home

utorrent-setup.exe

uTorrent.CZ

The application utorrent-setup.exe by uTorrent.CZ has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
emc  (signed by uTorrent.CZ)

Description:
µTorrent Setup

Version:
3.4.2 (32343)

MD5:
dbf9b0114e4e9d4894fb81153f1190f6

SHA-1:
8a39829cfa80d8d0ebaab0c2dcb350905f950a2a

SHA-256:
6e15a258350f0d2a1f5dfd55ac1761820ca9ec10e1a2fb1de1be39126906aac5

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/25/2024 11:39:39 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
W32.Application.Opencandy!c
2.1.4+

Agnitum Outpost
Packed/MPress
7.1.1

G Data
Win32.Application.OpenCandy
16.7.25

McAfee
Artemis!DBF9B0114E4E
5600.6348

Reason Heuristics
PUP.OpenCandy (M)
16.7.4.21

Vba32 AntiVirus
Trojan.BAT.MakeDirs
3.12.26.4

File size:
1.6 MB (1,633,792 bytes)

Copyright:
©2014 BitTorrent Inc.

File type:
Executable application (Win32 EXE)

Language:
Czech

Common path:
C:\users\{user}\downloads\utorrent-setup.exe

Digital Signature
Signed by:
uTorrent.CZ

Authority:
uTorrent.CZ Root CA

Valid from:
4/1/2014 12:00:00 AM

Valid to:
3/31/2015 11:59:59 PM

Subject:
CN=uTorrent.CZ, E=info@utorrent.cz

Issuer:
CN=uTorrent.CZ Root CA, E=info@utorrent.cz

Serial number:
2057884ECABCCD84467BB0317DD24110

File PE Metadata
Compilation timestamp:
6/9/2012 3:19:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:yZWJhZ+GE8/fSOUdtK+VUsIgd1qKeDReyA:yZ4hZPEmfEesfqKeDsyA

Entry address:
0x3A1B0

Entry point:
60, BE, 00, F0, 42, 00, 8D, BE, 00, 20, FD, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 9F, 8C, 03, 00, 57, 83, C3, 04, 53, 68, A1, B1, 00, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
48 KB (49,152 bytes)

Remove utorrent-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.