× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d4c2eb5fba95a4b554a6055b94aaa08e6a0090ea44fc4ce10f4f3d5edb23e1fa
File name: 50a2b793eeaff2dbf4b099f2fd52fe3ae1afcb31
Detection ratio: 3 / 61
Analysis date: 2017-03-07 22:03:24 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
AegisLab W32.Application.Opencandy!c 20170307
GData Win32.Application.OpenCandy.G 20170307
Sophos ML virus.win32.sality.at 20170203
Ad-Aware 20170307
AhnLab-V3 20170307
Alibaba 20170228
ALYac 20170307
Antiy-AVL 20170307
Arcabit 20170307
Avast 20170307
AVG 20170307
Avira (no cloud) 20170307
AVware 20170307
Baidu 20170307
BitDefender 20170307
Bkav 20170307
CAT-QuickHeal 20170307
ClamAV 20170307
CMC 20170307
Comodo 20170307
CrowdStrike Falcon (ML) 20170130
Cyren 20170307
DrWeb 20170307
Emsisoft 20170307
Endgame 20170222
ESET-NOD32 20170307
F-Prot 20170307
F-Secure 20170307
Fortinet 20170307
Ikarus 20170307
Jiangmin 20170307
K7AntiVirus 20170307
K7GW 20170307
Kaspersky 20170307
Kingsoft 20170307
Malwarebytes 20170307
McAfee 20170307
McAfee-GW-Edition 20170307
Microsoft 20170307
eScan 20170307
NANO-Antivirus 20170307
nProtect 20170307
Palo Alto Networks (Known Signatures) 20170307
Panda 20170307
Qihoo-360 20170307
Rising 20170307
Sophos AV 20170307
SUPERAntiSpyware 20170307
Symantec 20170307
Tencent 20170307
TheHacker 20170305
TotalDefense 20170307
TrendMicro 20170307
TrendMicro-HouseCall 20170307
Trustlook 20170307
VBA32 20170307
VIPRE 20170307
ViRobot 20170307
Webroot 20170307
WhiteArmor 20170303
Yandex 20170306
Zillya 20170307
ZoneAlarm by Check Point 20170307
Zoner 20170307
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
©2016 BitTorrent, Inc. All Rights Reserved.

Product µTorrent
Original name uTorrent.exe
Internal name uTorrent.exe
File version 3.4.6.42036
Description µTorrent
Signature verification Signed file, verified signature
Signing date 6:36 PM 3/23/2016
Signers
[+] BitTorrent Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 12:00 AM 01/22/2016
Valid to 11:59 PM 09/03/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 31B62129FB6A92F6D74F1D71F2B657B10F9CF9DF
Serial number 59 12 3D 60 D3 9E 60 12 7D 6B 45 6A 62 C9 DE AC
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 12/10/2013
Valid to 11:59 PM 12/09/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 12:00 AM 02/03/2015
Valid to 12:00 AM 03/03/2026
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint B36308B4D4CDED4FCFBD66B955FAE3BFB12C29E6
Serial number 11 21 06 A0 81 D3 3F D8 7A E5 82 4C C1 6B 52 09 4E 03
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-23 17:36:21
Entry Point 0x004FC1C0
Number of sections 3
PE sections
Overlays
MD5 665d16a5c0d93f5e8442439ee7a40aca
File type binary Computer Graphics Metafile
Offset 1965568
Size 10752
Entropy 7.37
PE imports
Ord(412)
GetSaveFileNameW
DnsFree
BitBlt
GetExtendedTcpTable
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
SafeArrayGetLBound
GetModuleBaseNameW
SetupDiGetClassDevsW
DragFinish
Ord(176)
VerQueryValueW
FindCloseUrlCache
getsockname
WTSQuerySessionInformationW
GdipFree
OleRun
Number of PE resources by type
RT_DIALOG 121
RT_ICON 73
RT_GROUP_ICON 60
PNG 29
JS 5
RT_BITMAP 3
RT_HTML 2
RT_RCDATA 2
CSS 2
GIF 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
SWEDISH 195
ENGLISH US 106
PE resources
ExifTool file metadata
SpecialBuild
release

SubsystemVersion
5.1

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.4.6.42036

LanguageCode
English (U.S.)

FileFlagsMask
0x002b

FileDescription
Torrent

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
126976

EntryPoint
0x4fc1c0

OriginalFileName
uTorrent.exe

MIMEType
application/octet-stream

LegalCopyright
2016 BitTorrent, Inc. All Rights Reserved.

FileVersion
3.4.6.42036

TimeStamp
2016:03:23 18:36:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
uTorrent.exe

ProductVersion
3.4.6.42036

UninitializedDataSize
3387392

OSVersion
5.1

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BitTorrent Inc.

CodeSize
1839104

ProductName
Torrent

ProductVersionNumber
3.4.6.42036

FileTypeExtension
exe

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
File identification
MD5 594081f53cbfd42a611be7529d7bcd74
SHA1 50a2b793eeaff2dbf4b099f2fd52fe3ae1afcb31
SHA256 d4c2eb5fba95a4b554a6055b94aaa08e6a0090ea44fc4ce10f4f3d5edb23e1fa
ssdeep
49152:AkQD+5Nfv4ZpgQumhXIiuEqy5sgYh04KNBdQSc:ALCNH4ZpgQumh1/4KzdQH

authentihash c7b17035d67d6708b6b01722b931a4e8475a4a57664988431986ca3fff9c9e15
imphash 521b4e13775cb6eae5eb85af0d4e5b5d
File size 1.9 MB ( 1976320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.4%)
Win32 Executable (generic) (7.0%)
OS/2 Executable (generic) (3.1%)
Generic Win/DOS Executable (3.1%)
Tags
signed peexe suspicious-udp upx overlay

VirusTotal metadata
First submission 2016-03-23 22:37:05 UTC ( 2 years, 11 months ago )
Last submission 2018-05-16 16:42:16 UTC ( 9 months, 1 week ago )
File names utorrent.exe
uTorrent.exe
uTorrent.exe
3.4.6_42036.exe
822899
utorrent.42036.installer.exe
uTorrent.exe
3.4.6_42036.exe
uTorrent.exe
uTorrent.exe
3.4.6_42036.exe
uTorrent.exe
3.4.6_42036.exe
uTorrent.exe
utorrent.exe
windows
utorrent.exe
D4C2EB5FBA95A4B554A6055B94AAA08E6A0090EA44FC4CE10F4F3D5EDB23E1FA.exe
utorrent.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Replaced files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications