The Instalador - uTorrent.exe (µTorrent) File Analysis

Updated 1 year ago

Checked by Malware Check

Instalador - uTorrent.exe

Technical Analysis

File Name	Instalador - uTorrent.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable for MS Windows (GUI) Intel 80386 32-bit`
SSDEEP Hash	24576:M1sRApYciHDw0i5j1mOfI6KlfGbL5cZ0+xxWNaemG8p13n5VPBV0BRAf/yc4wKd0:aSmyk0qjK6OuL5cZRscj3041JeRu
Scanner Version	1.0.173.174
Database Version	2024-04-30 00:00:35 UTC

⚠

Suspicious File Detected

Detected by 18 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

26%

Detection Rate

1,790,816

File Size (bytes)

18/69

Engines Detected

2024-04-30

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	03e4646b2b41495a196fd14311afbad3
SHA1	945ad90aa31c049a26a6258557fc13bc094c29f0
SHA256	efc8b33bf05271029ed235d6b7542ce380613fae76158dbd3a8afcb4924af7e7
SHA512	bac96dfdd7eef2ce91eb3033a96ce2ed3f04fded49b3084ef788d3a61b1d013bf25e02d36f690372e7ebfaafe61cd096b0e1325c93f30a0faa93701d718068d5
ImpHash	1a94054a967fc2dc2ccc1eb91b4ca639

Security Engines with Detections (18 of 69)

Malwarebytes

Malware.Heuristic.1003 Malicious

Sangfor

Trojan.Win32.Save.a Malicious

CrowdStrike

win/grayware_confidence_100% (W) Malicious

Cyren

W32/Trojan.DQD.gen!Eldorado Malicious

ESET-NOD32

a variant of Win32/uTorrent.C potentially unwanted Malicious

APEX

Malicious Malicious

Zillya

Trojan.Agent.Win32.1336570 Malicious

Sophos

Generic ML PUA (PUA) Malicious

Jiangmin

Trojan.Agent.bvou Malicious

Microsoft

PUABundler:Win32/CandyOpen Malicious

GData

Win32.Application.OpenCandy.R Malicious

Google

Detected Malicious

VBA32

Trojan.Agent Malicious

Rising

Malware.Undefined!8.C (CLOUD) Malicious

Yandex

Trojan.GenAsa!5QmDbdOFu+c Malicious

SentinelOne

Static AI - Suspicious PE Malicious

MaxSecure

Trojan.Malware.300983.susgen Malicious

Fortinet

Riskware/uTorrent.E6A1 Malicious

51 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 0f7354712687fc97aa4c12cf06a41ba6 Fuzzy: 7f9d2d37d5dffecbedc00aee559479af dHash: f0cccecc9cf8f8f0
Image Base	`0x00400000`
Entry Point	`0x0085c3a0`
Compilation Time	2015-09-04 18:30:50
Checksum	0x001bf356 (Actual: 0x001bf356)
OS Version	5.1
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed`
Digital Signature	Chain verification from CN=BitTorrent Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BitTorrent Inc, L=San Francisco, ST=California, C=US (serial:115906371898387214641412410377105632520, sha1:cc94057c4829f35e1ee219cd5f3b170800f148a5) failed: Unable to build a validation path for the certificate "Common Name: BitTorrent Inc, Organizational Unit: Digital ID Class 3 - Microsoft Software Validation v2, Organization: BitTorrent Inc, Locality: San Francisco, State/Province: California, Country: US" - no issuer matching "Common Name: VeriSign Class 3 Code Signing 2010 CA; Organizational Unit: Terms of use at https://www.verisign.com/rpa (c)10, VeriSign Trust Network; Organization: VeriSign, Inc.; Country: US" was found
Imports	20 libraries
Exports	0 functions
Resources	300 Resources
Sections	3 Sections

Version Information

▼

CompanyName	BitTorrent Inc.
FileDescription	µTorrent
FileVersion	3.4.6.41079
InternalName	uTorrent.exe
OriginalFilename	uTorrent.exe
LegalCopyright	©2015 BitTorrent, Inc. All Rights Reserved.
ProductName	µTorrent
ProductVersion	3.4.6.41079
SpecialBuild	client
Translation	0x0409 0x04e4

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`UPX0`	`0x00001000`	2,912,256 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`UPX1`	`0x002c8000`	1,658,880 bytes	1,658,880 bytes	8.00 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`543FED6AC5F745AE912779A36A7E3035`
`.rsrc`	`0x0045d000`	126,976 bytes	125,952 bytes	7.02 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`25C7DE61675C70F4BB5435F9913AAB80`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 300 (1,325,676 bytes)

Resource Type	Count	Total Size	Percentage
CSS	2	2,142 bytes	0.2%
GIF	1	3,208 bytes	0.2%
JS	5	36,594 bytes	2.8%
PNG	28	93,711 bytes	7.1%
RT_BITMAP	3	19,684 bytes	1.5%
RT_ICON	73	538,455 bytes	40.6%
RT_MENU	1	88 bytes	0%
RT_DIALOG	121	40,400 bytes	3%
RT_RCDATA	2	585,455 bytes	44.2%
RT_GROUP_ICON	60	1,382 bytes	0.1%
RT_VERSION	1	812 bytes	0.1%
RT_HTML	2	1,910 bytes	0.1%
RT_MANIFEST	1	1,835 bytes	0.1%

Certificate Chain Analysis

▼

Certificate Information

Product	µTorrent
Description	µTorrent
File Version	3.4.6.41079
Original Name	uTorrent.exe
Signing Date	06:31 PM 09/04/2015 (3611 days ago)
Verification Status	Signed
Signers	BitTorrent Inc; VeriSign Class 3 Code Signing 2010 CA; VeriSign
Counter Signers	Symantec Time Stamping Services Signer - G4; Symantec Time Stamping Services CA - G2; Thawte Timestamping CA
Internal Name	uTorrent.exe
Copyright	©2015 BitTorrent, Inc. All Rights Reserved.

Certificate Chain Summary

BitTorrent Inc #1 Primary

Validity Period: 2013-06-05 00:00:00 → 2016-09-03 23:59:59

Signature Algorithm: sha256RSA

Serial Number: 57 32 C1 57 4E 6A F8 28 E1 B4 F9 3A BB 34 ED 08

Symantec Time Stamping Services Signer - G4 #2 Chain

Validity Period: 2012-10-18 00:00:00 → 2020-12-29 23:59:59

Signature Algorithm: sha1RSA

Serial Number: 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50

Symantec Time Stamping Services CA - G2 #3 Chain

Validity Period: 2012-12-21 00:00:00 → 2020-12-30 23:59:59

Signature Algorithm: sha1RSA

Serial Number: 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

Chain verification from CN=BitTorrent Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BitTorrent Inc, L=San Francisco, ST=California, C=US (serial:115906371898387214641412410377105632520, sha1:cc94057c4829f35e1ee219cd5f3b170800f148a5) failed: Unable to build a validation path for the certificate "Common Name: BitTorrent Inc, Organizational Unit: Digital ID Class 3 - Microsoft Software Validation v2, Organization: BitTorrent Inc, Locality: San Francisco, State/Province: California, Country: US" - no issuer matching "Common Name: VeriSign Class 3 Code Signing 2010 CA; Organizational Unit: Terms of use at https://www.verisign.com/rpa (c)10, VeriSign Trust Network; Organization: VeriSign, Inc.; Country: US" was found

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

18 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1