» torbrowser-install-3.6.2_fa.exe
Overview
Analysis
File Details
Downloads (1)

torbrowser-install-3.6.2_fa.exe

The application torbrowser-install-3.6.2_fa.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from archive.torproject.org.

File name:

MD5:

9f161b8f5862e50823dbdfd601c8fd8f

SHA-1:

93f0cd49fdddfbde2011553f8d5c4e09ca4abb4c

SHA-256:

5f639f6476055a96c09d02ab29f51027ed70b9ccf228a74116ccb4bdae8feaf3

Scanner detections:

4 / 68

Status:

Potentially unwanted

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/19/2024 8:52:13 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW32.CDB

1.3.0.4959

Clam AntiVirus

Win.Adware.Solimba-30

0.98/19185

Reason Heuristics

Threat.Win.Reputation.IMP

16.11.30.16

Trend Micro House Call

Suspicious_GEN.F47V0719

7.2.68

File size:

720 KB (737,280 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\downloads\torbrowser-install-3.6.2_fa.exe

File PE Metadata

Compilation timestamp:

2/19/2012 6:31:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

12288:ltobjZ4WAPV7Lk/096v4ea8YVRuDOCj8iwcrw7JEJkoq9LbKQnrBv7e0cv:lt4Z0Pxkc64ea8YfwgiJOESoq93KQnru

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

The file torbrowser-install-3.6.2_fa.exe has been seen being distributed by the following URL.

https://archive.torproject.org/tor-package-archive/torbrowser/.../torbrowser-install-3.6.2_fa.exe

Remove torbrowser-install-3.6.2_fa.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.