home

utorrent.exe

µTorrent

BitTorrent Inc.

The application utorrent.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘uTorrent’. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
BitTorrent Inc.

Product:
µTorrent

Version:
3.4.3.39944

MD5:
caedae57b4a9f030f5e572451dea90da

SHA-1:
c3b15d1ca60dac449df57fd5bff0c9f17bafcc92

SHA-256:
2c2c92574d610606c41b88923684cdcd7a53d99dcd8c913930592fa6661a062e

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
5/1/2024 5:50:03 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160917-0

Clam AntiVirus
Win.Trojan.Agent-1292026
0.98/23207

ESET NOD32
Win32/OpenCandy.A potentially unsafe application
6.3.12010.0

File size:
1.7 MB (1,743,184 bytes)

Product version:
3.4.3.39944

Copyright:
©2015 BitTorrent, Inc. All Rights Reserved.

Original file name:
uTorrent.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
4/6/2015 4:59:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3BD580

Entry point:
60, BE, 00, F0, 67, 00, 8D, BE, 00, 20, D8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 6A, BA, 3B, 00, 57, 83, C3, 04, 53, 68, 72, E5, 13, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9706  (probably packed)

Code size:
1.3 MB (1,310,720 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
uTorrent

Command:
%appdata%\utorrent\utorrent.exe


Remove utorrent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.