Windows Analysis Report
uTorrent.exe

Overview

General Information

Sample name: uTorrent.exe
Analysis ID: 1432046
MD5: 35238d8e052c7cfdde63e6c11ce852fa
SHA1: 8724c59a257e11a4d91c2b891297c16549255221
SHA256: 6453d431431ec8ccb8b859e079062750a7f50f0b6f4266ebbed97a36f45013a1
Infos:

Detection

Score: 66
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to infect the boot sector
Delayed program exit found
Machine Learning detection for sample
Tries to detect sandboxes / dynamic malware analysis system (registry check)
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: http://config.install-zone.com/68E633381BD14a69BD08A05C22B72D6A/offers.json?version=1.1&pid=2&ts=&br Avira URL Cloud: Label: malware
Source: http://67.215.246.206/offers/SMStub-en-20150508.exe Avira URL Cloud: Label: malware
Source: http://config.install-zone.com Avira URL Cloud: Label: malware
Source: http://imp.install-zone.com/impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=instal Avira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: config.install-zone.com Virustotal: Detection: 8% Perma Link
Source: imp.install-zone.com Virustotal: Detection: 9% Perma Link
Source: http://67.215.246.206/offers/SMStub-en-20150508.exe Virustotal: Detection: 11% Perma Link
Source: http://config.install-zone.com/68E633381BD14a69BD08A05C22B72D6A/offers.json?version=1.1&pid=2&ts=&br Virustotal: Detection: 11% Perma Link
Source: http://config.install-zone.com Virustotal: Detection: 8% Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\ADKAppsOfferManager.dll Virustotal: Detection: 18% Perma Link
Multi AV Scanner detection for submitted file
Source: uTorrent.exe ReversingLabs: Detection: 30%
Source: uTorrent.exe Virustotal: Detection: 23% Perma Link
Machine Learning detection for sample
Source: uTorrent.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00522AA9 CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext, 0_2_00522AA9
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0046F48F PFXImportCertStore,CertEnumCertificatesInStore,CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptGenKey,CertOpenStore,CertStrToNameW,CertCloseStore,CertStrToNameW,CertCreateSelfSignCertificate,CertSetCRLContextProperty,CertAddCertificateContextToStore,PFXExportCertStoreEx,PFXExportCertStoreEx, 0_2_0046F48F
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004942FF lstrcpynW,CryptQueryObject,GetLastError,CryptMsgGetParam,GetLastError,LocalAlloc,CryptMsgGetParam,CertFindCertificateInStore,GetLastError, 0_2_004942FF
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00494519 LocalFree,LocalFree,CertFreeCRLContext,CertCloseStore,CryptMsgClose, 0_2_00494519
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0046E8C7 CryptReleaseContext, 0_2_0046E8C7
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0046E88C CryptDestroyKey, 0_2_0046E88C
Uses 32bit PE files
Source: uTorrent.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: uTorrent.exe Static PE information: certificate valid
Source: uTorrent.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: c:\iBryte\Source\DLL\Installer\ADKAppsOfferManagerNoMFC\Release\ADKAppsOfferManager.pdb source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2875822727.000000006CDB1000.00000040.00000001.01000000.00000006.sdmp
Source: Binary string: C:\buildbot\utorrent_slave\utorrent_release\build\Build\uTorrentRelease\utorrent.pdb source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004040F6 FindFirstFileW,CreateFileW,CloseHandle,FindNextFileW,FindClose, 0_2_004040F6
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004122AB FindFirstFileW,FindNextFileW,FindClose, 0_2_004122AB
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00412341 FindFirstFileW,FindNextFileW,FindClose, 0_2_00412341
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00462C59 FindFirstFileW,FindFirstFileW,FindClose,FindClose,FindFirstFileW,FindNextFileW,FindClose, 0_2_00462C59
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0045F26D InterlockedIncrement,FindFirstFileW,FindNextFileW,FindClose, 0_2_0045F26D
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004118D7 FindFirstFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_004118D7
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00411B84 FindFirstFileW,FindClose, 0_2_00411B84
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 67.215.246.203 67.215.246.203
Source: Joe Sandbox View IP Address: 193.166.255.171 193.166.255.171
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=setup_run&spsource=68E633381BD14a69BD08A05C22B72D6A&traffic_source=68E633381BD14a69BD08A05C22B72D6A&browser=CR&implementation_id=dll HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: imp.install-zone.comConnection: Keep-Alive
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0041A6AB WSARecv,WSASetLastError, 0_2_0041A6AB
Source: global traffic HTTP traffic detected: GET /installoffer.php?h=gsH3T5oDAGRYQBO2&v=107049414&w=23F00206&l=en&c=CH&w64=1&db=iexplore.exe&cl=uTorrent&svp=4&tsub=1 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerretrievedfromserver&pid=7264&au=0&ServerOfferRetrieved=1&sec_offs=oc%2cadk&view=win32 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showtbexists&pid=7264&au=0&tbe=0&cd=0&view=win32 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=setup_run&spsource=68E633381BD14a69BD08A05C22B72D6A&traffic_source=68E633381BD14a69BD08A05C22B72D6A&browser=CR&implementation_id=dll HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: imp.install-zone.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /updatestats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&k=&ip=0&dl=7069859&error=invalid%20URL&dlurl=&svp=4&pid=7264&sz=0&bin=<NULL>bmp HTTP/1.1Host: update.utorrent.comUser-Agent: BTWebClient/3300(29126)Accept-Encoding: gzipConnection: Close
