File name: | uTorrent.exe |
Full analysis: | https://app.any.run/tasks/9258acab-b59b-4d7f-b891-1d3679d2451a |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 23:48:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 26EA68F64166F1BFA4A2D435C3C91BD8 |
SHA1: | 7F38EF9F08989E3DE8B9203F4B3FF21A6D3AB64F |
SHA256: | 4B2C89F6B9582C03277D5D5676226CAEA9AB115484A62370CB7855B9963A1B9A |
SSDEEP: | 98304:EG5QgQ7CuTkHvSHUwEt/1ytqVSh/DSSfqwHUhk7nuPKhsH:EG5AefPS0weUCw060H |
.exe | | | InstallShield setup (29.8) |
---|---|---|
.exe | | | Win32 Executable MS Visual C++ (generic) (21.6) |
.exe | | | Win64 Executable (generic) (19.1) |
.exe | | | UPX compressed Win32 Executable (18.7) |
.dll | | | Win32 Dynamic Link Library (generic) (4.5) |
ProductName: | µTorrent |
---|---|
OriginalFileName: | uTorrent.exe |
LegalCopyright: | ©2020 BitTorrent, Inc. All Rights Reserved. |
InternalName: | uTorrent.exe |
FileDescription: | µTorrent |
CompanyName: | BitTorrent Inc. |
ProductVersion: | 3.5.5.45776 |
FileVersion: | 3.5.5.45776 |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 3.5.5.45776 |
FileVersionNumber: | 3.5.5.45776 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x148d4 |
UninitializedDataSize: | - |
InitializedDataSize: | 83968 |
CodeSize: | 104448 |
LinkerVersion: | 6 |
PEType: | PE32 |
TimeStamp: | 2011:04:18 20:54:06+02:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2868 | "C:\Users\admin\AppData\Local\Temp\uTorrent.exe" | C:\Users\admin\AppData\Local\Temp\uTorrent.exe | — | explorer.exe |
User: admin Company: BitTorrent Inc. Integrity Level: MEDIUM Description: µTorrent Exit code: 3221226540 Version: 3.5.5.45776 | ||||
1908 | "C:\Users\admin\AppData\Local\Temp\uTorrent.exe" | C:\Users\admin\AppData\Local\Temp\uTorrent.exe | explorer.exe | |
User: admin Company: BitTorrent Inc. Integrity Level: HIGH Description: µTorrent Version: 3.5.5.45776 | ||||
2900 | .\installer.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\installer.exe | uTorrent.exe | |
User: admin Company: adaware Integrity Level: HIGH Description: µTorrent Version: 1.0.3.3337 | ||||
2532 | "C:\Users\admin\AppData\Local\Temp\7zS477F531E\GenericSetup.exe" C:\Users\admin\AppData\Local\Temp\7zS477F531E\GenericSetup.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\GenericSetup.exe | installer.exe | |
User: admin Integrity Level: HIGH Description: µTorrent Version: 1.0.3.3337 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1908 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\tis\ViewStateLoader.tis | text | |
MD5:CFA267DB7E3295C099F9AE454FD23331 | SHA256:5EA24E0CB28EA1F50CC2BEEF1EB0C1B9BA2A5099B63F66F2A4EE2ED60CFE30FD | |||
1908 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\BundleConfig.json | text | |
MD5:179FE1DE11C3D7DEFBA7A62482589417 | SHA256:D938F69436191EA4AFB85CAC10E156736B0C7A1A732431827B4D941044B4FFCE | |||
1908 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\tis\EventHandler.tis | text | |
MD5:1F65DA2A4D3AA1A7102F1C558F21E76A | SHA256:D3D9277CD3C46E0B264A59A199A5FAFE348DE46448CAFF45A0BB4D2A1D496F46 | |||
1908 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\style.css | text | |
MD5:3C91D96C2471620F4EB0A4A6EC2D378A | SHA256:6D97CFB805FC5702BB40D437B6FC4D0768ECFBB573B5D4FDADBE5DC7AC14999C | |||
1908 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\GenericSetup.exe.config | xml | |
MD5:C5BB4979EE79C1A681C76AFEA65C95ED | SHA256:54F1667525366C3C0F21949B406F62097FF9C5B4982A188A1AE5A3B61AE9A59C | |||
1908 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\InstallingPage.html | html | |
MD5:9A8AF9C65D92EBFC67A96BEA03C6C3FC | SHA256:5F558D572E6BA9E5E82BDAEACA5C0FDAE9519F32B854D534EDBA256F20C6F0D5 | |||
1908 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\tis\TranslateOfferTemplate.tis | text | |
MD5:551029A3E046C5ED6390CC85F632A689 | SHA256:7B8C76A85261C5F9E40E49F97E01A14320E9B224FF3D6AF8286632CA94CF96F8 | |||
1908 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\WarningPage.html | html | |
MD5:E4EAF0049346F0A54500F2E1D7162CDA | SHA256:D916648FFE60F3A0925EE8456D2153FFE9CBD616F6D1468F9DFC0BBCC5AB8D33 | |||
1908 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\Resources\OfferPage.html | html | |
MD5:CD971B3AC121709D874E11D6F5BBA960 | SHA256:96304C4EF7192F521ADD5D9D630ED8AB75A3D45663D8641A7C3186519F88DC42 | |||
1908 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\7zS477F531E\app.ico | image | |
MD5:21D40E1B37AD7CFDEAC5BE2BC5C2B58D | SHA256:D29353F6C8BA117BDED73A2A12C9F3E5C5E286C168AB4F91DE33CCBAD942AC18 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2900 | installer.exe | POST | 200 | 104.18.87.101:80 | http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart | US | text | 29 b | whitelisted |
2900 | installer.exe | POST | 200 | 104.18.87.101:80 | http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStart | US | text | 29 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2532 | GenericSetup.exe | 104.18.88.101:443 | flow.lavasoft.com | Cloudflare Inc | US | shared |
2900 | installer.exe | 104.18.87.101:80 | flow.lavasoft.com | Cloudflare Inc | US | shared |
2532 | GenericSetup.exe | 104.16.235.79:443 | sos.adaware.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
flow.lavasoft.com |
| whitelisted |
sos.adaware.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2900 | installer.exe | A Network Trojan was detected | ET MALWARE Lavasoft PUA/Adware Client Install |
Process | Message |
---|---|
GenericSetup.exe | at sciter:init-script.tis
|
GenericSetup.exe | at sciter:init-script.tis
|
GenericSetup.exe | |
GenericSetup.exe | |
GenericSetup.exe | file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
|