home

torchsetup-r806-n-bi.exe

The executable torchsetup-r806-n-bi.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from download.cdn.torchbrowser.com.
MD5:
432a69bfe789d3cefda416f9a976d9bb

SHA-1:
baca98bde35c1b48ff57e26e0e108f28486885d6

SHA-256:
b428c993c868749867dcf9a79d903c38eeb6452ed560a3617636c06431cd8590

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/23/2024 10:34:45 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

AVG
Win32/Sality
2015.0.4591

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.1590.0

Norman
Win32.Sality.3
19.05.2016 01:04:49

File size:
1.7 MB (1,737,424 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\torchsetup-r806-n-bi.exe

File PE Metadata
Compilation timestamp:
2/24/2012 8:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:xEk2Plq8zIjHNvl2TUHIfN1P/C3AmDRoVopd:qk2Pz0jHN92AoFlIDRoyd

Entry address:
0x38AF

Entry point:
60, 0F, C1, ED, D2, E1, 0F, A3, D0, 0F, B6, E9, 81, E2, A8, E5, 69, 3E, F6, D1, D1, CB, FF, CD, 0F, BC, CF, 0F, A4, DB, 83, 81, FA, 78, 36, 00, 00, 77, 03, 0F, AD, D2, 03, F9, EB, 03, 80, FF, 69, 2A, CE, 0F, AF, FF, 69, D3, 74, 6F, BB, 07, C6, C2, 00, 69, D5, E8, 61, 94, 05, 0F, C0, C1, 0F, BE, ED, FF, CA, 0F, BE, E9, 51, 8A, C1, 01, D5, E8, 00, 00, 00, 00, 0F, C0, F6, 09, DE, F6, D9, 80, FA, 75, FF, CE, 81, DE, 5E, 66, 8B, AC, 89, C6, 8D, 05, 57, DD, D8, 6C, 0F, B7, EF, 0F, CF, F6, DE, 8D, 4D, 00, 8D, 35...
 
[+]

Code size:
29 KB (29,696 bytes)

The file torchsetup-r806-n-bi.exe has been seen being distributed by the following URL.

http://download.cdn.torchbrowser.com/cdn/r/.../TorchSetup-r806-n-bi.exe

Remove torchsetup-r806-n-bi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.