× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9328e5c851c8e3c5344a9a8cef8544de403f66ea8af1d8dac0844c8c5609649e
File name: Download uTorrent 3.3 Beta 28854.exe
Detection ratio: 4 / 54
Analysis date: 2016-07-04 12:48:23 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
AegisLab W32.Application.Opencandy!c 20160704
ESET-NOD32 a variant of Win32/Bunndle potentially unsafe 20160704
Fortinet Riskware/Bunndle 20160704
GData Win32.Application.OpenCandy.F 20160704
Ad-Aware 20160704
AhnLab-V3 20160704
Alibaba 20160704
ALYac 20160704
Antiy-AVL 20160704
Arcabit 20160704
Avast 20160704
AVG 20160704
Avira (no cloud) 20160704
AVware 20160704
Baidu 20160704
BitDefender 20160704
Bkav 20160704
CAT-QuickHeal 20160704
ClamAV 20160704
CMC 20160704
Comodo 20160704
Cyren 20160704
DrWeb 20160704
Emsisoft 20160704
F-Prot 20160704
F-Secure 20160704
Ikarus 20160704
Jiangmin 20160704
K7AntiVirus 20160704
K7GW 20160704
Kaspersky 20160704
Kingsoft 20160704
Malwarebytes 20160704
McAfee 20160704
McAfee-GW-Edition 20160704
Microsoft 20160704
eScan 20160704
NANO-Antivirus 20160704
nProtect 20160704
Panda 20160704
Qihoo-360 20160704
Sophos AV 20160704
SUPERAntiSpyware 20160704
Symantec 20160701
Tencent 20160704
TheHacker 20160702
TotalDefense 20160702
TrendMicro 20160704
TrendMicro-HouseCall 20160704
VBA32 20160703
VIPRE 20160704
ViRobot 20160704
Zillya 20160703
Zoner 20160704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
©2012 BitTorrent, Inc. All Rights Reserved.

Product µTorrent
Original name uTorrent.exe
Internal name uTorrent.exe
File version 3.3.0.28854
Description µTorrent
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 6:56 PM 1/2/2013
Signers
[+] BitTorrent Inc
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 6/21/2010
Valid to 12:59 AM 7/27/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 1D132064BA317AC022DF309CCC750DA6E6A7A144
Serial number 36 BC 30 56 2A 65 0A FA A5 AD 10 1E CD 64 3A B4
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 5/20/2022
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint D43989A11E5961CC13A58008172BF544DA11F1E6
Serial number 7E 1F DF 72 99 E8 D2 45 A1 5D 0B A8 E5 B1 59 BA
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT embedded
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-02 17:56:12
Entry Point 0x0026F390
Number of sections 4
PE sections
Overlays
MD5 dfd87d1de1421a5eb72e02f405c7466c
File type data
Offset 1057280
Size 6112
Entropy 7.28
PE imports
DnsFree
BitBlt
GetExtendedTcpTable
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
SysFreeString
GetProcessImageFileNameW
SetupDiGetClassDevsW
DragFinish
GetSaveFileNameW
GdiplusStartup
OleCreate
Number of PE resources by type
RT_DIALOG 98
RT_ICON 45
RT_GROUP_ICON 36
PNG 4
RT_BITMAP 3
GIF 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
SWEDISH 135
ENGLISH US 54
PE resources
ExifTool file metadata
UninitializedDataSize
1806336

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.3.0.28854

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Torrent

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
172032

EntryPoint
0x26f390

OriginalFileName
uTorrent.exe

MIMEType
application/octet-stream

LegalCopyright
2012 BitTorrent, Inc. All Rights Reserved.

FileVersion
3.3.0.28854

TimeStamp
2013:01:02 18:56:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
uTorrent.exe

ProductVersion
3.3.0.28854

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BitTorrent Inc.

CodeSize
745472

ProductName
Torrent

ProductVersionNumber
3.3.0.28854

FileTypeExtension
exe

ObjectFileType
Unknown

Execution parents
File identification
MD5 6fee1598ad828097c76c0067ddae6c34
SHA1 733a95f7e2397b2325bdf1af13baae1470f3d95c
SHA256 9328e5c851c8e3c5344a9a8cef8544de403f66ea8af1d8dac0844c8c5609649e
ssdeep
24576:BVq6vHtAY5LpRe4A0vLpdZhWFnf2wgef+GwbY:vq6P51PrNdYf27ef+hbY

authentihash 3662d5a486f47252674ec137d924b2ec0d6948c8b7b361ad067cb8f1f89538bd
imphash 98299582768e22e1063119fe809777bf
File size 1.0 MB ( 1063392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.9%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Tags
revoked-cert peexe signed upx overlay

VirusTotal metadata
First submission 2013-01-03 19:53:12 UTC ( 6 years, 1 month ago )
Last submission 2016-02-09 06:18:51 UTC ( 3 years ago )
File names uTorrent.exe
uTorrent.exe
Torrent_Beta_9232.exe
utorrent.28854.bunndle.ex_
uTorrent.exe
uttAF9D.tmp.exe
Download uTorrent 3.3 Beta 28854.exe
uTorrent.exe
uTorrent-3.3.exe
[[uTorrent 3.3 Beta 28854.exe
uTorrent.exe
uTorrent.exe
uTorrent.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!