File name:

utorrent_installer.exe

Full analysis: https://app.any.run/tasks/e3b3cfef-9590-44f1-8600-21680376938d
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: January 30, 2024, 14:17:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

5C6795148A8E728DEA1C8411A8284841

SHA1:

0904E88B73656BAAA65F029D2EDEDA9B9EB17D9E

SHA256:

B12813AE4C66FF0EB56C26348F14686DE08C95C1D3C62E9ACD4810D9474F777E

SSDEEP:

49152:K7HecD4dnbibBlkGZpbQGkhTTf7izMsCmDZK+IKpxmX0UuL4QBRNjnvHmCAxN7Rb:a+cD4dnSRQGwf7XG0R8xr4QBrvHINOd0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • utorrent_installer.exe (PID: 1264)
      • utorrent_installer.exe (PID: 324)
      • uTorrent.exe (PID: 1028)
      • utorrent.exe (PID: 3524)
      • uTorrent.exe (PID: 3824)
      • utorrent_installer.tmp (PID: 668)

    • Changes the autorun value in the registry

      • uTorrent.exe (PID: 3824)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • utorrent_installer.exe (PID: 1264)
      • utorrent_installer.exe (PID: 324)
      • uTorrent.exe (PID: 1028)
      • utorrent.exe (PID: 3524)
      • uTorrent.exe (PID: 3824)
      • utorrent_installer.tmp (PID: 668)

    • Reads the Windows owner or organization settings

      • utorrent_installer.tmp (PID: 668)

    • Reads settings of System Certificates

      • utorrent_installer.tmp (PID: 668)
      • uTorrent.exe (PID: 3824)

    • Reads the Internet Settings

      • utorrent_installer.tmp (PID: 668)
      • uTorrent.exe (PID: 1028)
      • utorrent.exe (PID: 3524)
      • uTorrent.exe (PID: 3824)

    • The process creates files with name similar to system file names

      • uTorrent.exe (PID: 1028)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • uTorrent.exe (PID: 1028)

    • Reads security settings of Internet Explorer

      • utorrent.exe (PID: 3524)
      • uTorrent.exe (PID: 3824)

    • Checks Windows Trust Settings

      • utorrent.exe (PID: 3524)
      • uTorrent.exe (PID: 3824)

    • Searches for installed software

      • uTorrent.exe (PID: 3824)

    • Changes Internet Explorer settings (feature browser emulation)

      • uTorrent.exe (PID: 3824)

    • Process requests binary or script from the Internet

      • uTorrent.exe (PID: 3824)

  • INFO

    • Create files in a temporary directory

      • utorrent_installer.exe (PID: 1264)
      • utorrent_installer.exe (PID: 324)
      • utorrent_installer.tmp (PID: 668)
      • uTorrent.exe (PID: 1028)
      • utorrent.exe (PID: 3524)
      • uTorrent.exe (PID: 3824)

    • Checks supported languages

      • utorrent_installer.exe (PID: 1264)
      • utorrent_installer.tmp (PID: 1392)
      • utorrent_installer.exe (PID: 324)
      • utorrent_installer.tmp (PID: 668)
      • uTorrent.exe (PID: 1028)
      • utorrent.exe (PID: 3524)
      • uTorrent.exe (PID: 3824)
      • helper.exe (PID: 2416)

    • Reads the computer name

      • utorrent_installer.tmp (PID: 1392)
      • utorrent_installer.tmp (PID: 668)
      • uTorrent.exe (PID: 1028)
      • utorrent.exe (PID: 3524)
      • uTorrent.exe (PID: 3824)
      • helper.exe (PID: 2416)

    • Reads the machine GUID from the registry

      • utorrent_installer.tmp (PID: 668)
      • utorrent.exe (PID: 3524)
      • uTorrent.exe (PID: 1028)
      • uTorrent.exe (PID: 3824)

