeProcess, GetFileSize, GetLastError, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, GetQueuedCompletionStatus, GetSystemDirectoryA, GetSystemInfo, GetSystemTimeAsFileTime, GetVersion, GetVersionExA, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InterlockedExchange, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LocalFree, MapViewOfFile, MultiByteToWideChar, OpenProcess, PeekNamedPipe, PostQueuedCompletionStatus, ReadFile, ReleaseSemaphore, SetHandleInformation, SetUnhandledExceptionFilter, Sleep, TerminateProcess, TlsGetValue, UnmapViewOfFile, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, GetCurrentProcessId, GetFileType, GetStdHandle, GetTickCount, GlobalMemoryStatus, QueryPerformanceCounter, SetLastError
libeay32.dll
DllMain
libssp-0.dll
__stack_chk_fail, __stack_chk_guard
msvcrt.dll
DllMain
shell32.dll
SHGetMalloc, SHGetPathFromIDListA, SHGetSpecialFolderLocation, SHGetSpecialFolderPathA
ssleay32.dll
SSL_CIPHER_get_name, SSL_CTX_check_private_key, SSL_CTX_ctrl, SSL_CTX_free, SSL_CTX_get_cert_store, SSL_CTX_new, SSL_CTX_set_verify, SSL_CTX_use_PrivateKey, SSL_CTX_use_certificate, SSL_accept, SSL_connect, SSL_ctrl, SSL_do_handshake, SSL_free, SSL_get_error, SSL_get_ex_data, SSL_get_ex_new_index, SSL_get_peer_cert_chain, SSL_get_peer_certificate, SSL_get_rbio, SSL_get_session, SSL_get_wbio, SSL_library_init, SSL_load_error_strings, SSL_new, SSL_pending, SSL_read, SSL_renegotiate, SSL_set_bio, SSL_set_cipher_list, SSL_set_ex_data, SSL_set_info_callback, SSL_set_verify, SSL_shutdown, SSL_state_string_long, SSL_write, SSLv23_method
user32.dll
GetDesktopWindow, GetProcessWindowStation, GetUserObjectInformationW, MessageBoxA
ws2_32.dll
WSACleanup, WSAGetLastError, WSAIoctl, WSASetLastError, WSAStartup, accept, bind, closesocket, connect, gethostbyname, gethostname, getservbyname, getsockname, getsockopt, htonl, htons, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, socket, shutdown

tor.exe

Remove tor.exe
MD5:   506b0b498216371d64abb69145b70e4c
SHA1:   71da7037f29bf8afe78d2a504350cdaf7cc6c9da
SHA256:   94fe0e8a61c506fba45d14571a14dc259e1d52778cef8366ce8cbdcd871e28db
Warning 4 antivirus scanners has detected malware.

Overview

tor.exe is malware that runs as a service under the name Tor Win32 Service (tor) with minimum LOCAL SERVICE privileges (predefined local account used by the service control manager) on the local PC and presents anonymous credentials on the network. This is typically installed with the program Polipo 1.0.4.1 published by Juliusz Chroboczek.

DetailsDetails

File name:tor.exe
Typical file path:C:\Program Files\vidalia bundle\tor\tor.exe
Size:3.08 MB (3,233,806 bytes)
Build date:2/27/2013 10:38 PM
Digital DNA
PE subsystem:Windows Console
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Polipo
 Juliusz Chroboczek
12% remove
Polipo is a lightweight forwarding and caching web proxy server. Polipo is HTTP 1.1-compliant, supports IPv4, IPv6, traffic filtering and privacy-enhancement. To minimize latency, Polipo both pipelines multiple resource requests and multiplexes multiple transactions onto the same TCP/IP connection. Polipo can be configured to use on-disk cache and serve cached content when offline, perform various forms of content filtering and serve as...

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'tor' (Tor Win32 Service)
  • tor

MalwareMalware detections

Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
Antivirus engineEngine versionDetection
AhnLab V3 Internet Security 2013.10.09 Win-Trojan/Agent.3233806
Bkav Security 1.3.0.4246 HW32.TsCabk.vyui
ByteHero 1.0.0.1 Trojan.Malware.KillAV.Gen.001
ViRobot 2011.4.7.4223 Trojan.Win32.S.Agent.3233806

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00130639%
0.028634%
Kernel CPU:0.00059782%
0.013761%
User CPU:0.00070857%
0.014873%
Kernel CPU time:1,988 ms/min
100,923,805ms/min
CPU cycles:1,087,512/sec
17,470,203/sec
Context switches:11/sec
284/sec
Memory
Private memory:13.23 MB
21.59 MB
Private (maximum):21.07 MB
Private (minimum):11.46 MB
Non-paged memory:13.23 MB
21.59 MB
Virtual memory:74.15 MB
140.96 MB
Virtual memory (peak):85.29 MB
169.69 MB
Working set:15.97 MB
18.61 MB
Working set (peak):22.36 MB
37.95 MB
Page faults:661,452/min
2,039/min
I/O
I/O read transfer:1.78 KB/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:5.05 KB/sec
274.99 KB/min
I/O write operations:5/sec
227/min
I/O other transfer:4.87 KB/sec
448.09 KB/min
I/O other operations:313/sec
1,671/min
Resource allocations
Threads:4
12
Handles:137
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:"C:\Program Files\tor\tor.exe" --nt-service "-controlport" "9051"
Owner:LOCAL SERVICE
Windows Service
Service name:tor
Display name:Tor Win32 Service
Description:“Provides an anonymous Internet communication system”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
sechost.dll
Total CPU:0.04793066%
0.272967%
Kernel CPU:0.00641809%
0.107585%
User CPU:0.04151256%
0.165382%
CPU cycles:2,060,248/sec
5,741,424/sec
Context switches:6/sec
79/sec
Memory:100 KB
1.16 MB
wow64.dll (Win32 Emulation on NT64 by Microsoft)
Total CPU:0.04238585%
Kernel CPU:0.00404156%
User CPU:0.03834429%
CPU cycles:2,093,112/sec
Context switches:11/sec
Memory:252 KB
tor.exe (main module)
Total CPU:0.00020227%
Kernel CPU:0.00016859%
User CPU:0.00003368%
CPU cycles:4,281/sec
Memory:3.13 MB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 42.86%
Windows 7 Home Premium 28.57%
Windows 8.1 Pro 7.14%
Microsoft Windows XP 7.14%
Windows 7 Professional 7.14%
Windows Server 2012 Standard Evaluation 7.14%

Distribution by countryDistribution by country

Ireland installs about 14.29% of tor.exe.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 28.57%
Lenovo 28.57%
Acer 14.29%
Hewlett-Packard 14.29%
American Megatrends 14.29%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE