Malware score

24/344 heuristic rules

98%


malware score

Status: static.packed.ml.gen

10.3
Suspect Score

19.5
Legit Score

14
Crypted Score

24
Packed Score

Static Analysis Indicators static.packed.ml.gen

Digital signature check valid

Field Value

Timestamp

2011/05/17 15:17:26

Cryptography Algorithm

SHA1

Signature version

V2

Subsignature number

3

Field Value

Thumbprint

1d132064ba317ac022df309ccc750da6e6a7a144

Cryptography Algorithm

sha1RSA(RSA)

Signature version

V3

Issuer

VeriSign Class 3 Code Signing 2009-2 CA

Subject

BitTorrent Inc

Valid from

2010/06/21 00:00:00

Valid till

2013/07/26 23:59:59

Serial

36bc30562a650afaa5ad101ecd643ab4

Field Value

Thumbprint

12d4872bc3ef019e7e0b6f132480ae29db5b1ca3

Cryptography Algorithm

sha1RSA(RSA)

Signature version

V3

Issuer

Class 3 Public Primary Certification Authority

Subject

VeriSign Class 3 Code Signing 2009-2 CA

Valid from

2009/05/21 00:00:00

Valid till

2019/05/20 23:59:59

Serial

655226e1b22e18e1590f2985ac22e75c

Field Value

Thumbprint

742c3192e607e424eb4549542be1bbc53e6174e2

Cryptography Algorithm

md2RSA(RSA)

Signature version

V1

Issuer

Class 3 Public Primary Certification Authority

Subject

Class 3 Public Primary Certification Authority

Valid from

1996/01/29 00:00:00

Valid till

2028/08/01 23:59:59

Serial

70bae41d10d92934b638ca7b03ccbabf

PE Markers anomalies check

Fields Values

Rich signature

found

Digital signature

found

Overlay

found

Subsystem

GUI

Compiler

Is .NET Image

Image is Native

Important PE Header Values suspect

Headers Hashes (MD5/SHA256/SSDEEP) Size

IMAGE_DOS_HEADERS

0x40

IMAGE_NT_HEADER

0x108

IMAGE_OPTIONAL_HEADERS

0xe0
ImageFileHeader Field Additional info Value Common

ImageFileHeader.Machine

0x14c

True

ImageFileHeader.TimeDataStamp

0x4dd301c8

True

ImageFileHeader.Characteristics

0x103

True

ImageFileHeader.SizeOfOptionalHeader

0xe0

True

ImageOptionalHeader Field Additional info Value Common

ImageOptionalHeader.EntryPoint

0x101bf0

False

ImageOptionalHeader.ImageBase

0x400000

True

ImageOptionalHeader.Checksum

0x66ca5

False

ImageOptionalHeader.LinkerVersion

9.0

True

Resources anomalies check valid

Risk Structure

0%

VersionInfo found

0%

Manifest found

0%

Message Table not found

0%

Strings Table not found

0%

RCDATA not found

0%

Icon found

0%

Icon Group not found

0%

Cursor not found

0%

Accelerator not found

Frequency anomalies check suspect

Risk Anomalies Information

0%

File Entropy

7.9269587451692

0%

File Entropy (without zeros)

7.8961253

0%

Zero Value Frequency

0.023035203234135

0%

0xFF Bytes Frequency

2.4966478

0%

Chi-Square Distribution

8.1398735665539

0%

Monte Carlo Pi Value

3.0768815106121

0%

Monte Carlo Pi Error Rate

2.0598196556049

0%

Packed percent

0

Entropy status:  Strong Packed  | Zero Value Frequency:  Not Packed

PE Version Info anomalies check valid

Fields Values

Original Filename

uTorrent.exe

Company name

BitTorrent, Inc.

Product name

File description

Internal name

uTorrent.exe

Legal copyrights

2.2.1.25302

Language

Swedish (Sweden), codepage: 1033

SSDEEP

12:Pi3n2wXeswYAVpsUxzW0UCGzsaUGiqDiiN50YryqYnqq0CGZy3JaaM+PN5cBAHQ:amwXd1AlxzWcyTFNkFt3BVPNUP

MD5

80C2821D11EE9F271ACDF3721E6C637E

SHA256

FCCF54090DBC29CC6D769822D14A61BCFE8C7A1733A9CF75258F5F88379A42CC

Debug build:  False  | File version: 2.2.1.25302 | Product version:  | Raw size: 768

Manifest check valid

Fields Values

SSDEEP

24:2dt4+wUguHDN442w+VN40+bkvguH3vzqNBmNFgizIDLWME4+AXl:cSmgup45z40+bkgufzqNUNhzULWN6

MD5

E4AC785655AE91D60CCA6DBC30D6019B

SHA256

631F92C4A1F7E3D9303B999DA5478C53EF4C43B9EE7BD495D9AD3365F887D6B2

                                        <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
      version="1.0.0.0"
      processorArchitecture="X86"
      name="client"
      type="win32"
  />
  <description>uTorrent</description>

  <!-- Enable Windows XP and higher themes with common controls -->
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
        type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        processorArchitecture="X86"
        publicKeyToken="6595b64144ccf1df"
        language="*"
      />
    </dependentAssembly>
  </dependency>

  <!-- Disable Windows Vista UAC compatability heuristics -->
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker"/>
      </requestedPrivileges>
    </security>
  </trustInfo> 

  <!-- Enable Windows Vista-style font scaling on Vista -->
  <asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
    <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
      <dpiAware>true</dpiAware>
    </asmv3:windowsSettings>
  </asmv3:application>
</assembly>

                    	            

Raw size: 1298 bytes

PE Main Icon check valid

Fields Values

SSDEEP

48:jfoQioooaIoY0unGjoobGGGooJdoowoJGRooooowyoooood5ZSoooooozuBooE5k:Pc287uVm0qlHg1NKmY

MD5

C2B7CF4F337377F0EB2DA2426AC61464

SHA256

DBFCA990ADFBB51D321541116EB00701066E9D5181A7FB15CC1EA1E4AD7A78A0

Icon ID

0

Icon name

2

Language

Not recognized (sublanguage: Not recognized), codepage: Not recognized

Raw size: 15086 bytes | Total icons: 11

PE Sections Info valid

Name VA RVA Characteristics Virtual Size Aligned Raw Size Size Of Raw Data Pointer To Raw Data

UPX0

0x1000

0x401000

0xe0000080 (Writable, Readable, Executable, Uninitialized data)

0xa7000

0x0

0x0

0x400

UPX1

0xa8000

0x4a8000

0xe0000040 (Writable, Readable, Executable, Initialized data)

0x5b000

0x5a800

0x5a800

0x400

.rsrc

0x103000

0x503000

0xc0000040 (Initialized Data, Readable, Writable)

0x6000

0x5800

0x5800

0x5ac00

Total Number Of Sections (NumberOfSections): 3

PE Sections Statistics valid

Name Entropy Zero freq Ratio Hashes

UPX0

0

0

0%

UPX1

7.999014007846

0.0051471857734807

92.97136780433%

.rsrc

3.4945034007739

0.28950639204545

5.6501936234676%

Total Number Of Sections (NumberOfSections): 3

PE imported functions suspect

| Function name: LoadLibraryA | RVA: 5277232 | HINT: 0 |
| Function name: GetProcAddress | RVA: 5277246 | HINT: 0 |
| Function name: VirtualProtect | RVA: 5277262 | HINT: 0 |
| Function name: VirtualAlloc | RVA: 5277278 | HINT: 0 |
| Function name: VirtualFree | RVA: 5277292 | HINT: 0 |
| Function name: ExitProcess | RVA: 5277306 | HINT: 0 |
| Function name: FreeSid | RVA: 5277320 | HINT: 0 |
| Function name: #17 | RVA: --- | HINT: --- |
| Function name: GetOpenFileNameA | RVA: 5277330 | HINT: 0 |
| Function name: LineTo | RVA: 5277348 | HINT: 0 |
| Function name: GradientFill | RVA: 5277356 | HINT: 0 |
| Function name: time | RVA: 5277370 | HINT: 0 |
| Function name: OleCreate | RVA: 5277376 | HINT: 0 |
| Function name: #2 | RVA: --- | HINT: --- |
| Function name: EmptyWorkingSet | RVA: 5277388 | HINT: 0 |
| Function name: DragFinish | RVA: 5277406 | HINT: 0 |
| Function name: GetDC | RVA: 5277418 | HINT: 0 |
| Function name: #51 | RVA: --- | HINT: --- |

Total Number of Imported Functions:  18  | Total Number of Libraries:  13  | Total Number of Blacklisted Functions:  5

PE Resources valid

ID Type Language Size \ Offset Entropy Hashes

11

RT_BITMAP

1053 (0)

0x4228 \ 0x3ad20

5.0672067117058

267

RT_BITMAP

1033 (0)

0x82a \ 0x3a4f0

3.491009308833

1

RT_ICON

1053 (0)

0x468 \ 0x5bcf4

3.6602133680269

2

RT_ICON

1053 (0)

0x10a8 \ 0x5c160

4.9273023042982

3

RT_ICON

1053 (0)

