Analysis

Category Package Started Completed Duration Log
STATIC 2019-10-29 16:22:04 2019-10-29 16:22:04 0 seconds Show Log

    

MalScore

3.6

Suspicious

File Details

File Name utorrent-2.2.exe
File Size 396152 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 7d8e9530dff46d84329981eb907168c1
SHA1 89126adf77d62b3ab2281e49563992cafe51db2c
SHA256 c6d75867eb62fd3fe1b2ad48d9044cc940147b94f81bee4113deee57bebbfc21
SHA512 ce67c6a6096802cb115ed2c3e3911cbe50c051c3ae51186d47a0709e579f3d8ef81aad3e331b5cf935f7f1b2b2389b8f5d3c76fa0083ccfc48ab91821fdd9219
CRC32 14B143BE
Ssdeep 3072:TXhRd027PIWIvRQXysGXVAKpHh3nthasoutYJP:Ta2PIWUt3XVAKTthzoSYP
TrID None matched
ClamAV None matched
Yara None matched
CAPE Yara
Resubmit sample

Signatures

The binary contains an unknown PE section name indicative of packing
unknown section: name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x000a5000
unknown section: name: UPX1, entropy: 3.12, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00059a00, virtual_size: 0x0005a000
The executable is compressed using UPX
section: name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x000a5000
Anomalous binary characteristics
anomaly: Actual checksum does not match that reported in PE header

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

PE Information

Image Base 0x00400000
Entry Point 0x004feca0
Reported Checksum 0x0006152c
Actual Checksum 0x000672b9
Minimum OS Version 5.0
Compile Time 2010-12-15 00:29:32
Import Hash 6391ab125edf3fb05a3d755299103e30

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
UPX0 0x00001000 0x000a5000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
UPX1 0x000a6000 0x0005a000 0x00059a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.12
.rsrc 0x00100000 0x00006000 0x00005800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.49

Overlay

Offset 0x0005f600
Size 0x00001578

Imports

Library KERNEL32.DLL:
0x5054ec LoadLibraryA
0x5054f0 GetProcAddress
0x5054f4 VirtualProtect
0x5054f8 VirtualAlloc
0x5054fc VirtualFree
0x505500 ExitProcess
Library ADVAPI32.dll:
0x505508 FreeSid
Library COMCTL32.dll:
0x505510 None
Library comdlg32.dll:
0x505518 GetOpenFileNameA
Library GDI32.dll:
0x505520 LineTo
Library MSIMG32.dll:
0x505528 GradientFill
Library MSVCRT.dll:
0x505530 time
Library ole32.dll:
0x505538 OleCreate
Library OLEAUT32.dll:
0x505540 SysAllocString
Library PSAPI.DLL:
0x505548 EmptyWorkingSet
Library SHELL32.dll:
0x505550 DragFinish
Library USER32.dll:
0x505558 GetDC
Library WS2_32.dll:
0x505560 gethostbyaddr

.rsrc
_})33
}:3a+
|h 9@ "&
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
comdlg32.dll
GDI32.dll
MSIMG32.dll
MSVCRT.dll
ole32.dll
OLEAUT32.dll
PSAPI.DLL
SHELL32.dll
USER32.dll
WS2_32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
FreeSid
GetOpenFileNameA
LineTo
GradientFill
OleCreate
EmptyWorkingSet
DragFinish
GetDC
VS_VERSION_INFO
StringFileInfo
040904E4
CompanyName
BitTorrent, Inc.
FileDescription
Torrent
FileVersion
2.2.0.23774
InternalName
uTorrent.exe
OriginalFilename
uTorrent.exe
LegalCopyright
2010 BitTorrent, Inc. All Rights Reserved.
ProductName
Torrent
ProductVersion
2.2.0.23774
VarFileInfo
Translation
This file is not on VirusTotal.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 0.931 seconds )

  • 0.393 CAPE
  • 0.279 Static
  • 0.231 TargetInfo
  • 0.021 Strings
  • 0.006 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.043 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 persistence_autorun
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 ie_martian_children

Reporting ( 0.0 seconds )

Task ID 104133
Mongo ID 5db8672f7c211a970d9fb30c
Cuckoo release 1.3-CAPE
Delete