home

BTSync.exe

BitTorrent Sync

BitTorrent Inc

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘BitTorrent Sync’. The file has been seen being downloaded from down.filepuma.com and multiple other hosts.
Publisher:
BitTorrent, Inc.  (signed by BitTorrent Inc)

Product:
BitTorrent Sync

Version:
2.3.6.378

MD5:
ac7779c06e623ab5d5d081c7b2a4969e

SHA-1:
937164be93c707022ead3d94a24a4bb650d0dd3a

SHA-256:
90910be50504bb7f45e9dcbc1d220b934268a0f100de25dd0c3b70891dfbe2da

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/7/2024 1:49:09 PM UTC  (today)

File size:
9.7 MB (10,206,712 bytes)

Product version:
2.3.6.378

Copyright:
Copyright (C) 2016 BitTorrent, Inc. All Rights Reserved.

Original file name:
BTSync.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\bittorrent sync\btsync.exe

Digital Signature
Signed by:
BitTorrent Inc

Authority:
Symantec Corporation

Valid from:
1/21/2016 6:00:00 PM

Valid to:
9/3/2016 6:59:59 PM

Subject:
CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
59123D60D39E60127D6B456A62C9DEAC

File PE Metadata
Compilation timestamp:
3/28/2016 4:02:14 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
196608:bSw+2CpFcCrkJthgv5a5wOZPXDXM0WYY2Wf9e1kPDXxtDXQzu:bSw+20FcCrkJt1PzXbW/2WVe1eXxFXQS

Entry address:
0x2C6C38

Entry point:
48, 83, EC, 28, E8, FF, 1B, 01, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, A8, 85, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, 8B, 1B, 01, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, 87, 93, D3, FF, 66, 39, 05, 80, 93, D3, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, AF, 93, D3, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89...
 
[+]

Entropy:
7.0043

Code size:
3 MB (3,165,184 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BitTorrent Sync

Command:
"C:\users\{user}\appdata\roaming\bittorrent sync\btsync.exe" \minimized


The file BTSync.exe has been seen being distributed by the following 3 URLs.

http://down.filepuma.com/files/backup/.../BitTorrent_Sync(64bit)_v2.3.6.exe

http://download-cdn.getsync.com/2.3.6/.../BitTorrent-Sync_x64.exe

https://download-cdn.getsync.com/stable/.../BitTorrent-Sync_x64.exe

Scan BTSync.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.