Source: global traffic HTTP traffic detected: GET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showwarning&pid=7264&au=0&view=win32 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showinstall&pid=7264&au=0&au=0&view=win32 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerapierror&pid=7264&au=0&OfferError=OfferNotReady&OfferProvider=OpenCandy&OfferType=Server&view=win32 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: 'NScript Error: line=%d char=%d code=%d message=%s url=%serrorUrlerrorMessageerrorCodeerrorCharactererrorLineabout:blankenterleave%c%S%cport=%d&pair=%Hhttp://www.facebook.com/plugins/like.php?.cleverbridge.comcleverbridge.com.utorrent.com.bittorrent.comhttp://featuredcontent.staging.utorrent.comhttp://featuredcontent.utorrent.com/mailto:btresource:// equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: @cancelledhttps://www.facebook.com/dialog/oauthclient_id=%S&redirect_uri=%s&response_type=token&display=popup%s&scope=%Shttp://www.facebook.com/checkpoint/https://www.facebook.com/checkpoint/http://www.facebook.com/dialog/permissions.requesthttps://www.facebook.com/dialog/permissions.requesthttp://www.facebook.com/connect/uiserver.phphttps://www.facebook.com/connect/uiserver.phphttp://www.facebook.com/login.phphttps://www.facebook.com/login.phphttp://www.facebook.com/connect/login_success.htmlhttps://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Nhttps://www.facebook.com/dialog/apprequestsapp_id=%S&display=popup&message=%s&redirect_uri=%s%s&to=%Shttp://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
Source: uttE086.tmp.new.0.dr String found in binary or memory: Recognizing the global nature of the Internet, you agree to comply with all local rules regarding online conduct and acceptable Content. Use of the Yahoo Services and transfer, posting and uploading of software, technology, and other technical data via the Yahoo Services may be subject to the export and import laws of the United States and other countries. You agree to comply with all applicable export and import laws and regulations, including without limitation the Export Administration Regulations (see http://www.access.gpo.gov/bis/ear/ear_data.html) and sanctions control programs of the United States (see http://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx). In particular, you represent and warrant that you: (a) are not a prohibited party identified on any government export exclusion lists (see http://www.bis.doc.gov/complianceandenforcement/liststocheck.htm) or a member of a government of any other export-prohibited countries as identified in applicable export and import laws and regulations; (b) will not transfer software, technology, and other technical data via the Yahoo Services to export-prohibited parties or countries; (c) will not use the Yahoo Services for military, nuclear, missile, chemical or biological weaponry end uses in violation of U.S. export laws; and (d) will not transfer, upload, or post via the Yahoo Services any software, technology or other technical data in violation of U.S. or other applicable export or import laws. equals www.yahoo.com (Yahoo)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.facebook.com/checkpoint/ equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.facebook.com/connect/uiserver.php equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.facebook.com/dialog/permissions.request equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.facebook.com/login.php equals www.facebook.com (Facebook)
Source: uTorrent.exe String found in binary or memory: http://www.facebook.com/plugins/like.php? equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.facebook.com/checkpoint/ equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.facebook.com/connect/uiserver.php equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.facebook.com/dialog/apprequests equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.facebook.com/dialog/permissions.request equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.facebook.com/login.php equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: update.utorrent.com
Source: global traffic DNS traffic detected: DNS query: imp.install-zone.com
Source: global traffic DNS traffic detected: DNS query: config.install-zone.com
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://%s/installstats.php
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://%s/offers/conduit-default.bmp
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://%s/offers/conduit-default.exe
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://%s/offers/conduit-default.exeimage_urlhttp://%s/offers/conduit-default.bmpadkbunndlesecondary
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://%s/update_event.php
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://%s/updatestats.php
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://12345.ourtoolbar.com/LearnMore
Source: uTorrent.exe String found in binary or memory: http://127.0.0.1:%d/proxy?sid=%S&file=%d
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://127.0.0.1:%d/proxy?sid=%S&file=%d%S#http://localhost:%dfile=%Ubtapp:/select
Source: uTorrent.exe String found in binary or memory: http://127.0.0.1:%d/proxy?sid=%x&file=%d
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://127.0.0.1:%d/proxy?sid=%x&file=%dresult
Source: uTorrent.exe String found in binary or memory: http://127.0.0.1:%d/search?q=%%s
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://127.0.0.1:%d/search?q=%%shttp://www.bittorrent.comdlimagecache
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://2851619.ourtoolbar.com/eula
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://2851619.ourtoolbar.com/privacy
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://67.215.246.206/offers/SMStub-en-20150508.exe
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://apps.bittorrent.com
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/Eula/TermsAndPrivacy.html
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar.benc.new.0.dr, uttE086.tmp.new.0.dr String found in binary or memory: http://apps.bittorrent.com/Eula/TermsAndPrivacy.html11:footer_text314:Set
Source: uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr String found in binary or memory: http://apps.bittorrent.com/Eula/TermsAndPrivacy.html2:id6:spigot9:image_url0:10:image_hash0:9:image_
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btapp
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btappk
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btapponei
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/featuredcontent/featuredcontent.btappL
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://apps.bittorrent.com/mism/ism.exe
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://apps.bittorrent.com/mism/ism.exedeltree
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/store/store.btapp
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://apps.bittorrent.com/store/store.btapphttp://apps.bittorrent.com/featuredcontent/featuredconte
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://apps.bittorrent.com/torque/pairing/style.%s%scss
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://apps.bittorrent.com/torque/pairing/style.%s%scssstyleiframe/gui/pairimage/x-ms-bmp/gui/pingim
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapp
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapp?)8
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/plus2.btapp
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome.btapp
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome.btapphttp://apps.bittorrent.com/utorrent-onbo
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://apps.bittorrent.comVietnamese
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://bench.utorrent.com
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://bench.utorrent.comeventNamelcic_1lcic_0ltic_1ltic_0lreftectslclh
Source: uTorrent.exe String found in binary or memory: http://bit.ly/HTwxBj
Source: uTorrent.exe String found in binary or memory: http://certificates.godaddy.com/repository/0
Source: uTorrent.exe String found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: uTorrent.exe String found in binary or memory: http://certificates.godaddy.com/repository/gdroot.crl0K
Source: uTorrent.exe String found in binary or memory: http://certificates.godaddy.com/repository0
Source: uTorrent.exe String found in binary or memory: http://certificates.godaddy.com/repository100.
Source: uTorrent.exe String found in binary or memory: http://certificates.starfieldtech.com/repository/1604
Source: uTorrent.exe String found in binary or memory: http://certs.starfieldtech.com/repository/1/0-
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://config.install-zone.com
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://config.install-zone.com/68E633381BD14a69BD08A05C22B72D6A/offers.json?version=1.1&pid=2&ts=&br
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://crl.godaddy.com/gds1-14.crl0S
Source: uTorrent.exe String found in binary or memory: http://crl.godaddy.com/gds5-16.crl0S
Source: uTorrent.exe String found in binary or memory: http://crl.starfieldtech.com/sfsroot.crl0S
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://crl.thawte.com/ThawteServerPremiumCA.crl0
Source: uTorrent.exe String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://download.utorrent.com/help/utorrent-help-3301.zip
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://download.utorrent.com/help/utorrent-help-3301.zip%s
Source: uTorrent.exe String found in binary or memory: http://download.utorrent.com/public/DivXPlayer.html
Source: uTorrent.exe String found in binary or memory: http://download.utorrent.com/public/DivXPlayer.html?url=%1
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://download.utorrent.com/public/DivXPlayer.htmlhttp://download.utorrent.com/public/DivXPlayer.ht
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://download3.utorrent.com/offers/SMStub-en-20150508.exe
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://download3.utorrent.com/offers/SMStub-en-20150508.exep=4&tsub=1%
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://dslreports.com/speedtest/
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversion
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversion%
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversion(x8j
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversion=C:j
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversionEb
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversionSbb
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversionabp
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversionb
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversionc
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversiond
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversionf
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversionfbw
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversiong
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversionj
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversionndows$
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversionobN
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://events.bittorrent.com/startConversiontbE
Source: uTorrent.exe String found in binary or memory: http://featuredcontent.staging.utorrent.com
Source: uTorrent.exe String found in binary or memory: http://featuredcontent.utorrent.com/
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874527484.0000000000C16000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://forum.utorrent.com.
