» torchsetupstub.exe
Overview
Analysis
File Details
Downloads (3)

torchsetupstub.exe

Torch

Torch Media Inc.

The application torchsetupstub.exe by Torch Media has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.cityclearflash.com and multiple other hosts.

File name:

torchsetupstub.exe

Publisher:

Torch Media, Inc (signed by Torch Media Inc.)

Product:

Torch

Description:

Torch Browser

Version:

36.0.0.8226

MD5:

1f9c27433299a6c1a8640efeba2313f1

SHA-1:

6e3c6cd5eac758a2bf93a0b5995896997c1ef7ac

SHA-256:

183a1bce9a6e3477df9fb5b7646925faaaf976c3a3bf5f049472da3a94290c75

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 4:21:34 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.TorchMedia

7.1.1

AVG

Torch Media Inc.

2015.0.3305

Baidu Antivirus

PUA.Win32.TorchMedia

4.0.3.141030

Clam AntiVirus

Win.Adware.Searchsuite-3

0.98/21411

Dr.Web

Adware.Toolbar.246

9.0.1.0303

ESET NOD32

Win32/TorchMedia (variant)

8.10643

Fortinet FortiGate

Riskware/TorchMedia

10/30/2014

IKARUS anti.virus

PUA.TorchMedia

t3scan.1.7.5.0

Malwarebytes

PUP.Optional.TorchMedia

v2014.10.30.02

McAfee

Artemis!1F9C27433299

5600.6961

File size:

2.3 MB (2,404,288 bytes)

Product version:

36.0.0.8226

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\windows\temp\367708f1\torchsetupstub.exe

Digital Signature

Signed by:

Torch Media Inc.

Authority:

Thawte, Inc.

Valid from:

4/24/2014 3:00:00 AM

Valid to:

6/26/2016 2:59:59 AM

Subject:

CN=Torch Media Inc., OU=DEV, O=Torch Media Inc., L=Panama, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3B5BBD7E1C28C5B63BDEEB9FBC639A98

File PE Metadata

Compilation timestamp:

5/30/2013 11:09:15 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:/Y/ajXtkT4LPm1CY7gfIAsQJep7ed2TUHIfN1PVC3fGFsiZ8XVX:/YyjdkM761AsQJB2AoFlBNmX

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00... 
[+]

Entropy:

7.9853

Packer / compiler:

Nullsoft install system v2.x

Code size:

29.5 KB (30,208 bytes)

The file torchsetupstub.exe has been seen being distributed by the following 3 URLs.

http://www.cityclearflash.com/0V73OSjgjsffek51ljKPrOa5j6g2M9t5Z3LgPa nZN2eU2mRo__72UVDSsyal58QijyHpKZJ6Pp1taef3rtkP3XScD6iDkefLExnPV RR_KwayU6rgAWLSD_4aLoSbKUoQxE7XALHrazHfW0f3ia1hzA8kXsH1u4XdhhztxByFtHCtGoybaIqPrqSCUd9ib4og4UryLqLX7ZMG9pjl7W7ClavdYburPebESeNWu5ukEDWi37LWHL90AiEQph0LuFfrYKh2tNk YNT_uFY0_ihZYxO9lVXSBRjKcSY5XQlPHKh7Vd5KjFTGXQtVAcCzebVehZIjNGxxyH0Ih9WKX9xgWsKZjRjtlYjVHurPVAuwZjz7rnEAFzW0QfL7SkfjIWcD6UgokdN00NWWlLlCW76ZJqhKzIjV_KmPIWcwDsqgwh2_URZOZG44vJn8xf_C1f7DmRY9EDWcPC4SOJtI0oZchbG6TCGsmPN3 fmPT xUNJ8hrUEeUxcvgmZLrJEOu56 NADCxg-G0wAAGRwXmtrPhXiHQE3IaLMopLMts_2PNcl4Iu6eV7KsegIfXwue9Gi6q2s4zTGAlbR9Xvv8GYB7JfmTYWpAZVBeZmIVJF4AQ==-e

http://www.universelaboratorygrab.com/ljIVlBQAHsedIwCrxgIQNQBA3uIWCbHjpKu8TvRTO_5dAbfHrv4ZLdo7F71OTueSVs BmPbTmeqEVb2GA1Nip5MfN3Stbag4dRhQqSJls8x2pY9l62XaD6XVN7HmZbJAN R_aclofuP31 37mQGJo2uzRFJh4Ws t H4SZ43g4F1swmPcy0WPCunFUda93c0nHPXGhGiPyq0iwiVZnbe2C O6unYQ4ME1D3Ceit_qmPXLyP0IEjaO9181bPOvUGpw98 SiOj2GCqtU65Ag35LHALvdQ9h3BO9_QMJ3EEDIUpI0xwTKAj7w1G6i_fXfsvbtFsMdH69JLp9zhR2oPNs64TJJkJXBE6rQCu68KmNlftg6YYVS3WmrzNsEV3V6lys7NOnUGVFxFPJ7xkeZGgwUU aMZv6pE4Ysgp7_KBxFyq5Xz3pR2DXui4kXsqdE3b2u70QxrGQSZXPKzwwoJv123rBtnEOD2Rhu8dIum0LjATBDoBzAh2ui435T7x9RqLBoT ByY7-G0wAAGRwXmuLB5yECqgJEWUWlWS2ffb3vS8BX2hY162ei44kgu_trHqo Rv5usXdT1k6L_DemZ7G9ZFlLAz9A42IEjRLsAROUw==-e

http://download.cdn.torchbrowser.com/cdn/r/.../TorchSetup-r66-n-bi.exe

Remove torchsetupstub.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.