The tor-relay-scanner-1.0.2.exe File Analysis

Updated 12 days ago

Checked by Malaware Check

tor-relay-scanner-1.0.2.exe

Technical Analysis

File Name	tor-relay-scanner-1.0.2.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (console) Intel 80386, for MS Windows`
SSDEEP Hash	98304:tWC8CFFXKP8/IgyJxB6IREAzhCTJK2pHpceg2EQgY/iwYHFxBDTRnDrtXVsqP+0W:UCvFF08Agyc2r2p2lxdJTlmzW
Scanner Version	1.0.217.174
Database Version	2025-05-26 13:00:19 UTC

⚠

Suspicious File Detected

Detected by 18 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

25%

Detection Rate

6,082,543

File Size (bytes)

18/72

Engines Detected

2025-05-26

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	be2cdddadada7b5def9d4b45c441fe6d
SHA1	1886b0746c871bbb03be1af94efc3b6de9e936cf
SHA256	27ce5e7731f1a616fab12d37992d072f098fb70ac58c2eee714105d3bcd1b6fa
SHA512	62133f976d2918543a905277c0ffbce2e098d8c2ea314d0392e5dbe982b630d12029791a458a94dfbf886a781ef2603b67fdcbfa5ca84710ac0bbca2aa0addb8
ImpHash	ea9a717aaf9e6cf1f5546b8c994ad07b

Security Engines with Detections (18 of 72)

Bkav

W32.AIDetectMalware Malicious

Lionic

Trojan.Win32.Generic.4!c Malicious

CTX

exe.trojan.generic Malicious

CAT-QuickHeal

Trojan.Ghanarava.174798733041fe6d Malicious

Skyhigh

BehavesLike.Win32.Generic.tc Malicious

Zillya

Trojan.Disco.Win32.12906 Malicious

Sangfor

Trojan.Win32.Save.a Malicious

Symantec

ML.Attribute.HighConfidence Malicious

Elastic

malicious (high confidence) Malicious

APEX

Malicious Malicious

Paloalto

generic.ml Malicious

Jiangmin

Trojan.Generic.huhsl Malicious

Cylance

Unsafe Malicious

TrellixENS

Artemis!BE2CDDDADADA Malicious

SentinelOne

Static AI - Suspicious PE Malicious

MaxSecure

Trojan.Malware.325188728.susgen Malicious

Fortinet

W32/PossibleThreat Malicious

DeepInstinct

MALICIOUS Malicious

54 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: fb460346f66714e824fcadddffea7970 Fuzzy: 7f94b7761e18b4762a1a263f78b90141 dHash: aebc385ccce0e8f8
Image Base	`0x00400000`
Entry Point	`0x0040b5c0`
Compilation Time	2025-02-21 16:32:40
Checksum	0x005dab4a (Actual: 0x005dab4a)
OS Version	6.0
PEiD Signatures	`PE32 executable (console) Intel 80386, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	3 libraries USER32, KERNEL32, ADVAPI32
Exports	0 functions
Resources	9 Resources
Sections	6 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	163,312 bytes	163,328 bytes	6.69 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`54D1B01F5BD4621CB2C7D30A3B1B0DA3`
`.rdata`	`0x00029000`	55,510 bytes	55,808 bytes	6.04 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`C66A4C85139DAF6AEAFBE92CF0A14E63`
`.data`	`0x00037000`	18,540 bytes	3,072 bytes	1.88 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`C72B302E6F0E391F582610FF63E01645`
`.fptable`	`0x0003c000`	128 bytes	512 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`BF619EAC0CDF3F68D496EA9344137E8B`
`.reloc`	`0x0003d000`	7,796 bytes	8,192 bytes	6.57 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`FAA80800C84B98FF40B5CA40A12B40A9`
`.rsrc`	`0x0003f000`	61,440 bytes	61,440 bytes	7.35 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`FD8866ACF7B110F76CBEB49A417162B1`

Entropy Analysis Alert

3 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 9 (60,800 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	7	59,403 bytes	97.7%
RT_GROUP_ICON	1	104 bytes	0.2%
RT_MANIFEST	1	1,293 bytes	2.1%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

18 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1