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://forum.utorrent.com?client=utorrent3300
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://help.bittorrent.com
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://help.utorrent.com/customer/portal/articles/257678
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874527484.0000000000C0B000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874527484.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://imp.install-zone.com/impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=instal
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://imp.install-zone.com/impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=setup_
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ll.download3.utorrent.com/offers/SMStub-en-20150508.exe
Source: uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar.benc.new.0.dr, uttE086.tmp.new.0.dr String found in binary or memory: http://ll.download3.utorrent.com/offers/SMStub-en-20150508.exe62:http://ll.download3.utorrent.com/of
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ll.download3.utorrent.com/offers/SMStub-en-20150508.exeb
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ll.download3.utorrent.com/offers/SMStub-en-20150508.exevk
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003CF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ll.download3.utorrent.com/offers/conduit-default.bmp
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003CF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ll.download3.utorrent.com/offers/conduit-default.bmpx
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ll.download3.utorrent.com/offers/conduit-default.exe
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ll.download3.utorrent.com/offers/conduit-default.exeats
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/Mbit/skbit/sbit/sok%s%d:%d:%d:%d:%shttp://update.utorrent.c
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/speedtestobjects.txt
Source: uTorrent.exe String found in binary or memory: http://ocsp.godaddy.com/0J
Source: uTorrent.exe String found in binary or memory: http://ocsp.godaddy.com0F
Source: uTorrent.exe String found in binary or memory: http://ocsp.starfieldtech.com/09
Source: uTorrent.exe String found in binary or memory: http://ocsp.thawte.com0
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://offers.bittorrent.com/w/1.0/arj
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://offers.bittorrent.com/w/1.0/arj:a
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://offers.bittorrent.com/w/1.0/arjPa
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://offers.bittorrent.com/w/1.0/arjUi
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://offers.bittorrent.com/w/1.0/arjb
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://offers.bittorrent.com/w/1.0/arjf
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://offers.bittorrent.com/w/1.0/arjg
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://offers.bittorrent.com/w/1.0/arjhttp://events.bittorrent.com/startConversionsettings.datbenchr
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://offers.bittorrent.com/w/1.0/arjj
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://offers.bittorrent.com/w/1.0/arjstf
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://offers.bittorrent.com/w/1.0/arjt=f
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://portforward.com/
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://pr.apps.bittorrent.com/share/share.btapp
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://remote.utorrent.com/
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://remote.utorrent.com/send?btih=
Source: uTorrent.exe String found in binary or memory: http://rssfeed.com/rss.xml
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://rssfeed.com/rss.xmlactive_panead_barplus_bgfile=%s
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: uTorrent.exe String found in binary or memory: http://search.conduit.com/Result
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://search.conduit.com/Results.aspx?ctid=CT3083945&amp;searchsource=45&amp;&%s
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://search.utorrent.com/bntop.html
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://svr-ov-crl.thawte.com/ThawteOV.crl0
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://tinyurl.com/api-create.php?url=%U
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://tinyurl.com/api-create.php?url=%U%s%H&dn=%U&message=%U%s%H&dn=%U&message=%U&sid=%s&cid=%Uhttp
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://tracker001.legaltorrents.com:7070/announce
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://tracker001.legaltorrents.com:7070/announcettix
Source: uTorrent.exe String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: uTorrent.exe String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: uTorrent.exe String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://tshttp://update.bittorrent.com/time.php
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://update.bittorrent.com/time.php
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://update.utorrent.com
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://update.utorrent.com/hang.php
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://update.utorrent.com/hang.phpunhungmtNA-%ddisknet:%d
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://update.utorrent.com/installoffer.php
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://update.utorrent.com/installoffer.php?h=gsH3T5oDAGRYQBO2&v=107049414&w=23F00206&l=en&c=CH&w64=
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://update.utorrent.com/installoffer.phpOfferNotReadyNotProvidedDefaultBunndleonPageInit:DLG_OFFE
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://update.utorrent.com/installstats.php
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://update.utorrent.com/installstats.phpZ
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://update.utorrent.com/installstats.phpe)
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://update.utorrent.com/installstats.phpen-20150508.exet
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://update.utorrent.com/installstats.phpub-en-20150508.exe
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://update.utorrent.com/speedserverlist.php
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://update.utorrent.com/speedserverlist.phphttp://ll.www.bittorrent.com/llspeedtest/speedtestobje
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://update.utorrent.com/speedstats.php?result=
Source: uTorrent.exe String found in binary or memory: http://update.utorrent.com/survey
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://update.utorrent.com/survey%s
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://update.utorrent.com/uninstall?type=%s-%U&h=%s&v=%d
Source: uTorrent.exe, 00000000.00000003.1968797599.0000000003D4A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://update.utorrent.com/updatestats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&k=&ip=0&dl=706
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://utorrent.com/download/langpacks/dl.php?build=29126&ref=client&client=utorrent&sys_l=%s&sel_l=
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://utorrent.com/rsstutorial.php
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://utorrent.com/testport?plain=1
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://utorrent.com/webui-guide.php
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://utorrent.com/webui/version-%s
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://utorrent.com/webui/webui-%s-%s.zip
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://utorrent.com/webui/webui-%s-%s.zip3.3http://utorrent.com/webui/version-%s.gz...gz
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729568038.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.dr String found in binary or memory: http://www.access.gpo.gov/bis/ear/ear_data.html)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.apple.com/itunes
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729568038.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.dr String found in binary or memory: http://www.bis.doc.gov/complianceandenforcement/liststocheck.htm)
Source: uTorrent.exe String found in binary or memory: http://www.bittorrent.com
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.bittorrent.com/certified-devices/
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.bittorrent.com/certified-devices/http://www.apple.com/itunesdevice
Source: uTorrent.exe String found in binary or memory: http://www.bittorrent.com/dna/whatisdna/
Source: settings.dat.new.0.dr String found in binary or memory: http://www.bittorrent.com/search?client=%v&search=
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003CF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.mininova.org/search/?cat=0&search=
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.mininova.org/search/?cat=0&search=0
Source: uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, settings.dat.new.0.dr String found in binary or memory: http://www.mininova.org/search/?cat=0&search=13:selected_catsle8:selfcert1797:0
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729568038.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.dr String found in binary or memory: http://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx).
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com.
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com/download.php
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com/download.php%d
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com/faq
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com/faq#mlabs
Source: uTorrent.exe String found in binary or memory: http://www.utorrent.com/faq.php
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com/faq.php100
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com/faq?client=utorrent3300
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com/faq?client=utorrent3300http://forum.utorrent.com?client=utorrent3300http://w
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com/legal/eula.
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com/testport.php?port=%d
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.com?client=utorrent3300
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.utorrent.comNoRepairNoModifyMinorVersionVersionMinorMajorVersionVersionMajorDisplayVersio
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://yogi.apps.bittorrent.com/track/?data=%s&ip=1
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://%s/checkupdate.php
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://%s/checkupdate.phphttp://%s/updatestats.phphttp://%s/installstats.phphttp://%s/update_event.
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://activate.utorrent.com
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://activate.utorrent.com/get_av
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://activate.utorrent.com/get_codec
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://activate.utorrent.com/get_codecc
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://activate.utorrent.com/get_player
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://activate.utorrent.com/get_playerolumns
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://activate.utorrent.comGetProcessMemoryInfopsapi.dllHTTP
Source: uTorrent.exe String found in binary or memory: https://certs.starfieldtech.com/repository/0
Source: uTorrent.exe, 00000000.00000003.1968797599.0000000003D4A000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.dr String found in binary or memory: https://info.yahoo.com/legal/us/yahoo/utos/terms/
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.dr String found in binary or memory: https://info.yahoo.com/legal/us/yahoo/utos/terms/.
Source: uTorrent.exe, 00000000.00000003.1968797599.0000000003D4A000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.dr String found in binary or memory: https://info.yahoo.com/privacy/us/yahoo/
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729568038.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.dr String found in binary or memory: https://info.yahoo.com/privacy/us/yahoo/.
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000C0B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: uTorrent.exe String found in binary or memory: https://remote.utorrent.com
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://remote.utorrent.comhttp://www.bittorrent.com/dna/whatisdna/http://bit.ly/HTwxBj%Z
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004E8812 IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,_strnicmp,_strnicmp,CloseClipboard, 0_2_004E8812
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004E8812 IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,_strnicmp,_strnicmp,CloseClipboard, 0_2_004E8812
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004BCAD5 GetAsyncKeyState, 0_2_004BCAD5
Contains functionality to call native functions
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00411DC7 NtSetInformationFile, 0_2_00411DC7
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00454C91: GetFileAttributesW,DeviceIoControl,SetEndOfFile,SetFileValidData,GetLastError, 0_2_00454C91
Detected potential crypto function
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0043069F 0_2_0043069F
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0040C99D 0_2_0040C99D
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00474050 0_2_00474050
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0043E16F 0_2_0043E16F
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0048028C 0_2_0048028C
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00408306 0_2_00408306
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00428318 0_2_00428318
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004983A4 0_2_004983A4
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0048441E 0_2_0048441E
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0040A420 0_2_0040A420
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00438493 0_2_00438493
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004447A1 0_2_004447A1
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00422809 0_2_00422809
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0044C838 0_2_0044C838
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0049A9B1 0_2_0049A9B1
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004B4A3C 0_2_004B4A3C
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00438BD4 0_2_00438BD4
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00438E8E 0_2_00438E8E
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00498EAF 0_2_00498EAF
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0051CEBD 0_2_0051CEBD
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0043AFD2 0_2_0043AFD2
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00498F89 0_2_00498F89
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004370D0 0_2_004370D0
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0048324C 0_2_0048324C
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004FB21A 0_2_004FB21A
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004433A8 0_2_004433A8
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0044552F 0_2_0044552F
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0044D582 0_2_0044D582
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004FB6A2 0_2_004FB6A2
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0043F76B 0_2_0043F76B
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004417DB 0_2_004417DB
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004837BF 0_2_004837BF
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00467843 0_2_00467843
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0044B87F 0_2_0044B87F
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0043BA7B 0_2_0043BA7B
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00437B2E 0_2_00437B2E
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00479CFD 0_2_00479CFD
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 0044E8F3 appears 52 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 004168D2 appears 35 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 0040E828 appears 137 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 00415181 appears 52 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 0040E80A appears 116 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 0042920D appears 31 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 00427481 appears 79 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 004164F8 appears 33 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 004163D0 appears 44 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 0046E196 appears 75 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 0040E21C appears 37 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 00413713 appears 32 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 0044FD6B appears 53 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 00427DB8 appears 47 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 0046C1C2 appears 31 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 00415982 appears 39 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 004151DD appears 136 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 00416449 appears 94 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 00415121 appears 64 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 004327B6 appears 43 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 0040E096 appears 32 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 00472875 appears 39 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 004327F2 appears 129 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 0041640E appears 42 times
Source: C:\Users\user\Desktop\uTorrent.exe Code function: String function: 0047DC78 appears 58 times
PE file contains executable resources (Code or Archives)
Source: uTorrent.exe Static PE information: Resource name: RT_DIALOG type: SVR2 pure executable (Amdahl-UTS) - version 1767344497
Source: uTorrent.exe Static PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Sample file is different than original file name gathered from version info
Source: uTorrent.exe, 00000000.00000002.2875912267.000000006CDF9000.00000004.00000001.01000000.00000006.sdmp Binary or memory string: OriginalFilenameADKAppsOfferManager.dll8 vs uTorrent.exe
Source: uTorrent.exe Binary or memory string: OriginalFilenameBunndleOfferManagerL vs uTorrent.exe
Source: uTorrent.exe Binary or memory string: OriginalFilenameADKAppsOfferManager.dll8 vs uTorrent.exe
Uses 32bit PE files
Source: uTorrent.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: uTorrent.exe Static PE information: Section: UPX1 ZLIB complexity 0.9983918599656357
Source: ADKAppsOfferManager.dll.0.dr Static PE information: Section: UPX1 ZLIB complexity 0.9892021534974094
Source: classification engine Classification label: mal66.evad.winEXE@1/9@3/2
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004296E5 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,CloseHandle,AdjustTokenPrivileges,GetLastError,GetLastError,CloseHandle,GetLastError, 0_2_004296E5
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00411A5D GetDiskFreeSpaceExW, 0_2_00411A5D
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004A853F FindResourceA,LoadResource,LockResource,SizeofResource,GlobalAlloc,FreeResource,memcpy,FreeResource, 0_2_004A853F
Source: C:\Users\user\Desktop\uTorrent.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\1f91d2d17ea675d4c2c3192e241743f9_9e146be9-c76a-4720-bcdb-53011b87bd06 Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\ Torrent4823DF041B09