    • Creates files or folders in the user directory

      • uTorrent.exe (PID: 1028)
      • utorrent.exe (PID: 3524)
      • uTorrent.exe (PID: 3824)
      • helper.exe (PID: 2416)

    • Checks proxy server information

      • uTorrent.exe (PID: 1028)
      • utorrent.exe (PID: 3524)
      • uTorrent.exe (PID: 3824)

    • Application launched itself

      • msedge.exe (PID: 2524)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 2524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 18:10:23+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 73216
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 3.6.0.0
ProductVersionNumber: 3.6.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: uТorrеnt® Classic
FileVersion: 3.6
LegalCopyright: ©2022 RainBerry Inc. All Rights Reserved
OriginalFileName:
ProductName: uТorrеnt® Classic
ProductVersion: 3.6
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
29
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start utorrent_installer.exe utorrent_installer.tmp no specs utorrent_installer.exe utorrent_installer.tmp utorrent.exe utorrent.exe utorrent.exe utorrentie.exe no specs utorrentie.exe no specs utorrentie.exe no specs utorrentie.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs utorrentie.exe no specs helper.exe

Process information

PID
CMD
Path
Indicators
Parent process
324"C:\Users\admin\AppData\Local\Temp\utorrent_installer.exe" /SPAWNWND=$1201B4 /NOTIFYWND=$F0184 C:\Users\admin\AppData\Local\Temp\utorrent_installer.exe
utorrent_installer.tmp
User:
admin
Company:
Integrity Level:
HIGH
Description:
uТorrеnt® Classic
Exit code:
0
Version:
3.6
Modules
Images
c:\users\admin\appdata\local\temp\utorrent_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
568"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3776 --field-trial-handle=1304,i,16264267167995402768,7067723041422828873,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
668"C:\Users\admin\AppData\Local\Temp\is-URC7H.tmp\utorrent_installer.tmp" /SL5="$F0182,840711,816128,C:\Users\admin\AppData\Local\Temp\utorrent_installer.exe" /SPAWNWND=$1201B4 /NOTIFYWND=$F0184 C:\Users\admin\AppData\Local\Temp\is-URC7H.tmp\utorrent_installer.tmp
utorrent_installer.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-urc7h.tmp\utorrent_installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1028"C:\Users\admin\AppData\Local\Temp\is-BRP7E.tmp\uTorrent.exe" /S /FORCEINSTALL 1110010101111110C:\Users\admin\AppData\Local\Temp\is-BRP7E.tmp\uTorrent.exe
utorrent_installer.tmp
User:
admin
Company:
BitTorrent Limited
Integrity Level:
HIGH
Description:
utorrent
Exit code:
0
Version:
3.6.0.47006
Modules
Images
c:\users\admin\appdata\local\temp\is-brp7e.tmp\utorrent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
1264"C:\Users\admin\AppData\Local\Temp\utorrent_installer.exe" C:\Users\admin\AppData\Local\Temp\utorrent_installer.exe
explorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
uТorrеnt® Classic
Exit code:
0
Version:
3.6
Modules
Images
c:\users\admin\appdata\local\temp\utorrent_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1392"C:\Users\admin\AppData\Local\Temp\is-HV1P1.tmp\utorrent_installer.tmp" /SL5="$F0184,840711,816128,C:\Users\admin\AppData\Local\Temp\utorrent_installer.exe" C:\Users\admin\AppData\Local\Temp\is-HV1P1.tmp\utorrent_installer.tmputorrent_installer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-hv1p1.tmp\utorrent_installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1876"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1304,i,16264267167995402768,7067723041422828873,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2052"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3860 --field-trial-handle=1304,i,16264267167995402768,7067723041422828873,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2096"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3820 --field-trial-handle=1304,i,16264267167995402768,7067723041422828873,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2104"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3756 --field-trial-handle=1304,i,16264267167995402768,7067723041422828873,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
12 022
Read events
11 866
Write events
149
Delete events
7

Modification events

(PID) Process:(668) utorrent_installer.tmpKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(668) utorrent_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(668) utorrent_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(668) utorrent_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB60F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D8200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(1028) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1028) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1028) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1028) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1028) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1028) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
19
Suspicious files
148
Text files
53
Unknown types
3

Dropped files

PID
Process
Filename
Type
3524utorrent.exeC:\Users\admin\AppData\Local\Temp\uttEE1E.tmp
MD5:
SHA256:
668utorrent_installer.tmpC:\Users\admin\AppData\Local\Temp\is-BRP7E.tmp\is-E55QV.tmpimage
MD5:4CFFF8DC30D353CD3D215FD3A5DBAC24
SHA256:0C430E56D69435D8AB31CBB5916A73A47D11EF65B37D289EE7D11130ADF25856
668utorrent_installer.tmpC:\Users\admin\AppData\Local\Temp\is-BRP7E.tmp\is-6KVAN.tmpexecutable
MD5:90158EC8FEB8A5564561EC7237944ACD
SHA256:201A6E739D0A0959D1EE693FE6F45074160790A112BC9FBA972A13B2F6E3CA2C
3524utorrent.exeC:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2fbinary
MD5:037CB25A3FF126409508086A026FC6C9
SHA256:FAE35CF924DADB5FA7E57E4C5DC955CDDF4A572BEEA26EB4ED50B6CB3A93E114
324utorrent_installer.exeC:\Users\admin\AppData\Local\Temp\is-URC7H.tmp\utorrent_installer.tmpexecutable
MD5:7128BF7C5DF55D8F2027CA5BCCEAB553
SHA256:2B3EBF2E0F296D412788883DC602EEB087C8DABA1280CEB03F32C6520035BB98
668utorrent_installer.tmpC:\Users\admin\AppData\Local\Temp\is-BRP7E.tmp\license.rtftext
MD5:8A708BF775DE14E5FBB16F6077B454D5
SHA256:ECA753676C5C71D7BE141451CD6D1426A08ED5C254078BC585D9BA91395A971A
1028uTorrent.exeC:\Users\admin\AppData\Local\Temp\nsdE600.tmp\utorrent.exeexecutable
MD5:23DDF110567D37DADA66DCBAA6477D02
SHA256:B505C9A5F0C6D62DFD5CEA2AA4530838D3EF4996AF5CF73C329243881CE07057
3824uTorrent.exeC:\Users\admin\AppData\Local\Temp\utt782D.tmp
MD5:
SHA256:
668utorrent_installer.tmpC:\Users\admin\AppData\Local\Temp\is-BRP7E.tmp\Logo.pngimage
MD5:B5D74EA9BCD66F6FA463DA4A914223D2
SHA256:4E75D7C057873B4E4A4DBC40E407A29F0DCF5DA43525884EEE6938BF62F51F2A
3524utorrent.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnkbinary
MD5:7E2F547FA51D7235779CD69BB75AC5EA
SHA256:3D4DC936624E34A889775936274F65021C68E5D934BBBB424039C8EBBBEF9665
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
136
DNS requests
55
Threats
16

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
668
utorrent_installer.tmp
HEAD
200
67.215.238.66:80
http://download-new.utorrent.com/endpoint/utorrent/os/riserollout/track/stable
unknown
unknown
3824
uTorrent.exe
POST
52.20.164.195:80
http://i-24.b-47006.ut.bench.utorrent.com/e?i=24
unknown
unknown
GET
200
67.215.246.203:80
http://update.utorrent.com/installstats.php?cl=uTorrent&v=113358750&h=EhXekjl4bMCm1gWb&w=1DB10106&bu=0&pr=0&cmp=0&ocmp=0&installresult&pid=3524&cau=0&lunv=0&installresult=0&exit=1&au=0&ic=1&view=win32
unknown
unknown
3824
uTorrent.exe
POST
52.205.58.33:80
http://i-70.b-47006.ut.bench.utorrent.com/e?i=70
unknown
unknown
3824
uTorrent.exe
GET
200
178.79.242.181:80
http://cdn.ap.bittorrent.com/control/feature/tags/ut.json
unknown
binary
3.78 Kb
unknown
3824
uTorrent.exe
POST
200
52.71.124.178:80
http://i-64.b-47006.ut.bench.utorrent.com/e?i=64
unknown
binary
21 b
unknown
3824
uTorrent.exe
POST
200
44.215.174.64:80
http://i-44.b-47006.ut.bench.utorrent.com/e?i=44
unknown
binary
21 b
unknown
3824
uTorrent.exe
POST
44.215.174.64:80
http://i-44.b-47006.ut.bench.utorrent.com/e?i=44
unknown
unknown
3824
uTorrent.exe
GET
200
178.79.242.181:80
http://cdn.ap.bittorrent.com/control/tags/ut.json
unknown
binary
31.7 Kb
unknown
3824
uTorrent.exe
POST
200
52.203.132.126:80
http://i-29.b-47006.ut.bench.utorrent.com/e?i=29
unknown
binary
21 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
668
utorrent_installer.tmp
108.156.61.223:443
d25ed8nduj7yxj.cloudfront.net
AMAZON-02
US
unknown
668
utorrent_installer.tmp
67.215.238.66:80
download-new.utorrent.com
ASN-QUADRANET-GLOBAL
US
unknown
1028
uTorrent.exe
52.71.124.178:80
i-6000.b-47006.ut.bench.utorrent.com
AMAZON-AES
US
unknown
3524
utorrent.exe
67.215.246.203:80
update.utorrent.com
ASN-QUADRANET-GLOBAL
US
unknown
3824
uTorrent.exe
178.79.242.16:80
apps.bittorrent.com
LLNW
DE
unknown
3824
uTorrent.exe
192.168.100.2:5351
whitelisted
3824
uTorrent.exe
82.221.103.244:6881
router.utorrent.com
unknown

DNS requests

Domain
IP
Reputation
d25ed8nduj7yxj.cloudfront.net
  • 108.156.61.223
  • 108.156.61.109
  • 108.156.61.139
  • 108.156.61.130
unknown
download-new.utorrent.com
  • 67.215.238.66
whitelisted
i-6000.b-47006.ut.bench.utorrent.com
  • 52.71.124.178
  • 52.5.148.209
  • 52.3.50.45
  • 44.213.155.118
  • 44.215.207.68
  • 52.0.142.221
  • 52.203.132.126
  • 52.202.17.153
unknown
router.bittorrent.com
  • 67.215.246.10
shared
router.utorrent.com
  • 82.221.103.244
whitelisted
update.utorrent.com
  • 67.215.246.203
whitelisted
i-21.b-47006.ut.bench.utorrent.com
  • 44.213.155.118
  • 52.20.164.195
  • 52.44.142.17
  • 52.21.247.199
  • 52.5.148.209
  • 44.215.207.68
  • 52.203.132.126
  • 44.220.122.244
unknown
go.microsoft.com
  • 23.35.238.131
whitelisted
apps.bittorrent.com
  • 178.79.242.16
whitelisted
i-70.b-47006.ut.bench.utorrent.com
  • 52.205.58.33
  • 52.3.50.45
  • 52.73.7.112
  • 52.203.132.126
  • 52.44.142.17
  • 52.20.164.195
  • 44.220.122.244
  • 52.5.148.209
unknown

Threats

PID
Process
Class
Message
668
utorrent_installer.tmp
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
668
utorrent_installer.tmp
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
668
utorrent_installer.tmp
Misc activity
ET INFO EXE - Served Attached HTTP
1028
uTorrent.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
3524
utorrent.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
3524
utorrent.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
1028
uTorrent.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
3824
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
3824
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BitTorrent DHT ping request
3824
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
utorrent_installer.exe