× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 21841521fef9de7fb3075b8bd3a500bf4e56c8d8bf4756779d4a00e412d7de0e
File name: BitTorrent.exe
Detection ratio: 3 / 56
Analysis date: 2016-11-01 01:19:36 UTC ( 4 months, 3 weeks ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AegisLab W32.Application.Opencandy!c 20161031
GData Win32.Application.OpenCandy.G 20161101
Invincea virus.win32.sality.at 20161018
Ad-Aware 20161031
AhnLab-V3 20161031
Alibaba 20161031
ALYac 20161101
Antiy-AVL 20161101
Arcabit 20161031
Avast 20161101
AVG 20161101
Avira (no cloud) 20161101
AVware 20161101
Baidu 20161031
BitDefender 20161031
Bkav 20161031
CAT-QuickHeal 20161031
ClamAV 20161031
CMC 20161031
Comodo 20161031
CrowdStrike Falcon (ML) 20161024
Cyren 20161031
DrWeb 20161101
Emsisoft 20161031
ESET-NOD32 20161101
F-Prot 20161031
F-Secure 20161031
Fortinet 20161031
Ikarus 20161031
Jiangmin 20161031
K7AntiVirus 20161031
K7GW 20161101
Kaspersky 20161031
Kingsoft 20161101
Malwarebytes 20161101
McAfee 20161101
McAfee-GW-Edition 20161101
Microsoft 20161101
eScan 20161031
NANO-Antivirus 20161101
nProtect 20161028
Panda 20161031
Qihoo-360 20161101
Rising 20161031
Sophos 20161101
SUPERAntiSpyware 20161031
Symantec 20161101
Tencent 20161101
TheHacker 20161029
TrendMicro 20161101
TrendMicro-HouseCall 20161101
VBA32 20161031
VIPRE 20161031
ViRobot 20161101
Yandex 20161031
Zillya 20161031
Zoner 20161031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
©2016 BitTorrent, Inc. All Rights Reserved.

Product BitTorrent
Original name BitTorrent.exe
Internal name BitTorrent.exe
File version 7.9.9.42607
Description BitTorrent
Signature verification Signed file, verified signature
Signing date 7:42 PM 9/19/2016
Signers
[+] BitTorrent Inc
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 8/18/2016
Valid to 12:59 AM 10/13/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 7BA078D02030B5F520CEC1D9232864495A8F5DA0
Serial number 0C F3 53 69 A9 71 07 62 C3 6F 68 05 FC 9E 45 D6
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 5/24/2016
Valid to 1:00 AM 6/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-19 18:31:07
Entry Point 0x00616F30
Number of sections 3
PE sections
Overlays
MD5 22bc69ed880fa239345d9ce0b1d12c62
File type data
Offset 2362880
Size 13512
Entropy 7.37
PE imports
Ord(412)
GetSaveFileNameW
DnsFree
GetExtendedTcpTable
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
SysStringByteLen
GetModuleBaseNameW
SetupDiGetClassDevsW
DragFinish
Ord(176)
VerQueryValueW
FindCloseUrlCache
closesocket
WTSQuerySessionInformationW
GdipFree
OleRun
Number of PE resources by type
RT_DIALOG 123
RT_ICON 73
RT_GROUP_ICON 60
PNG 28
JS 5
RT_BITMAP 4
RT_RCDATA 3
RT_HTML 2
RT_MENU 2
CSS 2
RT_MANIFEST 1
GIF 1
RT_VERSION 1
Number of PE resources by language
SWEDISH 198
ENGLISH US 107
PE resources
ExifTool file metadata
SpecialBuild
stable34 stable

SubsystemVersion
5.1

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.9.9.42607

LanguageCode
English (U.S.)

FileFlagsMask
0x002b

FileDescription
BitTorrent

CharacterSet
Windows, Latin1

InitializedDataSize
122880

EntryPoint
0x616f30

OriginalFileName
BitTorrent.exe

MIMEType
application/octet-stream

LegalCopyright
2016 BitTorrent, Inc. All Rights Reserved.

FileVersion
7.9.9.42607

TimeStamp
2016:09:19 19:31:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BitTorrent.exe

ProductVersion
7.9.9.42607

UninitializedDataSize
4145152

OSVersion
5.1

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BitTorrent Inc.

CodeSize
2240512

ProductName
BitTorrent

ProductVersionNumber
7.9.9.42607

FileTypeExtension
exe

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 e025c1f6e5913d40d83911945270b4f7
SHA1 ca6f5687645639c6a14fd618706f023a83e4251e
SHA256 21841521fef9de7fb3075b8bd3a500bf4e56c8d8bf4756779d4a00e412d7de0e
ssdeep
49152:hLVvPcUU28N3XaI9O6Lpoklg9W0LAe9OQ+bdT2GfxyobM:hLVvEu81aI9/poo2ANQuT24xrM

authentihash d8260fc07615fee4060f9f06cc284a43a03494156041c3d03fb7ade71fd40fe1
imphash 6b0db7efb6cb0bf7aacebd4ed1985f8d
File size 2.3 MB ( 2376392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (43.5%)
Win32 EXE Yoda's Crypter (42.7%)
Win32 Executable (generic) (7.2%)
Generic Win/DOS Executable (3.2%)
DOS Executable Generic (3.2%)
Tags
peexe overlay signed upx via-tor

VirusTotal metadata
First submission 2016-09-27 20:09:52 UTC ( 5 months, 3 weeks ago )
Last submission 2017-03-10 23:42:56 UTC ( 1 week, 5 days ago )
File names BitTorrent(1).exe
BitTorrent_Russian_Setup.exe
bittorrent.exe
7.9.9_42607.exe
7.9.9_42607.exe
BitTorrent.exe
1111.exe
BitTorrent-42607.exe
bittorrent.exe
bittorrent.exe
BitTorrent v.7.9.9 =.exe
bittorrent.exe
unconfirmed 926604.crdownload
ca6f5687645639c6a14fd618706f023a83e4251e
BitTorrent 7.9.9.exe
output.104491382.txt
bit799torrent.exe
BitTorrent_2.exe
BitTorrent.exe
nmaqplcz.exe
BitTorrent(2).exe
BitTorrent 2.exe
bittorrent_7.9.9.42607.exe
BitTorrent.exe
bittorrent_7.9.9.42607[1].exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications