× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b2327db5a589e5e9b34b76a8d3edf8e9f6766798920d11a50654357573d77152
File name: utorrent.exe
Detection ratio: 5 / 56
Analysis date: 2016-12-04 00:31:29 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
AegisLab W32.Application.Opencandy!c 20161203
Bkav W32.HfsAdware.1073 20161203
ESET-NOD32 a variant of Win32/OpenCandy.A potentially unsafe 20161204
GData Win32.Application.OpenCandy.F 20161203
Sophos ML virus.win32.sality.at 20161202
Ad-Aware 20161204
AhnLab-V3 20161203
Alibaba 20161203
ALYac 20161204
Antiy-AVL 20161204
Arcabit 20161204
Avast 20161204
AVG 20161204
Avira (no cloud) 20161203
AVware 20161203
Baidu 20161202
BitDefender 20161203
CAT-QuickHeal 20161203
ClamAV 20161203
CMC 20161203
Comodo 20161203
CrowdStrike Falcon (ML) 20161024
Cyren 20161203
DrWeb 20161203
Emsisoft 20161203
F-Prot 20161203
F-Secure 20161203
Fortinet 20161203
Ikarus 20161203
Jiangmin 20161203
K7AntiVirus 20161203
K7GW 20161204
Kaspersky 20161204
Kingsoft 20161204
Malwarebytes 20161204
McAfee 20161204
McAfee-GW-Edition 20161203
Microsoft 20161203
eScan 20161204
NANO-Antivirus 20161203
nProtect 20161203
Panda 20161203
Qihoo-360 20161204
Rising 20161204
Sophos AV 20161204
SUPERAntiSpyware 20161203
Symantec 20161204
Tencent 20161204
TheHacker 20161130
TrendMicro 20161204
TrendMicro-HouseCall 20161204
Trustlook 20161204
VBA32 20161202
VIPRE 20161204
ViRobot 20161203
WhiteArmor 20161125
Yandex 20161203
Zillya 20161202
Zoner 20161203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
©2013 BitTorrent, Inc. All Rights Reserved.

Product µTorrent
Original name uTorrent.exe
Internal name uTorrent.exe
File version 3.3.2.30446
Description µTorrent
Signature verification Signed file, verified signature
Signing date 9:04 AM 12/25/2013
Signers
[+] BitTorrent Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 11:00 PM 06/04/2013
Valid to 10:59 PM 09/03/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint CC94057C4829F35E1EE219CD5F3B170800F148A5
Serial number 57 32 C1 57 4E 6A F8 28 E1 B4 F9 3A BB 34 ED 08
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 10:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX_LZMA, embedded
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-25 08:03:47
Entry Point 0x00267D60
Number of sections 5
PE sections
Overlays
MD5 abfe0f61f5843e6456e51e1daf3be152
File type data
Offset 1330176
Size 10320
Entropy 6.80
PE imports
Ord(413)
DnsFree
BitBlt
GetExtendedTcpTable
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
SysFreeString
GetProcessImageFileNameW
SetupDiGetClassDevsW
DragFinish
gethostname
GetSaveFileNameW
GdiplusStartup
OleCreate
Number of PE resources by type
RT_DIALOG 112
RT_ICON 43
RT_GROUP_ICON 36
RT_BITMAP 4
PNG 4
RT_MANIFEST 1
GIF 1
RT_VERSION 1
Number of PE resources by language
SWEDISH 147
ENGLISH US 55
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
122880

ImageVersion
0.0

ProductName
Torrent

FileVersionNumber
3.3.2.30446

UninitializedDataSize
1748992

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
uTorrent.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.3.2.30446

TimeStamp
2013:12:25 09:03:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
uTorrent.exe

ProductVersion
3.3.2.30446

FileDescription
Torrent

OSVersion
5.0

FileOS
Unknown (0)

LegalCopyright
2013 BitTorrent, Inc. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
BitTorrent Inc.

CodeSize
774144

FileSubtype
0

ProductVersionNumber
3.3.2.30446

EntryPoint
0x267d60

ObjectFileType
Unknown

File identification
MD5 c82a6d1e1ceb24a963c5ca20b574b78f
SHA1 8237e5451081aa6a1763b158e19501c3375eff03
SHA256 b2327db5a589e5e9b34b76a8d3edf8e9f6766798920d11a50654357573d77152
ssdeep
24576:RIvzSrrOPfB9QVSdfh/ljjMcMWmBRAwyz+13+K7jHxUuzXSAaEVjjT:ozS2BqSdnYWmBRNV7L7SAvZ

authentihash a220b30f2fa8d89b7f90ba0d3e8c0043c8fa0223e4ce3ef55007f13ae07de216
imphash c7ad113af5b751f0e109b11a61c78cf3
File size 1.3 MB ( 1340496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (24.0%)
UPX compressed Win32 Executable (23.5%)
Win32 EXE Yoda's Crypter (23.1%)
Microsoft Visual C++ compiled executable (generic) (14.3%)
Win32 Dynamic Link Library (generic) (5.7%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2013-12-27 01:53:38 UTC ( 5 years, 3 months ago )
Last submission 2017-04-04 18:56:24 UTC ( 2 years ago )
File names 3.3.2_30446.exe
uTorrent.exe
utorrent(2).exe
uTorrent.exe
utorrent (4).exe
uTorrent.exe
stable
torrent_3-3-2-build-30445_fr_18245.exe
filename
file-6424087_exe
uTorrent.exe
utorrent_001.exe
uTorrent.exe
uTorrent.exe
utorrent.exe
µTorrent 3.3.2.30446.exe
utorrent.exe
utorrent3.3.2.exe
utorrent.exe
uTorrent.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Replaced files
Deleted files
Set keys
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications