Malware analysis uTorrent.exe Malicious activity | ANY.RUN

Add for printing

File name:	uTorrent.exe
Full analysis:	https://app.any.run/tasks/9258acab-b59b-4d7f-b891-1d3679d2451a
Verdict:	Malicious activity
Analysis date:	August 08, 2020, 23:48:31
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	installer adware pua lavasoft
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	26EA68F64166F1BFA4A2D435C3C91BD8
SHA1:	7F38EF9F08989E3DE8B9203F4B3FF21A6D3AB64F
SHA256:	4B2C89F6B9582C03277D5D5676226CAEA9AB115484A62370CB7855B9963A1B9A
SSDEEP:	98304:EG5QgQ7CuTkHvSHUwEt/1ytqVSh/DSSfqwHUhk7nuPKhsH:EG5AefPS0weUCw060H

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.17843 KB3058515
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (75.0.3770.100)
Google Update Helper (1.3.34.7)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.2 (4.7.03062)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)
srvpost (2.10.90)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Hyphenation Parent Package English
IE Spelling Parent Package English
IE Troubleshooters Package
InternetExplorer Optional Package
InternetExplorer Package TopLevel
KB2533623
KB2534111
KB2639308
KB2729094
KB2731771
KB2786081
KB2834140
KB2882822
KB2888049
KB2999226
KB4019990
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
PlatformUpdate Win7 SRV08R2 Package TopLevel
ProfessionalEdition
UltimateEdition

Add for printing

MALICIOUS
- Application was dropped or rewritten from another process
  - installer.exe (PID: 2900)
  - GenericSetup.exe (PID: 2532)
- Loads dropped or rewritten executable
  - GenericSetup.exe (PID: 2532)
- LAVASOFT was detected
  - installer.exe (PID: 2900)
- Changes settings of System certificates
  - GenericSetup.exe (PID: 2532)
SUSPICIOUS
- Executable content was dropped or overwritten
  - uTorrent.exe (PID: 1908)
- Reads Windows owner or organization settings
  - GenericSetup.exe (PID: 2532)
- Reads the Windows organization settings
  - GenericSetup.exe (PID: 2532)
- Reads Environment values
  - GenericSetup.exe (PID: 2532)
- Adds / modifies Windows certificates
  - GenericSetup.exe (PID: 2532)
- Searches for installed software
  - GenericSetup.exe (PID: 2532)
INFO
- Reads settings of System Certificates
  - GenericSetup.exe (PID: 2532)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	InstallShield setup (29.8)
.exe	\|	Win32 Executable MS Visual C++ (generic) (21.6)
.exe	\|	Win64 Executable (generic) (19.1)
.exe	\|	UPX compressed Win32 Executable (18.7)
.dll	\|	Win32 Dynamic Link Library (generic) (4.5)

EXIF

EXE

ProductName:	µTorrent
OriginalFileName:	uTorrent.exe
LegalCopyright:	©2020 BitTorrent, Inc. All Rights Reserved.
InternalName:	uTorrent.exe
FileDescription:	µTorrent
CompanyName:	BitTorrent Inc.
ProductVersion:	3.5.5.45776
FileVersion:	3.5.5.45776
CharacterSet:	Unicode
LanguageCode:	English (U.S.)
FileSubtype:	-
ObjectFileType:	Executable application
FileOS:	Windows NT 32-bit
FileFlags:	(none)
FileFlagsMask:	0x003f
ProductVersionNumber:	3.5.5.45776
FileVersionNumber:	3.5.5.45776
Subsystem:	Windows GUI
SubsystemVersion:	4
ImageVersion:	-
OSVersion:	4
EntryPoint:	0x148d4
UninitializedDataSize:	-
InitializedDataSize:	83968
CodeSize:	104448
LinkerVersion:	6
PEType:	PE32
TimeStamp:	2011:04:18 20:54:06+02:00
MachineType:	Intel 386 or later, and compatibles

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
2868	"C:\Users\admin\AppData\Local\Temp\uTorrent.exe"	C:\Users\admin\AppData\Local\Temp\uTorrent.exe	—	explorer.exe
User: admin Company: BitTorrent Inc. Integrity Level: MEDIUM Description: µTorrent Exit code: 3221226540 Version: 3.5.5.45776
1908	"C:\Users\admin\AppData\Local\Temp\uTorrent.exe"	C:\Users\admin\AppData\Local\Temp\uTorrent.exe		explorer.exe
User: admin Company: BitTorrent Inc. Integrity Level: HIGH Description: µTorrent Version: 3.5.5.45776
2900	.\installer.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\installer.exe		uTorrent.exe
User: admin Company: adaware Integrity Level: HIGH Description: µTorrent Version: 1.0.3.3337
2532	"C:\Users\admin\AppData\Local\Temp\7zS477F531E\GenericSetup.exe" C:\Users\admin\AppData\Local\Temp\7zS477F531E\GenericSetup.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\GenericSetup.exe		installer.exe
User: admin Integrity Level: HIGH Description: µTorrent Version: 1.0.3.3337

