Gridinsoft Logo
File Icon

UTorrent.exe PUP Generic Analysis

Updated 11 months ago
Checked by Malware Check
uTorrent.exe

Technical Analysis

File Name uTorrent.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.183.174
Database Version 2024-07-31 03:00:22 UTC

PUP.Win32.Generic.sa

Malware family: Generic

This detection name identifies suspicious files displaying Trojan-like behavior patterns. It represents malware that masquerades as benign programs while executing unauthorized activities on the infected system.
N/A
Detection Rate
4,151,808
File Size (bytes)
2024-07-31
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
30f947f1a2a30b0176f9ba0a7bdfe752
SHA1
da61c38e3bc7aeb342b4b417dc7f4581657150d5
SHA256
dbb980611bfc18faa272fbeda25cfa629b9002fc8bde609c6dd51fde4ecebb21
SHA512
41fc97bd37ee17893ec134c19c2a5ec8d6354228b5307598acbe21d2364be48c2000ddfc97a72643af33905ff6048096578f7893109a064440594053b104485f
ImpHash
472ce9fcb090aa862e10b0650f6a7172

PE Analysis

Basic Information

Icon
Hash: 0f7354712687fc97aa4c12cf06a41ba6
Fuzzy: 7f9d2d37d5dffecbedc00aee559479af
dHash: f0cccecc9cf8f8f0
Image Base 0x00400000
Entry Point 0x00664b55
Compilation Time 2022-10-19 16:43:12
Checksum 0x003fe788 (Actual: 0x00404cb7)
OS Version 6.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature The PE file does not contain a certificate table.
Imports 18 libraries
Exports 0 functions
Resources 181 Resources
Sections 4 Sections

Version Information

CompanyName BitTorrent Inc.
FileDescription µTorrent
FileVersion 3.5.5.46552
InternalName uTorrent.exe
OriginalFilename uTorrent.exe
LegalCopyright ©2020 BitTorrent, Inc. All Rights Reserved.
ProductName µTorrent
ProductVersion 3.5.5.46552
SpecialBuild stable34 stable
Translation 0x0409 0x04e4

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 2,925,891 bytes 2,926,080 bytes 6.76 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 044AED07D61BB8EBFFDD1B574D5F908F
.rdata 0x002cc000 784,900 bytes 785,408 bytes 4.88 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D0A34BBE281E147EA817331BA2D5E7CD
.data 0x0038c000 426,052 bytes 167,424 bytes 4.05 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 9D65367F213550B8BCD061C41FF263A7
.rsrc 0x003f5000 271,667 bytes 271,872 bytes 6.72 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 80C3EB16E276DC28EA6D58742ECCD99B
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 181 (262,756 bytes)
Resource Type Count Total Size Percentage
PNG 5 2,640 bytes
1%
RT_BITMAP 3 18,416 bytes
7%
RT_ICON 29 199,423 bytes
75.9%
RT_DIALOG 123 39,094 bytes
14.9%
RT_GROUP_ICON 19 520 bytes
0.2%
RT_VERSION 1 828 bytes
0.3%
RT_MANIFEST 1 1,835 bytes
0.7%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

PUP.Win32.Generic.sa Removal

Gridinsoft has the capability to identify and eliminate PUP.Win32.Generic.sa without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware