Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

30957 7.14%
70c91 7.14%
d762d 7.14%
83f5d 7.14%
4cb1b 7.14%
c5521 7.14%
506b0 35.71%
9ee81 14.29%
04119 7.14%
(Note, the developer publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
CryptAcquireContextA, CryptGenRandom, RegCloseKey, RegOpenKeyExA, RegQueryValueExA, DeregisterEventSource, RegisterEventSourceA, ReportEventA
gdi32.dll
BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, DeleteDC, DeleteObject, GetBitmapBits, GetDeviceCaps, GetObjectA, SelectObject
kernel32.dll
CloseHandle, CreateFileA, CreateFileMappingA, CreateIoCompletionPort, CreatePipe, CreateProcessA, CreateSemaphoreA, DeleteCriticalSection, EnterCriticalSection, ExitProcess, FindClose, FindFirstFileA, FindNextFileA, FormatMessageA, FreeLibrary, GetCurrentThreadId, GetExitCodeProcess, GetFileSize, GetLastError, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, GetQueuedCompletionStatus, GetSystemDirectoryA, GetSystemInfo, GetSystemTimeAsFileTime, GetVersion, GetVersionExA, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InterlockedExchange, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LocalFree, MapViewOfFile, MultiByteToWideChar, OpenProcess, PeekNamedPipe, PostQueuedCompletionStatus, ReadFile, ReleaseSemaphore, SetHandleInformation, SetUnhandledExceptionFilter, Sleep, TerminateProcess, TlsGetValue, UnmapViewOfFile, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, GetCurrentProcessId, GetFileType, GetStdHandle, GetTickCount, GlobalMemoryStatus, QueryPerformanceCounter, SetLastError
libeay32.dll
DllMain
libssp-0.dll
__stack_chk_fail, __stack_chk_guard
msvcrt.dll
DllMain
shell32.dll
SHGetMalloc, SHGetPathFromIDListA, SHGetSpecialFolderLocation, SHGetSpecialFolderPathA
ssleay32.dll
SSL_CIPHER_get_name, SSL_CTX_check_private_key, SSL_CTX_ctrl, SSL_CTX_free, SSL_CTX_get_cert_store, SSL_CTX_new, SSL_CTX_set_verify, SSL_CTX_use_PrivateKey, SSL_CTX_use_certificate, SSL_accept, SSL_connect, SSL_ctrl, SSL_do_handshake, SSL_free, SSL_get_error, SSL_get_ex_data, SSL_get_ex_new_index, SSL_get_peer_cert_chain, SSL_get_peer_certificate, SSL_get_rbio, SSL_get_session, SSL_get_wbio, SSL_library_init, SSL_load_error_strings, SSL_new, SSL_pending, SSL_read, SSL_renegotiate, SSL_set_bio, SSL_set_cipher_list, SSL_set_ex_data, SSL_set_info_callback, SSL_set_verify, SSL_shutdown, SSL_state_string_long, SSL_write, SSLv23_method
user32.dll
GetDesktopWindow, GetProcessWindowStation, GetUserObjectInformationW, MessageBoxA
ws2_32.dll
WSACleanup, WSAGetLastError, WSAIoctl, WSASetLastError, WSAStartup, accept, bind, closesocket, connect, gethostbyname, gethostname, getservbyname, getsockname, getsockopt, htonl, htons, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, socket, shutdown

tor.exe

Remove tor.exe
MD5:   70c919e19c8f618116ac9d8f1417c803
SHA1:   0d8b475b3a770e1b5e35c6da7e2c0815015b3c09
SHA256:   72923ca6b466e71ee9f748a86e9d56c263ffe1d489be4f2a1bb5f32c9422591c

Overview

tor.exe runs as a service under the name Tor Win32 Service (tor) within the local user context. Note, some antivirus scanners have flagged this file, however it is not necessarily considered malware (see below for details).

DetailsDetails

File name:tor.exe
Typical file path:C:\Program Files\vidalia bundle\tor\tor.exe
Size:2.75 MB (2,885,930 bytes)
Digital DNA
PE subsystem:Windows Console
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'tor' (Tor Win32 Service)
  • tor

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00408960%
0.028634%
Kernel CPU:0.00320316%
0.013761%
User CPU:0.00088644%
0.014873%
Kernel CPU time:25,896,166 ms/min
100,923,805ms/min
Memory
Private memory:14.75 MB
21.59 MB
Private (maximum):14.93 MB
Private (minimum):200 KB
Non-paged memory:14.75 MB
21.59 MB
Virtual memory:91.92 MB
140.96 MB
Virtual memory (peak):100.92 MB
169.69 MB
Working set:4.17 MB
18.61 MB
Working set (peak):19.44 MB
37.95 MB
Resource allocations
Threads:3
12
Handles:124
600
GUI GDI count:4
103
GUI GDI peak:4
142
GUI USER count:1
49
GUI USER peak:2
71

BehaviorsProcess properties

Integrety level:Undefined
Platform:64-bit
Command line:"C:\users\user\desktop\tor\tor browser\app\.\tor.exe" -f "C:/users/old boy/desktop/tor/tor browser/app/..\data\tor\torrc" datadirectory "C:/users/old boy/desktop/tor/tor browser/data/tor" controlport 9051 __owningcontrollerprocess 8792 hashedcontrolpassword 16:381adcbdeb24d24760cbb727bd56dfa17a8fce2f0c5a874dec3d43f93b
Owner:User
Windows Service
Service name:tor
Display name:Tor Win32 Service
Description:“Provides an anonymous Internet communication system”
Type:Win32OwnProcess
Parent process:vidalia.exe (Vidalia by vidalia-project.net)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 42.86%
Windows 7 Home Premium 28.57%
Windows 8.1 Pro 7.14%
Microsoft Windows XP 7.14%
Windows 7 Professional 7.14%
Windows Server 2012 Standard Evaluation 7.14%

Distribution by countryDistribution by country

Ireland installs about 14.29% of tor.exe.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 28.57%
Lenovo 28.57%
Acer 14.29%
Hewlett-Packard 14.29%
American Megatrends 14.29%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE