Manalyze report for f9d18a28e2c5e56771016fbaef18d14a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2011-Apr-18 18:54:06
Detected languages	English - United States
CompanyName	BitTorrent Inc.
FileDescription	µTorrent
FileVersion	`3.5.5.44994`
InternalName	uTorrent.exe
LegalCopyright	©2018 BitTorrent, Inc. All Rights Reserved.
OriginalFilename	uTorrent.exe
ProductName	µTorrent
ProductVersion	`3.5.5.44994`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: CreateProcessA` `Can create temporary files: CreateFileW GetTempPathW GetTempPathA CreateFileA`
Info	The PE is digitally signed.	`Signer: BitTorrent Inc` `Issuer: Symantec Class 3 SHA256 Code Signing CA`
Malicious	VirusTotal score: 4/71 (Scanned on 2019-03-08 21:26:30)	`DrWeb: Program.Unwanted.3640` `Cyren: W32/Trojan.TBZW-2482` `Antiy-AVL: GrayWare/Win32.Generic` `ESET-NOD32: a variant of MSIL/WebCompanion.A potentially unwanted`

Hashes

MD5	`f9d18a28e2c5e56771016fbaef18d14a`
SHA1	`4b6c976de897039fae71608e9967d505c3edf453`
SHA256	`4d56076541b3e4ca99a4bb6fe60f8d6bdd4f9563e8998d5d4dbc8eaf9eaae664`
SHA3	`c34a13d9acd5dce60c945a3dd416ff9e86847093141cd9082b1e3830ee33f676`
SSDeep	`49152:HG5UfgXTHuPAgOBx5WzH38JaKUEJBTFvgfjcYffFYdSQERnVu9IwQF7I:HG5QgDcAnRO8xlFI7BPh4Iw6I`
Imports Hash	`bffed7546a3b2a13f5a8371646f86022`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2011-Apr-18 18:54:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x19800`
SizeOfInitializedData	`0x14800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000148D4 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x34000`
SizeOfHeaders	`0x400`
Checksum	`0x2c9c49`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`206b62d600beb166f8bf863ad5301f8c`
SHA1	`c4575e89f206f7634a9276e7510266bf72f51174`
SHA256	`5c49919d3dc4fbdfebe0484994a636ae9b6085d343d0aaeaa8ce6663cda350d0`
SHA3	`9852f3987c38afd8a6b1188dfab19d3954416d3388ef7134b64be1a360ccc3ea`
VirtualSize	`0x197c0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x19800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60823`

.rdata

MD5	`b0314f39355cab7d4674a0928d3b15f2`
SHA1	`07a1a57e22a37beb935cf56a9fe2887a7176cfd3`
SHA256	`8d0cc2d7453d0be0dd683c46471e3f5d8f5eef89172fe238c3e797e06bb88f76`
SHA3	`9771c68ad0df2103c92ed0e900ce9055b37aeb119a986c9a278a3f93e40b689f`
VirtualSize	`0x4490`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x19c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.38378`

.data

MD5	`8d44c03d32e0c923339cda9fae15827a`
SHA1	`4da3c69ae951db7cd72f9fbda9bc79d246a99f80`
SHA256	`9b7cffdff6e384eb34296c1649a0148a73d2822b2350ae6a57261c4dc7ec094e`
SHA3	`d4f3cbeafc4b853d1ea6753a02d47eba7cc857624c8a330227c1851e22e65969`
VirtualSize	`0x5a68`
VirtualAddress	`0x20000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x1e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.37934`

.sxdata

MD5	`35925cfdc1176bd9ffc634a58b40ec17`
SHA1	`1f070e9dfbda0054d1a843e803e1a254701be02a`
SHA256	`bf34b3fc4d68c6e36efc565b159ae9a2de58b3a37034f15484e2e7f56c25972a`
SHA3	`c8f8b902b96f2da26afb84ebe3c80ce3e6045a76e47174f64032fc4e0d1fd9cc`
VirtualSize	`0x4`
VirtualAddress	`0x26000`
SizeOfRawData	`0x200`
PointerToRawData	`0x21400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_LNK_INFO` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`5f4d9af299574626dd744173550992c7`
SHA1	`96a37e9915b21f9fd0b794a2af19357d08d4764d`
SHA256	`ef068fafe804013320aac771f5f1cfbaf1342cd07f278ead5d8e094252a72b68`
SHA3	`4036ee56f1479f1a531daaeca5e8696c6840196eb84a31717c9316d174310204`
VirtualSize	`0xcc68`
VirtualAddress	`0x27000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x21600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.34014`

Imports

OLEAUT32.dll	`#9` `#2`
USER32.dll	`SendMessageA` `SetTimer` `DialogBoxParamW` `DialogBoxParamA` `SetWindowLongA` `GetWindowLongA` `SetWindowTextW` `LoadIconA` `LoadStringW` `LoadStringA` `CharUpperW` `CharUpperA` `DestroyWindow` `EndDialog` `PostMessageA` `ShowWindow` `MessageBoxW` `GetDlgItem` `KillTimer` `SetWindowTextA`
SHELL32.dll	`ShellExecuteExA`
KERNEL32.dll	`GetCurrentDirectoryA` `GetStringTypeW` `GetStringTypeA` `LCMapStringW` `LCMapStringA` `InterlockedIncrement` `InterlockedDecrement` `GetProcAddress` `GetOEMCP` `GetACP` `GetCPInfo` `IsBadCodePtr` `IsBadReadPtr` `GetFileType` `SetHandleCount` `GetEnvironmentStringsW` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `FreeEnvironmentStringsA` `UnhandledExceptionFilter` `HeapSize` `GetCurrentProcess` `TerminateProcess` `IsBadWritePtr` `HeapCreate` `HeapDestroy` `GetEnvironmentVariableA` `SetUnhandledExceptionFilter` `TlsAlloc` `ExitProcess` `GetVersion` `GetCommandLineA` `GetStartupInfoA` `GetModuleHandleA` `WaitForSingleObject` `CloseHandle` `CreateProcessA` `GetCommandLineW` `GetVersionExA` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `MultiByteToWideChar` `WideCharToMultiByte` `GetLastError` `LoadLibraryA` `GetModuleFileNameW` `GetModuleFileNameA` `LocalFree` `FormatMessageW` `FormatMessageA` `SetFileTime` `CreateFileW` `SetLastError` `SetFileAttributesW` `SetFileAttributesA` `RemoveDirectoryW` `RemoveDirectoryA` `CreateDirectoryW` `CreateDirectoryA` `DeleteFileW` `DeleteFileA` `GetFullPathNameW` `GetFullPathNameA` `SetCurrentDirectoryW` `SetCurrentDirectoryA` `GetCurrentDirectoryW` `GetTempPathW` `GetTempPathA` `GetCurrentProcessId` `GetTickCount` `GetCurrentThreadId` `FindClose` `FindFirstFileW` `FindFirstFileA` `FindNextFileW` `FindNextFileA` `CreateFileA` `GetFileSize` `SetFilePointer` `ReadFile` `WriteFile` `SetEndOfFile` `GetStdHandle` `WaitForMultipleObjects` `Sleep` `VirtualAlloc` `VirtualFree` `CreateEventA` `SetEvent` `ResetEvent` `InitializeCriticalSection` `RtlUnwind` `RaiseException` `HeapAlloc` `HeapFree` `HeapReAlloc` `CreateThread` `TlsSetValue` `TlsGetValue` `ExitThread`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.75404`
MD5	`45dfb274318b08cbcf6c20733ca0ecb0`
SHA1	`92b48f895f6f1296bfd00b57801890ec4e3779ec`
SHA256	`12433a0afda687b794b86c11b19d92c96d437765fe7513056c249136ff4e2c41`
SHA3	`bff76d485f8f0f9097d9c287512c59a006bc878edcc35272760b9280d8abfce0`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18403`
MD5	`a792cef939f02d76cd876d1da1ffd1b7`
SHA1	`63e2d98ac53e5763e269277d05a1d1737dc04974`
SHA256	`fe174802e7a3a9d4ef79ae6e9baf2f3dedb02b8c0f5f5342ad04a37e3b9d6eeb`
SHA3	`39848cd80ec893f2971c96b27a6bdce65825c9f9dfb824e4b3f86ab87df3e3e7`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.54032`
MD5	`6c98f97e8f4ac60c681c416a669402c7`
SHA1	`263150a412ecf21fcf42e8f895a3f2eeea9afa8f`
SHA256	`2787b5791fea80d227c8f8e37177502e4a3e3aa628134aac32b541be20b641b9`
SHA3	`6161bf03026310ae8bd0b9dd62f702db6aa73fb41708ef63d223ea59e122a666`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.09168`
MD5	`6f3513128379a2becbb380b22860b6f3`
SHA1	`cf28f373827e64f4a333bbc5d3a655747b2fc10f`
SHA256	`2e828b9c94afbed056dbdf91236a88749fa62956521a98082fe3139042ef016c`
SHA3	`546d750db8e19fc7e02ed9fcf3849be5ea900c65bf44fa9f1ce65b44f160d795`