Source: C:\Users\user\Desktop\uTorrent.exe File created: C:\Users\user\AppData\Local\Temp\uttB8B8.tmp Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: uTorrent.exe ReversingLabs: Detection: 30%
Source: uTorrent.exe Virustotal: Detection: 23%
Source: uTorrent.exe String found in binary or memory: %s /LAUNCHBUNDLEDURLTYPE %s
Source: uTorrent.exe String found in binary or memory: %s /LAUNCHBUNDLEDURL %s
Source: uTorrent.exe String found in binary or memory: http://%s/installstats.php
Source: uTorrent.exe String found in binary or memory: utorrent-help.zip
Source: uTorrent.exe String found in binary or memory: %I.in-addr.arpa
Source: uTorrent.exe String found in binary or memory: add-stopped
Source: uTorrent.exe String found in binary or memory: http://download.utorrent.com/help/utorrent-help-3301.zip
Source: uTorrent.exe String found in binary or memory: -show-start-page
Source: uTorrent.exe String found in binary or memory: -open-thank-you-page -open-welcome -pair-key "%1" -launch-app client "%2"
Source: uTorrent.exe String found in binary or memory: http://update.utorrent.com/installoffer.php
Source: uTorrent.exe String found in binary or memory: Not-Installed
Source: C:\Users\user\Desktop\uTorrent.exe File read: C:\Users\user\Desktop\uTorrent.exe Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: icmp.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Automated click: Accept
Source: C:\Users\user\Desktop\uTorrent.exe Automated click: Next >
Source: C:\Users\user\Desktop\uTorrent.exe Automated click: Accept
Source: C:\Users\user\Desktop\uTorrent.exe Automated click: Next >
Source: C:\Users\user\Desktop\uTorrent.exe Automated click: Accept
Source: C:\Users\user\Desktop\uTorrent.exe Automated click: I Agree
Source: C:\Users\user\Desktop\uTorrent.exe Automated click: Accept
Source: C:\Users\user\Desktop\uTorrent.exe Automated click: Next >
Source: C:\Users\user\Desktop\uTorrent.exe Automated click: Accept
Source: uTorrent.exe Static PE information: certificate valid
Source: uTorrent.exe Static file information: File size 1051984 > 1048576
Source: uTorrent.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: c:\iBryte\Source\DLL\Installer\ADKAppsOfferManagerNoMFC\Release\ADKAppsOfferManager.pdb source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2875822727.000000006CDB1000.00000040.00000001.01000000.00000006.sdmp
Source: Binary string: C:\buildbot\utorrent_slave\utorrent_release\build\Build\uTorrentRelease\utorrent.pdb source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004782BF LoadLibraryA,GetProcAddress,GetLastError, 0_2_004782BF
PE file contains an invalid checksum
Source: uTorrent.exe Static PE information: real checksum: 0xff000080 should be: 0x1075b8
Source: ADKAppsOfferManager.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x1e7a9
PE file contains sections with non-standard names
Source: uTorrent.exe Static PE information: section name: .bunndle
Source: uTorrent.exe Static PE information: section name: .adknow
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004A6B70 push eax; ret 0_2_004A6B9E
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004013EF push ecx; ret 0_2_004013FF
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1

Persistence and Installation Behavior
barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\uTorrent.exe Code function: sprintf,CreateFileA,memset,DeviceIoControl,DeviceIoControl,isalnum,isalnum,memset,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%d 0_2_00525793
Source: C:\Users\user\Desktop\uTorrent.exe Code function: sprintf,CreateFileA,DeviceIoControl,memset,CloseHandle, \\.\PhysicalDrive%d 0_2_00525AA6
Source: C:\Users\user\Desktop\uTorrent.exe Code function: sprintf,CreateFileA,DeviceIoControl,malloc,DeviceIoControl,??3@YAXPAX@Z,CloseHandle, \\.\PhysicalDrive%d 0_2_00525BC0
Drops PE files
Source: C:\Users\user\Desktop\uTorrent.exe File created: C:\Users\user\AppData\Local\Temp\ADKAppsOfferManager.dll Jump to dropped file

Boot Survival
barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\uTorrent.exe Code function: sprintf,CreateFileA,memset,DeviceIoControl,DeviceIoControl,isalnum,isalnum,memset,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%d 0_2_00525793
Source: C:\Users\user\Desktop\uTorrent.exe Code function: sprintf,CreateFileA,DeviceIoControl,memset,CloseHandle, \\.\PhysicalDrive%d 0_2_00525AA6
Source: C:\Users\user\Desktop\uTorrent.exe Code function: sprintf,CreateFileA,DeviceIoControl,malloc,DeviceIoControl,??3@YAXPAX@Z,CloseHandle, \\.\PhysicalDrive%d 0_2_00525BC0
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00408183 IsIconic,??3@YAXPAX@Z, 0_2_00408183
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0040A420 GetForegroundWindow,??3@YAXPAX@Z,IsIconic,SetThreadExecutionState,??2@YAPAXI@Z,WaitForInputIdle,CloseHandle,_CIpow,SetWindowTextW,SetWindowTextW,GetWindowRect,??2@YAPAXI@Z,??3@YAXPAX@Z,PostMessageW, 0_2_0040A420
Source: C:\Users\user\Desktop\uTorrent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Delayed program exit found
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004169D0 Sleep,ExitProcess, 0_2_004169D0
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\uTorrent.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\uTorrent.exe Window / User API: foregroundWindowGot 798 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\uTorrent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ADKAppsOfferManager.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\uTorrent.exe API coverage: 10.0 %
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004040F6 FindFirstFileW,CreateFileW,CloseHandle,FindNextFileW,FindClose, 0_2_004040F6
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004122AB FindFirstFileW,FindNextFileW,FindClose, 0_2_004122AB
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00412341 FindFirstFileW,FindNextFileW,FindClose, 0_2_00412341
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00462C59 FindFirstFileW,FindFirstFileW,FindClose,FindClose,FindFirstFileW,FindNextFileW,FindClose, 0_2_00462C59
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0045F26D InterlockedIncrement,FindFirstFileW,FindNextFileW,FindClose, 0_2_0045F26D
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004118D7 FindFirstFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_004118D7
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00411B84 FindFirstFileW,FindClose, 0_2_00411B84
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0047BB45 GetVersionExW,GetSystemInfo,GetLastError, 0_2_0047BB45
Source: uTorrent.exe, 00000000.00000002.2875752408.0000000008B40000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW#K!
