» uTorrent.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (1)
Downloads (3)

uTorrent.exe

µTorrent

BitTorrent Inc

µTorrent is a free ad-supported lightweight BitTorrent client. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘uTorrent’. This file is installed with the program µTorrent. The file has been seen being downloaded from s10318.chomikuj.pl and multiple other hosts.

File name:

uTorrent.exe

Publisher:

BitTorrent, Inc. (signed by BitTorrent Inc)

Product:

µTorrent

Version:

2.2.0.23235

MD5:

5d817eacea557b4b62232f3aa48c7d93

SHA-1:

eb8f85871c8a4392739f221a7ce67828f4cab12d

SHA-256:

a695cc51c5be55764f783c1c36650f0f63f4a550ad537593137e146f2e95784a

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/6/2024 6:31:13 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Variant.Strictor.46875

8.14.03.02.04

Trend Micro House Call

HV_ZYX_BL132900.TOMC

7.2.61

File size:

385.9 KB (395,128 bytes)

Product version:

2.2.0.23235

Original file name:

uTorrent.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\utorrent\utorrent.exe

Digital Signature

Signed by:

BitTorrent Inc

Authority:

VeriSign, Inc.

Valid from:

6/20/2010 5:00:00 PM

Valid to:

7/26/2013 4:59:59 PM

Subject:

CN=BitTorrent Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BitTorrent Inc, L=San Francisco, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

36BC30562A650AFAA5AD101ECD643AB4

File PE Metadata

Compilation timestamp:

11/17/2010 4:59:51 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:bg2qFHS8prrmRuU8YwFqr8WYBSMfMoS7a:M2qzprqrwFMMfqa

Entry address:

0xFE8D0

Entry point:

60, BE, 00, 60, 4A, 00, 8D, BE, 00, B0, F5, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 50, C0, 0F, 00, 57, 83, C3, 04, 53, 68, C6, 88, 05, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9233 (probably packed)

Code size:

360 KB (368,640 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

uTorrent

Command:

"C:\Program Files\utorrent\utorrent.exe"

Windows Firewall Allowed Program

Name:

C:\Program Files\uTorrent\uTorrent.exe

The file uTorrent.exe has been discovered within the following programs.

µTorrent by BitTorrent Inc.

µTorrent is a is a free, ad-supported, lighter-weight BitTorrent client designed to consume less resources then the full BitTorrent version.

www.utorrent.com

12% remove it

The file uTorrent.exe has been seen being distributed by the following 3 URLs.

http://s10318.chomikuj.pl/File.aspx?e=KRX4kXaDqg8FcQaPnIl9kL73vLyU4hozCZUVKuQxfeqfpTeocI55futR9EbqoPWphmOGwA34-_IbrGLEKUnZcmSv1m7r98_vHLGoSNmvn0fdq5m26XR_pYDUAXEdH7v6m5_taFdRfe6e-4T6cPqAHA&pv=2

http://download.utorrent.com/.../utorrent.exe

Scan uTorrent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.