Gridinsoft Logo
File Icon

The utorrent_installer.exe (u Torrent Classic) File Analysis

Updated 2 months ago
Checked by Malaware Check
utorrent_installer.exe

Technical Analysis

File Name utorrent_installer.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
98304:E9JEBz6KAGnyDPP/rPeJAS6ICL1VqWFyyFLOAkGkzdnEVomFHKnPJB:E9JEZAGyewqWFyyFLOyomFHKnP3
Scanner Version 1.0.212.174
Database Version 2025-04-02 23:00:31 UTC

Suspicious File Detected

Detected by 5 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
7%
Detection Rate
4,557,824
File Size (bytes)
5/73
Engines Detected
2025-04-02
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
daee03a52f71ed684c2bc93a6632c524
SHA1
b5bf68a99a7cb6f5814bf8a9474fbea0fe7bc2d2
SHA256
ff4460847f3b402adaf6509dd42b5e07a059cf3dff69e0d2c83cc9e4393842f6
SHA512
b873cca43e4f5d8ad95320ebd395ea8e5a838aac034716a49b237bc0331e2db38c3047b6693e6b34879af6596b96008045403403cadac26e548aae40da72600f
ImpHash
032bd3ec7f67f8dd3f05f014dfbab465

Security Engines with Detections (5 of 73)

Cylance
Unsafe Malicious
ESET-NOD32
a variant of Win32/CppInstaller.A potentially unwanted Malicious
Ikarus
PUA.CppInstaller Malicious
Microsoft
PUABundler:Win32/uTorrent_BundleInstaller Malicious
DeepInstinct
MALICIOUS Malicious
68 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 7ec2b329075d5006effa6bbc04f44475
Fuzzy: d5b4c97d99af0de364dcff143e5b7173
dHash: f8cacecc9c69b8f8
Image Base 0x00400000
Entry Point 0x005cc736
Compilation Time 2024-11-26 09:10:26
Checksum 0x0046126d (Actual: 0x0046126d)
OS Version 6.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path C:\Source\Repos\DS-Platform\CppInstaller\CppSetup\bin\Win32\Release\CppSetup.pdb
Digital Signature OK
Imports 21 libraries
Exports 0 functions
Resources 792 Resources
Sections 5 Sections

Version Information

CompanyName u Torrent Classic
FileDescription u Torrent Classic
FileVersion 3.2.0.11262
LegalCopyright (c) u Torrent Classic
ProductName u Torrent Classic
ProductVersion 3.2.0.11262
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 2,194,320 bytes 2,194,432 bytes 6.56 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7FD7A978A8D35561402020FF1510C6AB
.rdata 0x00219000 568,002 bytes 568,320 bytes 5.55 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E78408474FF617D28BFE72A1F7BD6D47
.data 0x002a4000 69,692 bytes 48,128 bytes 5.06 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 41FC3E0CB54BE7390EA225E9BC6A106B
.rsrc 0x002b6000 1,560,176 bytes 1,560,576 bytes 7.59 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4186274548C8EEF853B948BE195AB15C
.reloc 0x00433000 174,920 bytes 175,104 bytes 6.57 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ DC03CDBB8EB37302F1D9BE67294553D0
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 792 (1,471,855 bytes)
Resource Type Count Total Size Percentage
AFX_DIALOG_LAYOUT 16 32 bytes
0%
IMAGE_BLOB 1 8,545 bytes
0.6%
IMAGE_BLOB2 1 22,500 bytes
1.5%
IMAGE_BLOB3 1 24,656 bytes
1.7%
LOCALE 17 55,651 bytes
3.8%
PNG 553 1,012,317 bytes
68.8%
STYLE_XML 5 83,741 bytes
5.7%
RT_CURSOR 28 8,496 bytes
0.6%
RT_BITMAP 46 158,460 bytes
10.8%
RT_ICON 18 61,370 bytes
4.2%
RT_MENU 1 284 bytes
0%
RT_DIALOG 38 18,954 bytes
1.3%
RT_STRING 30 12,804 bytes
0.9%
RT_GROUP_CURSOR 27 554 bytes
0%
RT_GROUP_ICON 5 282 bytes
0%
RT_VERSION 1 628 bytes
0%
RT_MANIFEST 1 2,032 bytes
0.1%
None 3 549 bytes
0%

Certificate Chain Analysis

Certificate Information
Product u Torrent Classic
Description u Torrent Classic
File Version 3.2.0.11262
Signing Date 09:30 AM 11/26/2024 (193 days ago)
Verification Status Signed
Signers BitTorrent Inc; DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1; DigiCert Trusted Root G4
Counter Signers Sectigo Public Time Stamping Signer R35; Sectigo Public Time Stamping CA R36; Sectigo Public Time Stamping Root R46
Copyright (c) u Torrent Classic
Certificate Chain Summary
Sectigo Public Time Stamping CA R36 #1 Primary
Validity Period: 2021-03-22 00:00:00 → 2036-03-21 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 7A 23 AE DA 53 69 96 0F 91 C8 3E 5C F4 C7 E3 3F
Sectigo Public Time Stamping Signer R35 #2 Chain
Validity Period: 2024-01-15 00:00:00 → 2035-04-14 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 3A 52 6A 2C 84 CE 55 E6 1D 65 FC CC 12 D8 E9 89
Sectigo Public Time Stamping Root R46 #3 Chain
Validity Period: 2021-03-22 00:00:00 → 2038-01-18 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 36 C2 B0 BD 7C 1B 3A E7 A3 B3 DD 36 CB C9 75 68
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 #4 Chain
Validity Period: 2021-04-29 00:00:00 → 2036-04-28 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
BitTorrent Inc #5 Chain
Validity Period: 2024-05-20 00:00:00 → 2027-05-19 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 0F 47 C9 65 1D F9 99 BD FD E5 5C 27 86 BC 0B AA

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
5 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware