× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7ed98756d444b8466f28f67a246a8beb4913f7b3b1805709621b3af1768694eb
File name: BitTorrent.exe
Detection ratio: 4 / 55
Analysis date: 2017-01-04 01:45:07 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
AegisLab W32.Application.Opencandy!c 20170103
GData Win32.Application.OpenCandy.G 20170104
Sophos ML virus.win32.sality.at 20161216
Symantec PUA.OpenCandy 20170104
Ad-Aware 20170104
AhnLab-V3 20170103
Alibaba 20170103
ALYac 20170104
Antiy-AVL 20170104
Arcabit 20170104
Avast 20170104
AVG 20170104
Avira (no cloud) 20170103
AVware 20170104
Baidu 20170103
BitDefender 20170104
CAT-QuickHeal 20170103
ClamAV 20170104
CMC 20170103
Comodo 20170103
CrowdStrike Falcon (ML) 20161024
Cyren 20170104
DrWeb 20170104
Emsisoft 20170104
ESET-NOD32 20170104
F-Prot 20170104
F-Secure 20170104
Fortinet 20170104
Jiangmin 20170103
K7AntiVirus 20170103
K7GW 20170104
Kaspersky 20170103
Kingsoft 20170104
Malwarebytes 20170104
McAfee 20170104
McAfee-GW-Edition 20170104
Microsoft 20170104
eScan 20170104
NANO-Antivirus 20170103
nProtect 20170104
Panda 20170103
Qihoo-360 20170104
Rising 20170103
Sophos AV 20170103
SUPERAntiSpyware 20170104
Tencent 20170104
TheHacker 20170102
TotalDefense 20170103
TrendMicro 20170104
TrendMicro-HouseCall 20170104
Trustlook 20170104
VBA32 20170103
VIPRE 20170104
ViRobot 20170103
WhiteArmor 20161221
Yandex 20170103
Zillya 20170102
Zoner 20170103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
©2016 BitTorrent, Inc. All Rights Reserved.

Product BitTorrent
Original name BitTorrent.exe
Internal name BitTorrent.exe
File version 7.9.9.42974
Description BitTorrent
Signature verification Signed file, verified signature
Signing date 10:33 PM 11/18/2016
Signers
[+] BitTorrent Inc
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 11:00 PM 08/17/2016
Valid to 10:59 PM 10/12/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 7BA078D02030B5F520CEC1D9232864495A8F5DA0
Serial number 0C F3 53 69 A9 71 07 62 C3 6F 68 05 FC 9E 45 D6
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 12/10/2013
Valid to 11:59 PM 12/09/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 10:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 11:00 PM 05/23/2016
Valid to 11:00 PM 06/23/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 09:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT UPX_LZMA
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-18 21:31:30
Entry Point 0x005BA4E0
Number of sections 3
PE sections
Overlays
MD5 ede571b33db3a3a52695083a7cd8d6a6
File type data
Offset 2393088
Size 13512
Entropy 7.37
PE imports
Ord(412)
GetSaveFileNameW
DnsFree
GetExtendedTcpTable
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
SysStringByteLen
GetModuleBaseNameW
SetupDiGetClassDevsW
DragFinish
Ord(176)
VerQueryValueW
FindCloseUrlCache
closesocket
WTSQuerySessionInformationW
GdipFree
OleRun
Number of PE resources by type
RT_DIALOG 123
RT_ICON 73
RT_GROUP_ICON 60
PNG 28
JS 5
RT_BITMAP 4
RT_RCDATA 3
RT_HTML 2
RT_MENU 2
CSS 2
GIF 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
SWEDISH 198
ENGLISH US 107
PE resources
ExifTool file metadata
SpecialBuild
stable34 stable

SubsystemVersion
5.1

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.9.9.42974

LanguageCode
English (U.S.)

FileFlagsMask
0x002b

FileDescription
BitTorrent

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
122880

EntryPoint
0x5ba4e0

OriginalFileName
BitTorrent.exe

MIMEType
application/octet-stream

LegalCopyright
2016 BitTorrent, Inc. All Rights Reserved.

FileVersion
7.9.9.42974

TimeStamp
2016:11:18 22:31:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BitTorrent.exe

ProductVersion
7.9.9.42974

UninitializedDataSize
3735552

OSVersion
5.1

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BitTorrent Inc.

CodeSize
2273280

ProductName
BitTorrent

ProductVersionNumber
7.9.9.42974

FileTypeExtension
exe

ObjectFileType
Unknown

Execution parents
Overlay parents
Compressed bundles
File identification
MD5 5b97a3bc844e36cb315fbd7989ee7146
SHA1 d219db0bfb99b1bd1de6855793e40b6741215f0f
SHA256 7ed98756d444b8466f28f67a246a8beb4913f7b3b1805709621b3af1768694eb
ssdeep
49152:6Pe9C47HukGVZ+r+E0r2WgXzdxBcUUtuRlBvKQ9rkF6PZ:ueU47OH7M5TzXzdxBcKHzZ

authentihash a21b38ef3975ea9ee03bf97dbeefc25555bda66c1a0e3d2335df2242de4554ab
imphash 6b0db7efb6cb0bf7aacebd4ed1985f8d
File size 2.3 MB ( 2406600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.4%)
Win32 Executable (generic) (7.0%)
OS/2 Executable (generic) (3.1%)
Generic Win/DOS Executable (3.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-11-23 23:36:17 UTC ( 2 years, 2 months ago )
Last submission 2018-09-20 06:59:25 UTC ( 5 months ago )
File names BitTorrent(1).exe
BitTorrent.exe
BitTorrent.exe
bittorrent.exe
7ED98756D444B8466F28F67A246A8BEB4913F7B3B1805709621B3AF1768694EB.exe
BitTorrent.exe
BitTorrent_Russian_Setup.exe
7.9.9_42974.exe
output.83714388.txt
BitTorrent(2).exe
BitTorrent.exe
BitTorrent.exe
bittorrent.exe
bittorrent.exe
bittorrent.exe
bittorrent.exe
BitTorrent-42974.exe
BitTorrent.exe
output.79139635.txt
934362
bittorrent.exe
BitTorrent.exe
BitTorrent (1).exe
BitTorrent.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications