torbrowser-install-3.5.2_en-us.exe

The executable torbrowser-install-3.5.2_en-us.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.currentupdateconcepts.com and multiple other hosts.
MD5:
0cfdc3bd360b1f8bcc6f46a87b3d352d

SHA-1:
818229b8529e7fe712ad7f4afe68d084d8c9311d

SHA-256:
3917972d6d1acfd59ba48706a13334cd158090172081cde7e86abb43e3512086

Scanner detections:
2 / 68

Status:
Malware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/26/2024 7:00:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.11.29.14

Trend Micro House Call
TROJ_GE.56F77D6B
7.2.86

File size:
23 MB (24,145,274 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\torbrowser-install-3.5.2_en-us.exe

File PE Metadata
Compilation timestamp:
2/19/2012 10:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
393216:VyU6xh6a+4rnupCZJE/c5pKPd+unKP1J9F88Ih1+TGMB6h3bxW5AqigkYvpl:VyZxh6a+4ra675pKPUQKPnnrI+S/dxcX

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9996  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file torbrowser-install-3.5.2_en-us.exe has been seen being distributed by the following 8 URLs.

http://www.currentupdateconcepts.com/L9ceH68dWCyT5yavL_xqlIq9coyeVaLGTAdWonXWYp5nzvnokB4oukKixstbwuCeSOb01CWXtBB1BG6OFekQiZ 2elDUugfq9e 2gk9U4u6x8qqbDNjGH0s9Bk7a6p54IfeIFHzPp3vyZIyKiiq0EBniJLGpvn1ZUPplx_TdG8Ct8EUSrPD9ZLygvE6DsLKQqOO6N0VOR69M62NzMBEkmbbiM1yKAg==-G1IAAETnFtPPBiMlZja9qjKDjnFAg9KNy7DYQLLH2DGuKINHa9x7rJiG95bZ2w29rUdRMwJwEUz61MIo6gs=

http://qpdownload.com/download.php?name=tor-browser

http://qpdownload.com/data/tor-browser/.../torbrowser-install-3.5.2_en-US.exe

http://www.megadlcenter.com/0sy0mMqzjIKQPXUBfjURwuC5UlBFoQE4MZdaxZCVkknCQ5N5iRITQ1rPc OVIB_z_f7JWe4TJ9yfcDmQYI0IBCmU2P4CmwfV0SsFe yEHo5gfhFZpVP67UrreMTUEdYZOjPXONyiZqB1B20TM2VO09rlJfVBWlPSk7WR0gFBmWPXOTX7k9s WM0PhUdM0ogNR9abFElMfhja3dEiFPdSy4yihAei0KfZGm BAgSInFCJSLu34c4w1CukHaIh61ZInnURTvm0auQhVpyfqCHIfRHfqmSVUZN6R21n6nreDF_Yu9OGPpwm14zYJuM5TXxx6JztISm0FV2RXN 6rC6UD51sIcOs7SJ1XMd0u51BtFfnDxoDhPHLJOqEebJxBJP4kzNp_FjHvBIGKwnBXMuTuGkuVmDv3wRr6uuy_ARFR9BcOptIXyDmbfEb KqD6OQ1uJ0yoMRgow0W S43aQDuasISJBiLqLIx1FLFhncLmM_OSAExI3DYbkPrz_NmpfhR18L9_IshBqtyd9Zhhy3JNol0oCU_g==-G1IAAETnFtPPBiMlZja9qjKDjnFAg9KNy7DYQLLH2DGuKINHa9x7rJiG95bZ2w29rUdRMwJwEUz61MIo6gs=-e

http://www.megadlcenter.com/8Rp3hD3d8ouEbTMi91lp 2_A7lMF3fIqEvZZ8hWFT8 on_VMoPr7Xy3Jzj lFuvLllkWF5YUec0DtJq3qscWM5i4Zo3TXM5BWsrjBfXuLI vkQSzLikEA9tQJoovVUolXW4ZEAkCVH7HaJ61Fn7H3UaKSXQFU8e8jBMBjU4IuH4Ibtk4mW8ITWs2BBGmfrUQBbmWGGRY hMUvuUPi4R_Kj2l9CJd4bIUFyAzWoeUBCtvd6XtwNxzXYT4ShcX_QVcKkhAHaCwE gplllfFMAc jQy6ezf kNzub4XjzYZX3w6Cy7sA9MSVHOpjjk_0Op vPjGA5lKujDL5ipwUNcutHDIdQowDA49qsNRoZYhsOJyRSIb7eLBYiCY55gbmxsApomBHAgDmO0iNbKGNr X2ObufZLGwgy751kXWxje3q9PK9ffFJvgTh3H2B7nGaAhUrs3G9SIY6667VxCWhSAzudtFmW1GOPkIOTNC0CdwEDc8hJKKs3iQ5EKnm1KT25nokuPOdLAZMEec1IM4gq3K29I2uevLg==-G1IAAETnFtPPBiMlZja9qjKDjnFAg9KNy7DYQLLH2DGuKINHa9x7rJiG95bZ2w29rUdRMwJwEUz61MIo6gs=-e

Remove torbrowser-install-3.5.2_en-us.exe - Powered by Reason Core Security