500

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09294`
MD5	`8af78cd954cddc9ab418bafca9f62e0c`
SHA1	`c6ff8bd069db0ba61c844f4560cf8dfc2f0ec6b0`
SHA256	`3520c29b9987183324e6f3ed0a5ebcab2f73b6e6f3fabe17a327e0b8eb4e5ac0`
SHA3	`f2feb2f43fbe5877993c446781f0733e49a4a780833130903146da49840a4085`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78284`
MD5	`f10a79138329e5d18b25d47f648946b3`
SHA1	`05d88947da644a07509a64dc081b8b7d498d8648`
SHA256	`5f298d1dfce9f41bd500e89e57e1da7481713c7b2a37b01825a5e6badf940b14`
SHA3	`bd8d1803273589e9ec27a29accbd6a0e63dc51f4dcbbfaaaeee0cc7ee0cdd552`

5

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.43775`
MD5	`de24c92d0a67718187168052499199cb`
SHA1	`006654de0b450d1f31c7c370a2104558dfe5b9ad`
SHA256	`7bab4b9a6b82cb5e5561b48d0136a492aee4ce78242a5c28e4baa925de511575`
SHA3	`d1e8842da978e4258bf80b8126d03c02506b26d064db7999f6b103b5afb5b50f`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.50471`
Detected Filetype	Icon file
MD5	`344651a1be54e830429a8d141e407e1f`
SHA1	`5d9cbd96ab2e2323b00f292aa2bf56fe54cf5cfc`
SHA256	`7c64cb58177f9e3081ed4705b10aae87df3e8c195f4b69470026d0aafaac2990`
SHA3	`ce360399ac36a37d6e2aef539292b3f9bf8e24fef2a5ed739acebcec9fd822bc`

1 (#3)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45899`
MD5	`aef77ec0062857b0fb2c5f7cfb407e30`
SHA1	`1421fd866229188a0eb2e9363d0c75d73fa3a17e`
SHA256	`2bae1fe5d8c5f2b51109c83bd04f4dd5d6d977dc378a214d358d28b782de35d3`
SHA3	`f7e2fe1001a4ef03980da9e833bd3d2964d3e2cfa05e6f17710008e66ce1d224`

1 (#5)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x67f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01523`
MD5	`266b79a4334a4a021bf24579d965f13a`
SHA1	`cc4194cd94bbaaa0dde05023e48c6f9e325e1f3b`
SHA256	`2bdc902ec75afc0124095b4f61549d28d34760c56c13e1aad4bd082222882b28`
SHA3	`7694f3931530feb9b7d23b190bbf63ebb56f8c3c1178fa97814f721daa77cb46`

String Table contents

Extraction Failed
File is corrupt
Cannot create folder '{0}'
Extracting

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.5.5.44994
ProductVersion	3.5.5.44994
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	BitTorrent Inc.
FileDescription	µTorrent
FileVersion (#2)	3.5.5.44994
InternalName	uTorrent.exe
LegalCopyright	©2018 BitTorrent, Inc. All Rights Reserved.
OriginalFilename	uTorrent.exe
ProductName	µTorrent
ProductVersion (#2)	3.5.5.44994

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x4737f9d`
Unmarked objects	`0`
14 (7299)	`25`
C objects (VS98 SP6 build 8804)	`64`
C objects (2190)	`1`
Total imports	`178`
Imports (2179)	`9`
C++ objects (VS98 SP6 build 8804)	`77`
C objects (VS2010 build 30319)	`7`
ASM objects (VS2010 build 30319)	`1`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

f9d18a28e2c5e56771016fbaef18d14a

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.sxdata

.rsrc

Imports

Delayed Imports

1

2

3

4

500

1 (#2)

5

MAINICON

1 (#3)

1 (#4)

1 (#5)

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors