home

UTorrent.dll

UTorrent Addon

Ask.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The module UTorrent.dll by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Ask.com  (signed and verified)

Product:
UTorrent Addon

Version:
2, 0, 0, 1000

MD5:
91e51e590f60aefa4b7efd4d29c9c786

SHA-1:
e335e7a1f80d79d9fb9fd614f0c7ff7857bf267d

SHA-256:
81223eac5fe9e1098451b07be1211ff3df9e3c6816905409c8f398648f2c51da

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 8:54:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
16.2.14.14

File size:
1.3 MB (1,395,592 bytes)

Product version:
2, 0, 0, 1000

Copyright:
Copyright © 2009 Ask.com, All rights reserved.

Trademarks:
Copyright © 2009 Ask.com, All rights reserved.

Original file name:
UTorrent.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\asktoolbar\downloaded Program Files\utorrent.dll

Digital Signature
Signed by:
Ask.com

Authority:
VeriSign, Inc.

Valid from:
6/16/2008 8:00:00 PM

Valid to:
6/17/2011 7:59:59 PM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
286F8A30E2EAC6965B936F826A05305D

Registration
CLSID:
{678FDBC4-B8CB-4967-9CED-395488EE4E4E}

ProgID:
Ask.UTorrent

COM registered:
Yes

File PE Metadata
Compilation timestamp:
6/25/2010 1:03:39 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:XNw7CsWpfvua3E7dDzoqnJtsUh10n5VKXcYCMbicMx87AxL86U3P6AuWivRQBUPh:kWh3SnqlIbMG+L86iuWiveaQXl+qhK

Entry address:
0x9D0A1

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A4, C3, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, E0, F2, 12, 10, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, E0, F2, 12, 10, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF...
 
[+]

Entropy:
6.3827

Code size:
977.5 KB (1,000,960 bytes)

Remove UTorrent.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.