Add for printing

Total events

10 004

Read events

9 918

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1908	uTorrent.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\tis\ViewStateLoader.tis		text
		MD5:CFA267DB7E3295C099F9AE454FD23331	SHA256:5EA24E0CB28EA1F50CC2BEEF1EB0C1B9BA2A5099B63F66F2A4EE2ED60CFE30FD
1908	uTorrent.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\BundleConfig.json		text
		MD5:179FE1DE11C3D7DEFBA7A62482589417	SHA256:D938F69436191EA4AFB85CAC10E156736B0C7A1A732431827B4D941044B4FFCE
1908	uTorrent.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\tis\EventHandler.tis		text
		MD5:1F65DA2A4D3AA1A7102F1C558F21E76A	SHA256:D3D9277CD3C46E0B264A59A199A5FAFE348DE46448CAFF45A0BB4D2A1D496F46
1908	uTorrent.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\style.css		text
		MD5:3C91D96C2471620F4EB0A4A6EC2D378A	SHA256:6D97CFB805FC5702BB40D437B6FC4D0768ECFBB573B5D4FDADBE5DC7AC14999C
1908	uTorrent.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\GenericSetup.exe.config		xml
		MD5:C5BB4979EE79C1A681C76AFEA65C95ED	SHA256:54F1667525366C3C0F21949B406F62097FF9C5B4982A188A1AE5A3B61AE9A59C
1908	uTorrent.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\InstallingPage.html		html
		MD5:9A8AF9C65D92EBFC67A96BEA03C6C3FC	SHA256:5F558D572E6BA9E5E82BDAEACA5C0FDAE9519F32B854D534EDBA256F20C6F0D5
1908	uTorrent.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\tis\TranslateOfferTemplate.tis		text
		MD5:551029A3E046C5ED6390CC85F632A689	SHA256:7B8C76A85261C5F9E40E49F97E01A14320E9B224FF3D6AF8286632CA94CF96F8
1908	uTorrent.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\WarningPage.html		html
		MD5:E4EAF0049346F0A54500F2E1D7162CDA	SHA256:D916648FFE60F3A0925EE8456D2153FFE9CBD616F6D1468F9DFC0BBCC5AB8D33
1908	uTorrent.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\OfferPage.html		html
		MD5:CD971B3AC121709D874E11D6F5BBA960	SHA256:96304C4EF7192F521ADD5D9D630ED8AB75A3D45663D8641A7C3186519F88DC42
1908	uTorrent.exe	C:\Users\admin\AppData\Local\Temp\7zS477F531E\app.ico		image
		MD5:21D40E1B37AD7CFDEAC5BE2BC5C2B58D	SHA256:D29353F6C8BA117BDED73A2A12C9F3E5C5E286C168AB4F91DE33CCBAD942AC18

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2900	installer.exe	POST	200	104.18.87.101:80	http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart	US	text	29 b	whitelisted
2900	installer.exe	POST	200	104.18.87.101:80	http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStart	US	text	29 b	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2532	GenericSetup.exe	104.18.88.101:443	flow.lavasoft.com	Cloudflare Inc	US	shared
2900	installer.exe	104.18.87.101:80	flow.lavasoft.com	Cloudflare Inc	US	shared
2532	GenericSetup.exe	104.16.235.79:443	sos.adaware.com	Cloudflare Inc	US	shared

DNS requests

Domain	IP	Reputation
flow.lavasoft.com	104.18.87.101 104.18.88.101	whitelisted
sos.adaware.com	104.16.235.79 104.16.236.79	whitelisted

Threats

PID	Process	Class	Message
2900	installer.exe	A Network Trojan was detected	ET MALWARE Lavasoft PUA/Adware Client Install

Add for printing

Process	Message
GenericSetup.exe	at sciter:init-script.tis
GenericSetup.exe	at sciter:init-script.tis
GenericSetup.exe
GenericSetup.exe
GenericSetup.exe	file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'

General Info

uTorrent.exe

26EA68F64166F1BFA4A2D435C3C91BD8

7F38EF9F08989E3DE8B9203F4B3FF21A6D3AB64F

4B2C89F6B9582C03277D5D5676226CAEA9AB115484A62370CB7855B9963A1B9A

98304:EG5QgQ7CuTkHvSHUwEt/1ytqVSh/DSSfqwHUhk7nuPKhsH:EG5AefPS0weUCw060H

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Application was dropped or rewritten from another process

Loads dropped or rewritten executable

LAVASOFT was detected

Changes settings of System certificates

SUSPICIOUS

Executable content was dropped or overwritten

Reads Windows owner or organization settings

Reads the Windows organization settings

Reads Environment values

Adds / modifies Windows certificates

Searches for installed software

INFO

Reads settings of System Certificates

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings