This file is legitimate. It's linked to the TOR project. This version is used by the Wanacry ransomware.


MD5: 6d6602388ab232ca9e8633462e683739
SHA1: 41072cc983568d8feeb3e18c4b74440e9d44019a
SHA256: 957d58061a42ca343064ec5fb0397950f52aedf0594a18867d1339d5fbb12e7e

=> VirusTotal


CodeSize: 129024
Directory: C \Users\user\Desktop\TaskData\Tor
EntryPoint: 0x1400
FileName: libevent_extra-2-0-5.dll
FilePermissions: rw-r--r--
FileSize: 402 kB
FileType: Win32 DLL
FileTypeExtension: dll
ImageFileCharacteristics: Executable, No line numbers, 32-bit, DLL
ImageVersion: 1.0
InitializedDataSize: 170496
LinkerVersion: 2.24
MachineType: Intel 386 or later, and compatibles
MIMEType: application/octet-stream
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 0000 00 00 00 00 00
UninitializedDataSize: 4096