utorrent.exe

Propusan Expansion s.l.

The application utorrent.exe by Propusan Expansion s.l has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from bestmighty.com.
Publisher:
Propusan Expansion s.l.  (signed and verified)

MD5:
345b71370534fc558a8452a2de334c3a

SHA-1:
a18cfe98370cabc9f6a09e503f7388bb78b4d9bb

SHA-256:
78ac4b6e2eeff9cf317ee41ec894c9048ca61c47e12e4f5e41d300cd462d4cf6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
11/27/2024 1:32:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solimba.Propusan (M)
16.6.7.5

File size:
522.1 KB (534,600 bytes)

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\utorrent.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/18/2014 11:37:22 AM

Valid to:
12/18/2016 11:37:22 AM

Subject:
CN=Propusan Expansion s.l., O=Propusan Expansion s.l., L=Badalona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112173CDF53299BEB67263874E91B73F31B9

File PE Metadata
Compilation timestamp:
2/5/2015 6:09:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:IizFwL/mXO3JADVXfObH4FpBvbNWMOT5s1btcbDD4XjAcdiXyKD1AQfDNopqCl+D:IizFQuXOCDVfgABvBWAtq0uD1AcsYB

Entry address:
0xB92C

Entry point:
E8, 57, 4D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A0, 09, 42, 00, E8, 3E, 15, 00, 00, E8, 28, 4F, 00, 00, 0F, B7, F0, 6A, 02, E8, EA, 4C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 85, 42, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
96 KB (98,304 bytes)

The file utorrent.exe has been seen being distributed by the following URL.

Remove utorrent.exe - Powered by Reason Core Security