» utorrent-2.2.1.25534.en.setup.exe
Overview
Analysis
File Details
Downloads (2)

utorrent-2.2.1.25534.en.setup.exe

uTorrent.CZ

The application utorrent-2.2.1.25534.en.setup.exe by uTorrent.CZ has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from www.utorrent.cz and multiple other hosts.

File name:

Publisher:

emc (signed by uTorrent.CZ)

Description:

µTorrent Setup

Version:

2.2.1 (25534)

MD5:

f373d6db65c193b298cda4b4bec644d5

SHA-1:

af91db55fc3dfd0f6d28e86217f8edd375d30571

SHA-256:

4a60c9717bdf6e77be1953e22b8c33da85a7fe98e767ebd7867902269144b1a5

Scanner detections:

4 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/26/2024 2:35:23 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

W32.Application.Opencandy!c

2.1.4+

G Data

Win32.Application.OpenCandy

16.4.25

Reason Heuristics

PUP.OpenCandy (M)

16.4.8.17

Zillya! Antivirus

Trojan.Injector.Win32.331053

2.0.0.2760

File size:

2.6 MB (2,691,664 bytes)

File type:

Executable application (Win32 EXE)

Language:

cseh (Cseh Köztársaság)

Common path:

C:\users\{user}\downloads\utorrent-2.2.1.25534.en.setup.exe

Digital Signature

Signed by:

uTorrent.CZ

Authority:

uTorrent.CZ Root CA

Valid from:

1/1/2016 12:00:00 AM

Valid to:

12/31/2016 11:59:59 PM

Subject:

CN=uTorrent.CZ, E=info@utorrent.cz

Issuer:

CN=uTorrent.CZ Root CA, E=info@utorrent.cz

Serial number:

F34C92C6AC370DAE448B22A19A77091C

File PE Metadata

Compilation timestamp:

6/9/2012 3:19:49 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:CMCGGbAmWH/kbEypFso7ibhZYKynx9HoxfQWzKtTeLibHKo3OGx57V1YAOcnNPLz:CMCGGPsMxF0nYBnx9a4WzKtToirh7V1x

Entry address:

0x3A0F0

Entry point:

60, BE, 00, F0, 42, 00, 8D, BE, 00, 20, FD, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 9F, 8C, 03, 00, 57, 83, C3, 04, 53, 68, E0, B0, 00, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

48 KB (49,152 bytes)

The file utorrent-2.2.1.25534.en.setup.exe has been seen being distributed by the following 2 URLs.

http://www.utorrent.cz/.../utorrent-2.2.1.25534.en.setup.exe

https://www.utorrent.cz/.../utorrent-2.2.1.25534.en.setup.exe

Remove utorrent-2.2.1.25534.en.setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.