Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
uTorrent.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\ADKAppsOfferManager.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\uttE086.tmp (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\uttE086.tmp.new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\1f91d2d17ea675d4c2c3192e241743f9_9e146be9-c76a-4720-bcdb-53011b87bd06
|
Matlab v4 mat-file (little endian) , sparse, rows 0, columns 64
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\uTorrent\settings.dat (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\uTorrent\settings.dat.new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\uTorrent\toolbar.benc (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\uTorrent\toolbar.benc.new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\uTorrent\toolbar_offer.benc
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\uTorrent.exe
|
"C:\Users\user\Desktop\uTorrent.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://apps.bittorrent.com/utorrent-onboarding/welcome.btapp
|
unknown
|
||
|
http://apps.bittorrent.com/discoverContent/discoverContent.btapp
|
unknown
|
||
|
http://www.utorrent.com/faq
|
unknown
|
||
|
http://certs.starfieldtech.com/repository/1/0-
|
unknown
|
||
|
http://forum.utorrent.com.
|
unknown
|
||
|
http://utorrent.com/download/langpacks/dl.php?build=29126&ref=client&client=utorrent&sys_l=%s&sel_l=
|
unknown
|
||
|
http://utorrent.com/webui/webui-%s-%s.zip
|
unknown
|
||
|
http://2851619.ourtoolbar.com/privacy
|
unknown
|
||
|
http://ocsp.starfieldtech.com/09
|
unknown
|
||
|
http://bench.utorrent.comeventNamelcic_1lcic_0ltic_1ltic_0lreftectslclh
|
unknown
|
||
|
http://dslreports.com/speedtest/
|
unknown
|
||
|
http://events.bittorrent.com/startConversionSbb
|
unknown
|
||
|
http://update.utorrent.com
|
unknown
|
||
|
http://www.bittorrent.com/certified-devices/
|
unknown
|
||
|
http://www.utorrent.com/faq.php
|
unknown
|
||
|
http://apps.bittorrent.com/utorrent-onboarding/welcome.btapphttp://apps.bittorrent.com/utorrent-onbo
|
unknown
|
||
|
https://activate.utorrent.com/get_codecc
|
unknown
|
||
|
http://offers.bittorrent.com/w/1.0/arj
|
unknown
|
||
|
http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showtbexists&pid=7264&au=0&tbe=0&cd=0&view=win32
|
67.215.246.203
|
||
|
http://update.utorrent.com/speedstats.php?result=
|
unknown
|
||
|
http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp
|
unknown
|
||
|
http://offers.bittorrent.com/w/1.0/arjPa
|
unknown
|
||
|
http://127.0.0.1:%d/proxy?sid=%S&file=%d%S#http://localhost:%dfile=%Ubtapp:/select
|
unknown
|
||
|
http://www.mininova.org/search/?cat=0&search=0
|
unknown
|
||
|
http://apps.bittorrent.com/discoverContent/discoverContent.btapponei
|
unknown
|
||
|
http://apps.bittorrent.com/utorrent-onboarding/player.btapp
|
unknown
|
||
|
http://config.install-zone.com/68E633381BD14a69BD08A05C22B72D6A/offers.json?version=1.1&pid=2&ts=&br
|
unknown
|
||
|
http://12345.ourtoolbar.com/LearnMore
|
unknown
|
||
|
http://utorrent.com/testport?plain=1
|
unknown
|
||
|
http://update.utorrent.com/uninstall?type=%s-%U&h=%s&v=%d
|
unknown
|
||
|
http://certificates.godaddy.com/repository/gd_intermediate.crt0
|
unknown
|
||
|
http://events.bittorrent.com/startConversiontbE
|
unknown
|
||
|
http://utorrent.com/webui/webui-%s-%s.zip3.3http://utorrent.com/webui/version-%s.gz...gz
|
unknown
|
||
|
http://crl.starfieldtech.com/sfsroot.crl0S
|
unknown
|
||
|
http://offers.bittorrent.com/w/1.0/arjb
|
unknown
|
||
|
http://update.utorrent.com/speedserverlist.php
|
unknown
|
||
|
http://%s/update_event.php
|
unknown
|
||
|
http://offers.bittorrent.com/w/1.0/arjg
|
unknown
|
||
|
http://127.0.0.1:%d/proxy?sid=%S&file=%d
|
unknown
|
||
|
http://offers.bittorrent.com/w/1.0/arjf
|
unknown
|
||
|
http://ll.download3.utorrent.com/offers/SMStub-en-20150508.exeb
|
unknown
|
||
|
http://offers.bittorrent.com/w/1.0/arjj
|
unknown
|
||
|
http://www.utorrent.com?client=utorrent3300
|
unknown
|
||
|
http://utorrent.com/webui-guide.php
|
unknown
|
||
|
https://info.yahoo.com/privacy/us/yahoo/
|
unknown
|
||
|
http://127.0.0.1:%d/proxy?sid=%x&file=%d
|
unknown
|
||
|
http://tracker001.legaltorrents.com:7070/announce
|
unknown
|
||
|
http://offers.bittorrent.com/w/1.0/arjstf
|
unknown
|
||
|
http://update.utorrent.com/updatestats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&k=&ip=0&dl=7069859&error=invalid%20URL&dlurl=&svp=4&pid=7264&sz=0&bin=<NULL>bmp
|
67.215.246.203
|
||
|
http://featuredcontent.staging.utorrent.com
|
unknown
|
||
|
http://update.utorrent.com/updatestats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&k=&ip=0&dl=706
|
unknown
|
||
|
https://certs.starfieldtech.com/repository/0
|
unknown
|
||
|
http://67.215.246.206/offers/SMStub-en-20150508.exe
|
unknown
|
||
|
http://certificates.godaddy.com/repository/0
|
unknown
|
||
|
http://download3.utorrent.com/offers/SMStub-en-20150508.exe
|
unknown
|
||
|
http://offers.bittorrent.com/w/1.0/arjhttp://events.bittorrent.com/startConversionsettings.datbenchr
|
unknown
|
||
|
http://events.bittorrent.com/startConversion(x8j
|
unknown
|
||
|
http://forum.utorrent.com?client=utorrent3300
|
unknown
|
||
|
http://update.utorrent.com/survey%s
|
unknown
|
||
|
http://offers.bittorrent.com/w/1.0/arjUi
|
unknown
|
||
|
http://127.0.0.1:%d/search?q=%%shttp://www.bittorrent.comdlimagecache
|
unknown
|
||
|
https://%s/checkupdate.phphttp://%s/updatestats.phphttp://%s/installstats.phphttp://%s/update_event.
|
unknown
|
||
|
http://apps.bittorrent.com/store/store.btapphttp://apps.bittorrent.com/featuredcontent/featuredconte
|
unknown
|
||
|
http://update.bittorrent.com/time.php
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://www.utorrent.com/testport.php?port=%d
|
unknown
|
||
|
http://remote.utorrent.com/send?btih=
|
unknown
|
||
|
http://127.0.0.1:%d/search?q=%%s
|
unknown
|
||
|
http://config.install-zone.com
|
unknown
|
||
|
http://help.bittorrent.com
|
unknown
|
||
|
http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerretrievedfromserver&pid=7264&au=0&ServerOfferRetrieved=1&sec_offs=oc%2cadk&view=win32
|
67.215.246.203
|
||
|
http://www.mininova.org/search/?cat=0&search=
|
unknown
|
||
|
http://update.utorrent.com/installoffer.phpOfferNotReadyNotProvidedDefaultBunndleonPageInit:DLG_OFFE
|
unknown
|
||
|
http://%s/offers/conduit-default.exe
|
unknown
|
||
|
http://imp.install-zone.com/impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=instal
|
unknown
|
||
|
http://update.utorrent.com/installstats.phpZ
|
unknown
|
||
|
http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerapierror&pid=7264&au=0&OfferError=OfferNotReady&OfferProvider=OpenCandy&OfferType=Server&view=win32
|
67.215.246.203
|
||
|
http://2851619.ourtoolbar.com/eula
|
unknown
|
||
|
http://www.utorrent.com/faq#mlabs
|
unknown
|
||
|
http://remote.utorrent.com/
|
unknown
|
||
|
http://www.bis.doc.gov/complianceandenforcement/liststocheck.htm)
|
unknown
|
||
|
http://update.utorrent.com/installoffer.php?h=gsH3T5oDAGRYQBO2&v=107049414&w=23F00206&l=en&c=CH&w64=
|
unknown
|
||
|
http://apps.bittorrent.com/Eula/TermsAndPrivacy.html11:footer_text314:Set
|
unknown
|
||
|
http://certificates.godaddy.com/repository0
|
unknown
|
||
|
https://activate.utorrent.com/get_codec
|
unknown
|
||
|
http://tinyurl.com/api-create.php?url=%U
|
unknown
|
||
|
http://www.utorrent.com/legal/eula.
|
unknown
|
||
|
http://download.utorrent.com/help/utorrent-help-3301.zip%s
|
unknown
|
||
|
http://update.utorrent.com/survey
|
unknown
|
||
|
http://update.utorrent.com/hang.php
|
unknown
|
||
|
http://apps.bittorrent.comVietnamese
|
unknown
|
||
|
http://www.utorrent.com.
|
unknown
|
||
|
http://bit.ly/HTwxBj
|
unknown
|
||
|
http://help.utorrent.com/customer/portal/articles/257678
|
unknown
|
||
|
http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showwarning&pid=7264&au=0&view=win32
|
67.215.246.203
|
||
|
https://info.yahoo.com/privacy/us/yahoo/.
|
unknown
|
||
|
https://activate.utorrent.com/get_player
|
unknown
|
||
|
http://pr.apps.bittorrent.com/share/share.btapp
|
unknown
|
||
|
http://rssfeed.com/rss.xml
|
unknown
|
||
|
https://activate.utorrent.com
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
update.utorrent.com
|
67.215.246.203
|
||
|
config.install-zone.com
|
193.166.255.171
|
||
|
imp.install-zone.com
|
193.166.255.171
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
67.215.246.203
|
update.utorrent.com
|
United States
|
||
|
193.166.255.171
|
config.install-zone.com
|
Finland
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\FalconBetaAccount
|
remote_access_client_id
|
||
|
HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
|
OfferProvider
|
||
|
HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
|
OfferName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
|
OfferAccepted
|
||
|
HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
|
OfferViaCAU
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A9E000
|
stack
|
page read and write
|
||
|
B9A000
|
heap
|
page read and write
|
||
|
48E0000
|
heap
|
page read and write
|
||
|
4B4C000
|
stack
|
page read and write
|
||
|
C2F000
|
heap
|
page read and write
|
||
|
6CDF9000
|
unkown
|
page read and write
|
||
|
5BBC000
|
stack
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
ABC000
|
stack
|
page read and write
|
||
|
8F1F000
|
stack
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
C16000
|
heap
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
6CDB1000
|
unkown
|
page execute and read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
6CDB0000
|
unkown
|
page readonly
|
||
|
3D40000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
51FF000
|
stack
|
page read and write
|
||
|
6FDD000
|
stack
|
page read and write
|
||
|
3D1F000
|
heap
|
page read and write
|
||
|
B4A000
|
heap
|
page read and write
|
||
|
8B3F000
|
stack
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
3CFA000
|
heap
|
page read and write
|
||
|
969000
|
stack
|
page read and write
|
||
|
C01000
|
heap
|
page read and write
|
||
|
8B45000
|
unkown
|
page read and write
|
||
|
3D4C000
|
heap
|
page read and write
|
||
|
556E000
|
stack
|
page read and write
|
||
|
3CF6000
|
heap
|
page read and write
|
||
|
3CFE000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
63C000
|
unkown
|
page execute and read and write
|
||
|
617C000
|
stack
|
page read and write
|
||
|
58A000
|
unkown
|
page execute and write copy
|
||
|
BDD000
|
heap
|
page read and write
|
||
|
344F000
|
stack
|
page read and write
|
||
|
616000
|
unkown
|
page execute and read and write
|
||
|
2E2D000
|
stack
|
page read and write
|
||
|
708F000
|
stack
|
page read and write
|
||
|
B4E000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
3D4E000
|
heap
|
page read and write
|
||
|
3A0F000
|
stack
|
page read and write
|
||
|
3D2F000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3D2F000
|
heap
|
page read and write
|
||
|
BD4000
|
heap
|
page read and write
|
||
|
8B41000
|
heap
|
page read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
6CDF4000
|
unkown
|
page execute and read and write
|
||
|
AF6000
|
heap
|
page read and write
|
||
|
3D1F000
|
heap
|
page read and write
|
||
|
6460000
|
trusted library allocation
|
page read and write
|
||
|
C1E000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
3CEF000
|
stack
|
page read and write
|
||
|
3D45000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
2A1E000
|
stack
|
page read and write
|
||
|
3D12000
|
heap
|
page read and write
|
||
|
551F000
|
stack
|
page read and write
|
||
|
5B7C000
|
stack
|
page read and write
|
||
|
C17000
|
heap
|
page read and write
|
||
|
C34000
|
heap
|
page read and write
|
||
|
589C000
|
stack
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
5D6000
|
unkown
|
page execute and read and write
|
||
|
4AAC000
|
stack
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
6CDE8000
|
unkown
|
page execute and read and write
|
||
|
63F000
|
unkown
|
page execute and write copy
|
||
|
3D43000
|
heap
|
page read and write
|
||
|
523E000
|
stack
|
page read and write
|
||
|
4EDF000
|
stack
|
page read and write
|
||
|
4A6E000
|
stack
|
page read and write
|
||
|
3D45000
|
heap
|
page read and write
|
||
|
58E000
|
unkown
|
page execute and read and write
|
||
|
3D4A000
|
heap
|
page read and write
|
||
|
B77000
|
heap
|
page read and write
|
||
|
8B40000
|
unkown
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
48F0000
|
heap
|
page read and write
|
||
|
C0B000
|
heap
|
page read and write
|
||
|
BBE000
|
heap
|
page read and write
|
||
|
3CF0000
|
heap
|
page read and write
|
||
|
6CDF7000
|
unkown
|
page execute and write copy
|
||
|
3D02000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5E9E000
|
stack
|
page read and write
|
||
|
640000
|
unkown
|
page read and write
|
||
|
372F000
|
stack
|
page read and write
|
||
|
3CF3000
|
heap
|
page read and write
|
||
|
640000
|
unkown
|
page write copy
|
||
|
5F7000
|
unkown
|
page execute and read and write
|
||
|
441E000
|
stack
|
page read and write
|
||
|
BAF000
|
heap
|
page read and write
|
||
|
4BAE000
|
stack
|
page read and write
|
||
|
3D4E000
|
heap
|
page read and write
|
||
|
3D2F000
|
heap
|
page read and write
|
||
|
3D00000
|
heap
|
page read and write
|
||
|
3E50000
|
heap
|
page read and write
|
||
|
3D40000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
3CF8000
|
heap
|
page read and write
|
||
|
645F000
|
stack
|
page read and write
|
||
|
BFC000
|
heap
|
page read and write
|
||
|
3D06000
|
heap
|
page read and write
|
||
|
73DF000
|
stack
|
page read and write
|
||
|
413D000
|
stack
|
page read and write
|
||
|
2ADC000
|
stack
|
page read and write
|
||
|
3CFC000
|
heap
|
page read and write
|
||
|
C17000
|
heap
|
page read and write
|
||
|
584F000
|
stack
|
page read and write
|
||
|
1F5000
|
heap
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
704F000
|
stack
|
page read and write
|
||
|
6CDF0000
|
unkown
|
page execute and read and write
|
There are 112 hidden memdumps, click here to show them.