home

BTSync.exe

BitTorrent Sync

BitTorrent Inc

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘BitTorrent Sync’. The file has been seen being downloaded from download.usyncapp.com and multiple other hosts.
Publisher:
BitTorrent, Inc.  (signed by BitTorrent Inc)

Product:
BitTorrent Sync

Version:
2.0.105

MD5:
dc22defe0fa4e16afca711fa5df96e17

SHA-1:
cfb04552e50b47bfa7870a12fe96bf9450de809b

SHA-256:
e9b11c226a28a8d6919416efbcfd5a4445323dd196bf6697a9abf3e7a61d6480

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/7/2024 11:58:12 AM UTC  (today)

File size:
5.5 MB (5,776,736 bytes)

Product version:
2.0.105

Copyright:
Copyright (C) 2015 BitTorrent, Inc. All Rights Reserved.

Original file name:
BTSync.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
BitTorrent Inc

Authority:
VeriSign, Inc.

Valid from:
6/5/2013 1:00:00 AM

Valid to:
9/4/2016 12:59:59 AM

Subject:
CN=BitTorrent Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BitTorrent Inc, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5732C1574E6AF828E1B4F93ABB34ED08

File PE Metadata
Compilation timestamp:
4/10/2015 10:21:46 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:3AshzlqG7ZBz5g/r45xo7skRpV1N5ze5rNsrDid2uqcnG:QshhqIz5g/BQkLV1LzeMfqG

Entry address:
0x1A1E79

Entry point:
E8, 67, 13, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 68, 66, 62, 00, E8, C1, 26, 00, 00, E8, ED, 77, 00, 00, 0F, B7, F0, 6A, 02, E8, FA, 12, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 58, 28, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.3494

Code size:
1.7 MB (1,805,824 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BitTorrent Sync

Command:
"C:\androidsync\btsync.exe" \minimized


The file BTSync.exe has been seen being distributed by the following 4 URLs.

http://download.usyncapp.com/.../BTSync.exe

http://download-lb.utorrent.com/endpoint/btsync/os/windows/.../stable

http://download.usyncapp.com/updates/.../BTSync.exe

https://download-cdn.getsyncapp.com/stable/.../BitTorrent-Sync.exe

Scan BTSync.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.