utorrent_v3.4.9.pro_build.42606.e_m_a.exe

µTorrent

BitTorrent Inc.

The application utorrent_v3.4.9.pro_build.42606.e_m_a.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘uTorrent’. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. While running, it connects to the Internet address b5df9b0d.virtua.com.br on port 32623.
Publisher:
BitTorrent Inc.

Product:
µTorrent

Version:
3.4.9.42606

MD5:
1bf61b2b45af7caecc3796c8218595e3

SHA-1:
aaf3a8e5060908273995818b8d25e0cb7827a5ea

SHA-256:
c4d92b68d00eb318544954c67e7930c617338b6b2b52135c8e2754c560c65a1b

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/25/2024 12:06:30 PM UTC  (today)

Scan engine
Detection
Engine version

G Data
Win32.Application.OpenCandy
16.9.25

IKARUS anti.virus
PUA.OpenCandy
t3scan.2.1.6.0

Qihoo 360 Security
HEUR/QVM11.1.0000.Malware.Gen
1.0.0.1120

Reason Heuristics
PUP.OpenCandy (M)
16.9.22.18

File size:
2.6 MB (2,710,208 bytes)

Product version:
3.4.9.42606

Copyright:
©2016 BitTorrent, Inc. All Rights Reserved.

Original file name:
uTorrent.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\utorrent_v3.4.9.pro_build.42606.e_m_a.exe

File PE Metadata
Compilation timestamp:
9/19/2016 7:25:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
49152:5lNFNyU2Vydf4JeAcLuSZR699VI5tnw1PkwWPKv0I8FAa86HdmN36ojs73WQk7:FTMVPc1xZYHIDnw1swWPKvLYAa86Hd8p

Entry address:
0x617FF0

Entry point:
60, BE, 00, 50, 7A, 00, 8D, BE, 00, C0, C5, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
2.5 MB (2,572,288 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
uTorrent

Command:
"C:\users\{user}\appdata\roaming\utorrent\utorrent.exe" \minimized


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to bb40e0e8.virtua.com.br  (187.64.224.232:63701)

TCP:
Connects to bacd20cc.virtua.com.br  (186.205.32.204:30090)

TCP:
Connects to www.puregig.net  (64.145.76.91:8999)

TCP:
Connects to static.kpn.net  (83.232.199.57:62846)

TCP:
Connects to pacific1590.dedicatedpanel.com  (209.126.110.71:22533)

TCP:
Connects to dynamic.ip.89.148.18.216.batelco.com.bh  (89.148.18.216:14517)

TCP:
Connects to d173-238-32-177.home4.cgocable.net  (173.238.32.177:40605)

TCP:
Connects to c9537772.virtua.com.br  (201.83.119.114:59830)

TCP:
Connects to c114-76-141-79.sunsh2.vic.optusnet.com.au  (114.76.141.79:26581)

TCP:
Connects to 246.206.232.186.carajasnet.com  (186.232.206.246:1024)

TCP:
Connects to 177-184-102-66.viareal.com.br  (177.184.102.66:40284)

TCP:
Connects to static.141.226.217.133.ccc.net.il  (141.226.217.133:36559)

TCP:
Connects to softbank126073018085.bbtec.net  (126.73.18.85:18815)

TCP (HTTP SSL):
Connects to server-54-230-186-25.cdg51.r.cloudfront.net  (54.230.186.25:443)

TCP:
Connects to r49-2-99-82.cpe.vividwireless.net.au  (49.2.99.82:58798)

TCP:
Connects to p2101-ipbf3105hodogaya.kanagawa.ocn.ne.jp  (114.149.153.101:16835)

TCP:
Connects to n218250151118.netvigator.com  (218.250.151.118:1500)

TCP:
Connects to ip-200.13.8.56.rev.triptecnologia.com.br  (200.13.8.56:19335)

TCP:
Connects to i220-108-250-205.s42.a013.ap.plala.or.jp  (220.108.250.205:38225)

TCP:
Connects to g140.124-44-24.ppp.wakwak.ne.jp  (124.44.24.140:55739)

Remove utorrent_v3.4.9.pro_build.42606.e_m_a.exe - Powered by Reason Core Security