home

itorrent-application.exe

iTorrent

TORRENT

The executable itorrent-application.exe, “iTorrent application” has been detected as malware by 1 anti-virus scanner. This file is typically installed with the program iTorrent by iTorrent LCC. While running, it connects to the Internet address customers-nat-ip185-184-139.tagan.ru on port 58733.
Publisher:
iTorrent LCC  (signed by TORRENT)

Product:
iTorrent

Description:
iTorrent application

Version:
1.0.0.438

MD5:
45463097ecee00f9a3e1c05ebcd3976f

SHA-1:
03a696647f7b5960a9c670e24f7d651dcaeddade

SHA-256:
4aacd5de85aa8ae3e6548f5a609fdea8dd39fe8a0f9167cae8090a6ad94edae4

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/25/2024 11:58:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.16.16

File size:
4.7 MB (4,959,464 bytes)

Product version:
1.0.0.438

Copyright:
Copyright iTorrent(c) 2015

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\itorrent-application.exe

Digital Signature
Signed by:
TORRENT

Authority:
COMODO CA Limited

Valid from:
7/25/2016 3:00:00 AM

Valid to:
7/26/2017 2:59:59 AM

Subject:
CN=TORRENT, O=TORRENT, STREET="quay Admiral Tributsa, 37", L=Kaliningrad, S=Kaliningrad, PostalCode=TORRENT, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009F3C178BBD6EE1737FCA8EFE1B29A2F3

File PE Metadata
Compilation timestamp:
8/11/2016 1:51:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:sv9NrDS5bLSHI8En5q9ongRb4ZsL3HHVg387TwIuTb42J1NKaPczVonfslWRJBoS:svbxLE49onkMb38YIis2zA9qJBoS

Entry address:
0x2AAB1A

Entry point:
E8, CE, DD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 75, 14, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 05, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 33, C0, 57, 8D, 7D, E4, 6A, 07, 59, F3, AB, 39, 45, 10, 75, 15, E8, A5, E8, FF, FF, C7, 00, 16, 00, 00, 00, E8, 29, 3D, 00, 00, 83, C8, FF, EB, 78, 8B, 45, 0C, 56, 8B, 75, 08, 85, C0, 74, 19, 85, F6, 75, 15, E8, 81, E8, FF, FF, C7, 00, 16, 00, 00, 00, E8, 05, 3D, 00, 00, 83, C8, FF, EB, 53, B9, FF, FF, FF, 7F, 89, 4D, E4...
 
[+]

Code size:
3.2 MB (3,324,928 bytes)

The file itorrent-application.exe has been discovered within the following program.

iTorrent  by iTorrent LCC
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to customers-nat-ip185-184-139.tagan.ru  (185.9.184.139:58733)

TCP:
Connects to 95-87-64-135.saimanet.kg  (95.87.64.135:56565)

TCP:
Connects to shpd-178-69-164-80.vologda.ru  (178.69.164.80:38303)

TCP:
Connects to pppoe64.net46-233-253.se1.omkc.ru  (46.233.253.64:40142)

TCP:
Connects to ppp109-252-105-241.pppoe.spdop.ru  (109.252.105.241:2433)

TCP:
Connects to ppp109-252-105-153.pppoe.spdop.ru  (109.252.105.153:20178)

TCP:
Connects to net136.233.188-185.ertelecom.ru  (188.233.136.185:60103)

TCP:
Connects to ip-176-194-255-209.bb.netbynet.ru  (176.194.255.209:30775)

TCP:
Connects to client.yota.ru  (188.162.65.101:57915)

TCP:
Connects to balticom-238-185.balticom.lv  (83.99.238.185:64106)

TCP:
Connects to 93-80-251-82.broadband.corbina.ru  (93.80.251.82:16033)

TCP:
Connects to 4.216.151.178.triolan.net  (178.151.216.4:31292)

TCP:
Connects to 245.mtsnet.ru  (213.87.146.245:36938)

TCP:
Connects to 176-8-69-156.broadband.kyivstar.net  (176.8.69.156:25529)

TCP:
Connects to 13.244.126.92.adsl.tomsknet.ru  (92.126.244.13:38312)

TCP:
Connects to 10.120.PPPoE.ktb.ua  (46.98.120.10:43874)

TCP:
Connects to ppp85-140-5-191.pppoe.mtu-net.ru  (85.140.5.191:41676)

TCP:
Connects to nat.home-nadym.ru  (93.170.126.63:17478)

TCP:
Connects to host158.radionet.com.ua  (195.34.204.158:35033)

TCP:
Connects to host-109-174-112-15.bb-nsk.sib.mts.ru  (109.174.112.15:19012)

Remove itorrent-application.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.