uTorrent.exe

µTorrent

BitTorrent Inc

µTorrent is a free ad-supported lightweight BitTorrent client. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘uTorrent’. The file has been seen being downloaded from download.ap.bittorrent.com and multiple other hosts.
Publisher:
BitTorrent Inc.  (signed by BitTorrent Inc)

Product:
µTorrent

Version:
3.3.1.30017

MD5:
9fd5f385a0cb11454914e44cd8e6cdd6

SHA-1:
52abf422313c7414725176075bb88906b0d5aead

SHA-256:
413f45928536785c8d636bd1e61fa71380698ead668e4aadbd4addcbad21db39

Scanner detections:
4 / 68

Status:
Clean  (4 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/2/2024 11:34:59 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Cloddfe.Trojan
1.3.0.4562

Fortinet FortiGate
W32/AdkDLLWrapper.A
12/20/2013

K7 AntiVirus
Riskware
13.174.10588

VIPRE Antivirus
Trojan.Win32.Generic
24292

File size:
1.1 MB (1,130,576 bytes)

Product version:
3.3.1.30017

Copyright:
©2013 BitTorrent, Inc. All Rights Reserved.

Original file name:
uTorrent.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\utorrent\utorrent.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/5/2013 2:00:00 AM

Valid to:
9/4/2016 1:59:59 AM

Subject:
CN=BitTorrent Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BitTorrent Inc, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5732C1574E6AF828E1B4F93ABB34ED08

File PE Metadata
Compilation timestamp:
8/8/2013 10:28:58 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:8DsmaTpsa3W9lvWaYm++yZqCOQGPxOp+Vx9ez+1dqel:8DszPopWA1Q6U+9fqel

Entry address:
0x25ECF0

Entry point:
60, BE, 00, 60, 5A, 00, 8D, BE, 00, B0, E5, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 44, C5, 25, 00, 57, 83, C3, 04, 53, 68, E4, 8C, 0B, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
744 KB (761,856 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
uTorrent

Command:
"C:\users\{user}\appdata\roaming\utorrent\utorrent.exe" \minimized


Windows Firewall Allowed Program
Name:
C:\Documents and Settings\Darosa5555\Dados de aplicativos\uTorrent\uTorrent.exe


The file uTorrent.exe has been discovered within the following programs.

Publisher's description - “Join an epic adventure with the Angry Birds in the legendary Star WarsTM universe! Use the Force, wield your Lightsaber, and blast away Pigtroopers on an intergalactic journey from the deserts of Tatooine to the depths of the Pig Star -- where you’ll face off against the terrifying Darth Vader, Dark Lord of the Pigs! Rebel birds, striking from a hidden base, have won their first victory against the evil Imperial Pigs.”
www.rovio.com
7% remove it
uTorrentControl_v6 Toolbar  by Conduit Ltd.
uTorrent Control v6 Toolbar is a 'Community Toolbar' from Conduit, which integrates with major web browsers including Google Chrome, Firefox and Internet Explorer.
uTorrentControlv6.OurToolbar.com
82% remove it
 
Powered by Should I Remove It?

The file uTorrent.exe has been seen being distributed by the following 39 URLs.

http://download.ap.bittorrent.com/track/stable/endpoint/utorrent/.../windows

http://es.kioskea.net/download/.../22-utorrent

http://blogattach.naver.net/188d04b7a2f9fc200ee288bd82631964c497668dfc/20130912_277_blogfile/.../utorrent.exe

http://mostview.tistory.com/.../cfile29.uf@23575A48521236850A7089.exe

http://ndl2.dmasti.pk/sft/.../utorrent.exe

http://192.168.1.186:8060/Sreejononline/.../utorrent.exe

http://utorrent.ko.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-em6aIpaWll5k=

http://utorrent.he.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-em6eQpqWimJU=

http://utorrent.he.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-em6iHpZ2ol5U=

http://download1503.mediafire.com/n6weejuzmrog/.../utorrent.exe

temp:utorrent.exe

Latest 30 of 39 download URLs

Scan uTorrent.exe - Powered by Reason Core Security