× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd89a5760653090563d77818c3b9df0942e491045225dde8da922caf3ecd9540
File name: 19bcc645e5423f706c325a4dcffcf81e15618e6a
Detection ratio: 5 / 50
Analysis date: 2016-06-30 17:18:03 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
AegisLab W32.Application.Opencandy!c 20160701
ESET-NOD32 a variant of Win32/AdkDLLWrapper.A potentially unwanted 20160701
GData Win32.Application.OpenCandy.F 20160701
Jiangmin Adware/iBryte.aek 20160701
Zillya Worm.VBNA.Win32.257683 20160630
AhnLab-V3 20160630
Alibaba 20160701
Antiy-AVL 20160701
Arcabit 20160701
Avast 20160701
AVG 20160701
Avira (no cloud) 20160701
AVware 20160701
Baidu 20160630
BitDefender 20160701
Bkav 20160630
CAT-QuickHeal 20160630
ClamAV 20160701
CMC 20160630
Comodo 20160701
Cyren 20160701
DrWeb 20160701
Emsisoft 20160701
F-Prot 20160701
F-Secure 20160630
Fortinet 20160701
Ikarus 20160630
K7AntiVirus 20160630
K7GW 20160630
Kaspersky 20160701
Kingsoft 20160701
Malwarebytes 20160630
McAfee 20160701
McAfee-GW-Edition 20160630
Microsoft 20160701
NANO-Antivirus 20160701
Panda 20160630
Qihoo-360 20160701
Sophos AV 20160701
SUPERAntiSpyware 20160701
Symantec 20160701
Tencent 20160701
TheHacker 20160630
TotalDefense 20160701
TrendMicro 20160701
TrendMicro-HouseCall 20160701
VBA32 20160630
VIPRE 20160701
ViRobot 20160701
Zoner 20160701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
©2013 BitTorrent, Inc. All Rights Reserved.

Product BitTorrent
Original name BitTorrent.exe
Internal name BitTorrent.exe
File version 7.8.2.30445
Description BitTorrent
Signature verification Signed file, verified signature
Signing date 9:03 AM 12/25/2013
Signers
[+] BitTorrent Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 11:00 PM 06/04/2013
Valid to 10:59 PM 09/03/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint CC94057C4829F35E1EE219CD5F3B170800F148A5
Serial number 57 32 C1 57 4E 6A F8 28 E1 B4 F9 3A BB 34 ED 08
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 10:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX_LZMA, embedded
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-25 08:02:59
Entry Point 0x00266C50
Number of sections 5
PE sections
Overlays
MD5 875c45dfaa6e9a36f62c39f5c548c5d9
File type data
Offset 1128448
Size 10328
Entropy 6.80
PE imports
Ord(410)
DnsFree
GetExtendedTcpTable
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
SysFreeString
GetProcessImageFileNameW
SetupDiGetClassDevsW
DragFinish
__WSAFDIsSet
GetSaveFileNameW
GdipDrawImageI
OleCreate
Number of PE resources by type
RT_DIALOG 112
RT_ICON 43
RT_GROUP_ICON 36
RT_BITMAP 4
PNG 4
GIF 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
SWEDISH 147
ENGLISH US 55
PE resources
ExifTool file metadata
UninitializedDataSize
1744896

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.8.2.30445

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
BitTorrent

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
118784

EntryPoint
0x266c50

OriginalFileName
BitTorrent.exe

MIMEType
application/octet-stream

LegalCopyright
2013 BitTorrent, Inc. All Rights Reserved.

FileVersion
7.8.2.30445

TimeStamp
2013:12:25 09:02:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BitTorrent.exe

ProductVersion
7.8.2.30445

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BitTorrent Inc.

CodeSize
774144

ProductName
BitTorrent

ProductVersionNumber
7.8.2.30445

FileTypeExtension
exe

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 0c3f729accad97459f7b15189a247f0d
SHA1 19bcc645e5423f706c325a4dcffcf81e15618e6a
SHA256 cd89a5760653090563d77818c3b9df0942e491045225dde8da922caf3ecd9540
ssdeep
24576:DlsIHjqqCQm4p6G+0lwpPZmzyS3aJqpxXB8z+1dqe7:ZsIHGqNm4p20lKCaYPffqe7

authentihash 307e7334e1e80c0c31ed07b6506ae4d5b3c7b23cc9382abd82af814707085e36
imphash affa7fa061dfc86aff6009b86bc57b53
File size 1.1 MB ( 1138776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (33.5%)
Win32 EXE Yoda's Crypter (32.9%)
Microsoft Visual C++ compiled executable (generic) (20.4%)
Win32 Executable (generic) (5.5%)
OS/2 Executable (generic) (2.5%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2013-12-27 09:56:10 UTC ( 5 years, 1 month ago )
Last submission 2018-12-19 21:11:43 UTC ( 2 months ago )
File names output.20063308.txt
bittorrent (2).exe
bittorrent (1).exe
bittorrent (3).exe
20063308
stable
BitTorrent.exe
BitTorrent.exe
BitTorrent_Stable_7.8.2_build_30445.exe
filename
BitTorrent_7.8.2.30445.exe
bittorrent.exe
file-6423609_exe
bittorrent.exe
BitTorrent.exe
bittorrent.exe
BitTorrent.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!