home

installer_utorrent_english.exe

The executable installer_utorrent_english.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Vittalia DM installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from utorrent.begin.pro.
MD5:
d379bb155a6d9f7b6eeb569c9d4704ad

SHA-1:
2ecfcd8b93a40ebbcce5ccb394fe0025a30c3c59

SHA-256:
b579902315d9987d37cd8f3ae5a763e284088f88e91e7bbb9b785819f0695f6b

Scanner detections:
1 / 68

Status:
Malware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/6/2025 2:09:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.5.21.21

File size:
4.9 MB (5,153,048 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Common path:
C:\users\{user}\downloads\installer_utorrent_english.exe

File PE Metadata
Compilation timestamp:
6/25/2014 12:04:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:wldnIqx9OPJwVSr20RHefM0XdhCoG2Ll2Wl7FEHqX28DBNPsVPsfN+G8:wjn9a5

Entry address:
0x2CD50

Entry point:
55, 8B, EC, E8, 78, 4B, 01, 00, E8, 03, 00, 00, 00, 5D, C3, CC, 55, 8B, EC, 6A, FE, 68, 20, 28, 47, 00, 68, 10, 19, 43, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, E0, 53, 56, 57, A1, D0, 47, 47, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, E0, 00, 00, 00, 00, E8, F1, 3B, 00, 00, 66, 89, 45, E4, 6A, 02, E8, 56, 4A, 01, 00, 83, C4, 04, E8, 3E, 01, 00, 00, 89, 45, D4, E8, D6, 1D, 01, 00, 85, C0, 75, 0A, 6A, 1C, E8, BB, 01, 00, 00, 83, C4, 04, E8, 73, 67, 00, 00, 85, C0, 75...
 
[+]

Entropy:
6.3733

Developed / compiled with:
Microsoft Visual C++

Code size:
346.5 KB (354,816 bytes)

The file installer_utorrent_english.exe has been seen being distributed by the following URL.

http://utorrent.begin.pro/.../download?p=EXOCLICKworldwide&trckid=NTQ2OTk5fHByb3h5LnphbG1vcy5jb218UEFLfHw4NDc5MjI0fHphbG1vc3wyNzM2MjB8ODk3MTkwfDE4MC45Mi4xNDkuMTE3fDQ3Mnw0fHw0MXwyfDJ8fDB8Mnw3Mjh4OTB8MQ==

Remove installer_utorrent_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.