The uTorrent.exe File Analysis

Updated 2 months ago

Checked by Malware Check

uTorrent.exe

Technical Analysis

File Name	uTorrent.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed`
SSDEEP Hash	49152:WeF0B+yhRu4M6M5P0kZmaEVytOMYA6S4WafYf5WYqNqXGGSI3epGUD/ylpgrtSeW:KAyhtM5ckZmaEKOMpl4AozjOepGOcZZ
Scanner Version	1.0.227.174
Database Version	2025-10-17 13:00:20 UTC

⚠

Suspicious File Detected

Detected by 12 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

17%

Detection Rate

3,678,720

File Size (bytes)

12/72

Engines Detected

2025-10-17

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	9fd894dd42a4e62c393966858eb68a6e
SHA1	5c744a2c191361049b02a276feae3e099e2d21a2
SHA256	546b4ed81c524a7117991b418f95c588c4babbe1f10804f716045797ea55bfc8
SHA512	284f5324444e16e45f46f19e9fa2343647c83dcd090d86e9e230e090a11b1221fb27c3b3c82cc9620d353da55d50edaee6ca0fe11a67b4471dbbf4a50f92ae56
ImpHash	339ea40e031bd645aa3bcf529b320530

Security Engines with Detections (12 of 72)

CrowdStrike

win/grayware_confidence_100% (W) Malicious

ESET-NOD32

a variant of Win32/uTorrent.E potentially unwanted Malicious

Sophos

Generic ML PUA (PUA) Malicious

Ikarus

PUA.uTorrent Malicious

GData

Win32.Application.Agent.EVL8Y1 Malicious

Varist

W32/ABApplication.ZXMD-6641 Malicious

Antiy-AVL

GrayWare/Win32.uTorrent.e Malicious

Google

Detected Malicious

Cylance

Unsafe Malicious

MaxSecure

Trojan.Malware.408463618.susgen Malicious

Fortinet

Riskware/uTorrent.E6A1 Malicious

DeepInstinct

MALICIOUS Malicious

60 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 0f7354712687fc97aa4c12cf06a41ba6 Fuzzy: 7f9d2d37d5dffecbedc00aee559479af dHash: f0cccecc9cf8f8f0
Image Base	`0x00400000`
Entry Point	`0x00cf60f0`
Compilation Time	2025-07-16 22:26:36
Checksum	0x0038bf23 (Actual: 0x0038bf23)
OS Version	6.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed`
Digital Signature	OK
Imports	20 libraries
Exports	0 functions
Resources	316 Resources
Sections	3 Sections

Version Information

▼

CompanyName	BitTorrent Limited
FileDescription	µTorrent
FileVersion	3.6.0.47222
InternalName	uTorrent.exe
OriginalFilename	uTorrent.exe
LegalCopyright	©2023 BitTorrent Limited All Rights Reserved.
ProductName	µTorrent
ProductVersion	3.6.0.47222
SpecialBuild	stable34 stable
Translation	0x0409 0x04e4

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`UPX0`	`0x00001000`	5,861,376 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`UPX1`	`0x00598000`	3,543,040 bytes	3,539,456 bytes	8.00 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`C6469FC548058F35640153563A63E554`
`.rsrc`	`0x008f9000`	126,976 bytes	126,976 bytes	6.99 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`416E4171D4DDCF44DD28A7F14B0C415A`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 316 (1,519,955 bytes)

Resource Type	Count	Total Size	Percentage
CSS	2	2,142 bytes	0.1%
GIF	1	3,208 bytes	0.2%
JS	5	36,594 bytes	2.4%
PNG	32	159,453 bytes	10.5%
RT_BITMAP	4	20,506 bytes	1.3%
RT_ICON	77	542,167 bytes	35.7%
RT_MENU	1	88 bytes	0%
RT_DIALOG	125	39,606 bytes	2.6%
RT_RCDATA	1	710,144 bytes	46.7%
RT_GROUP_ICON	64	1,462 bytes	0.1%
RT_VERSION	1	840 bytes	0.1%
RT_HTML	2	1,910 bytes	0.1%
RT_MANIFEST	1	1,835 bytes	0.1%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

12 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1