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874527484.0000000000B77000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004782BF LoadLibraryA,GetProcAddress,GetLastError, 0_2_004782BF
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0040C99D 73535D90,exit,GetCurrentThreadId,_wtoi,ExitProcess,GetProcessHeap,SetErrorMode,_wtoi,??2@YAPAXI@Z,??2@YAPAXI@Z,DeleteFileW,73A1A570,_wtoi,_wtoi,wcsstr,??2@YAPAXI@Z,InterlockedIncrement,InterlockedIncrement,??2@YAPAXI@Z,InterlockedIncrement,??2@YAPAXI@Z,InterlockedIncrement,??2@YAPAXI@Z,SetForegroundWindow, 0_2_0040C99D
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00461A4D VirtualAlloc,SetUnhandledExceptionFilter, 0_2_00461A4D
Contains functionality to simulate keystroke presses
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00429348 keybd_event,keybd_event,keybd_event, 0_2_00429348
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_004297E5 AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 0_2_004297E5
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00525260 cpuid 0_2_00525260
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\uTorrent.exe Code function: GetLocaleInfoW, 0_2_0042A58F
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\uTorrent.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_00428F52 GetLocalTime, 0_2_00428F52
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0046E375 GetVersionExW,LoadLibraryA,GetProcAddress,FreeLibrary, 0_2_0046E375
Source: C:\Users\user\Desktop\uTorrent.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: uTorrent.exe Binary or memory string: pg2.exe
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0046C4F6 socket,WSAGetLastError,ioctlsocket,setsockopt,setsockopt,WSAGetLastError,htons,bind,WSAGetLastError,inet_addr,inet_addr,inet_addr,setsockopt,WSAGetLastError, 0_2_0046C4F6
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0041CDE4 setsockopt,_errno,_errno,strerror,WSAGetLastError,WSAGetLastError,WSAGetLastError,listen, 0_2_0041CDE4
Source: C:\Users\user\Desktop\uTorrent.exe Code function: 0_2_0041B1AE bind, 0_2_0041B1AE
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1432046 Sample: uTorrent.exe Startdate: 26/04/2024 Architecture: WINDOWS Score: 66 13 update.utorrent.com 2->13 15 imp.install-zone.com 2->15 17 config.install-zone.com 2->17 23 Multi AV Scanner detection for domain / URL 2->23 25 Antivirus detection for URL or domain 2->25 27 Multi AV Scanner detection for dropped file 2->27 29 2 other signatures 2->29 6 uTorrent.exe 6 56 2->6         started        signatures3 process4 dnsIp5 19 imp.install-zone.com 193.166.255.171, 49738, 80 FUNETASFI Finland 6->19 21 update.utorrent.com 67.215.246.203, 49735, 49736, 49737 ASN-QUADRANET-GLOBALUS United States 6->21 11 C:\Users\user\...\ADKAppsOfferManager.dll, PE32 6->11 dropped 31 Contains functionality to infect the boot sector 6->31 33 Delayed program exit found 6->33 35 Tries to detect sandboxes / dynamic malware analysis system (registry check) 6->35 file6 signatures7
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
67.215.246.203
 update.utorrent.com United States
8100 ASN-QUADRANET-GLOBALUS false
193.166.255.171
 config.install-zone.com Finland
1741 FUNETASFI false

Contacted Domains

Name IP Active
update.utorrent.com 67.215.246.203 true
config.install-zone.com 193.166.255.171 true
imp.install-zone.com 193.166.255.171 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showtbexists&pid=7264&au=0&tbe=0&cd=0&view=win32 false
    		high
    http://update.utorrent.com/updatestats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&k=&ip=0&dl=7069859&error=invalid%20URL&dlurl=&svp=4&pid=7264&sz=0&bin=<NULL>bmp false
      		high
      http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerretrievedfromserver&pid=7264&au=0&ServerOfferRetrieved=1&sec_offs=oc%2cadk&view=win32 false
        		high
        http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerapierror&pid=7264&au=0&OfferError=OfferNotReady&OfferProvider=OpenCandy&OfferType=Server&view=win32 false
          		high
          http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showwarning&pid=7264&au=0&view=win32 false
            		high