0x25a8 \ 0x5d20c

3.8982579802523

4

RT_ICON

1053 (0)

0x128 \ 0x48908

2.9185117216052

5

RT_ICON

1053 (0)

0x370 \ 0x48a48

3.6200396379451

6

RT_ICON

1053 (0)

0x370 \ 0x48dd0

3.4096917875257

7

RT_ICON

1053 (0)

0x370 \ 0x49158

3.6999914587585

8

RT_ICON

1053 (0)

0x8a8 \ 0x494e0

3.6579538837544

9

RT_ICON

1053 (0)

0x8a8 \ 0x49da0

4.0249631039471

10

RT_ICON

1053 (0)

0x8a8 \ 0x4a660

3.2487221804553

11

RT_ICON

1053 (0)

0x468 \ 0x4af20

3.4139824377321

12

RT_ICON

1053 (0)

0x468 \ 0x4b3a0

3.5578835926508

13

RT_ICON

1053 (0)

0x468 \ 0x4b820

4.1431052783101

3

RT_DIALOG

1053 (0)

0xbc \ 0x43898

2.4490584243705

10

RT_DIALOG

1053 (0)

0x72 \ 0x3fe30

2.4959127372241

11

RT_DIALOG

1053 (0)

0x78 \ 0x3ff20

2.6766758960708

12

RT_DIALOG

1053 (0)

0x78 \ 0x3ff98

2.2358402991273

13

RT_DIALOG

1053 (0)

0x78 \ 0x40010

2.3681793852539

14

RT_DIALOG

1053 (0)

0xe2 \ 0x40088

3.2036912215403

15

RT_DIALOG

1053 (0)

0x78 \ 0x3fea8

3.2720505167136

16

RT_DIALOG

1053 (0)

0x78 \ 0x40170

3.2720505167136

18

RT_DIALOG

1053 (0)

0x40 \ 0x3fdf0

2.4972479216716

19

RT_DIALOG

1053 (0)

0xfc \ 0x41758

3.2125329005842

20

RT_DIALOG

1053 (0)

0x35c \ 0x41858

3.498917290659

21

RT_DIALOG

1053 (0)

0x340 \ 0x41bb8

3.5967489108552

22

RT_DIALOG

1053 (0)

0x380 \ 0x421b8

3.9673989793782

24

RT_DIALOG

1053 (0)

0x200 \ 0x42a18

3.2494863311026

25

RT_DIALOG

1053 (0)

0x164 \ 0x42c18

3.3689994928307

26

RT_DIALOG

1053 (0)

0x2c0 \ 0x41ef8

4.5098234530334

27

RT_DIALOG

1053 (0)

0x158 \ 0x42f60

2.9382506182004

29

RT_DIALOG

1053 (0)

0x180 \ 0x430b8

2.8859701939187

30

RT_DIALOG

1053 (0)

0x80 \ 0x3f590

3.4322575432574

31

RT_DIALOG

1053 (0)

0x320 \ 0x3fad0

3.1603872642805

32

RT_DIALOG

1053 (0)

0x100 \ 0x40f78

3.7026145957528

34

RT_DIALOG

1053 (0)

0xc0 \ 0x41188

3.2106533059169

35

RT_DIALOG

1053 (0)

0x60 \ 0x40a40

2.384885175138

37

RT_DIALOG

1053 (0)

0xbc \ 0x41248

3.3371163051013

41

RT_DIALOG

1053 (0)

0x320 \ 0x3f7b0

3.4015800029205

42

RT_DIALOG

1053 (0)

0x2c0 \ 0x43958

3.0876056914713

43

RT_DIALOG

1053 (0)

0x140 \ 0x43c18

2.3954352998436

44

RT_DIALOG

1053 (0)

0x320 \ 0x43578

4.0713275249603

45

RT_DIALOG

1053 (0)

0x1e0 \ 0x42d80

3.1951349763389

46

RT_DIALOG

1053 (0)

0x670 \ 0x401e8

3.6133552263065

47

RT_DIALOG

1053 (0)

0x220 \ 0x43238

3.2616416873841

48

RT_DIALOG

1053 (0)

0x80 \ 0x434f8

3.1873631833541

49

RT_DIALOG

1053 (0)

0x146 \ 0x40858

3.168675113253

50

RT_DIALOG

1053 (0)

0x60 \ 0x43d58

2.5171100962972

51

RT_DIALOG

1053 (0)

0x10c \ 0x41078

3.1853708793378

52

RT_DIALOG

1053 (0)

0x120 \ 0x40b00

3.6338059200798

231

RT_DIALOG

1053 (0)

0x98 \ 0x416c0

2.4598407048625

232

RT_DIALOG

1053 (0)

0x3b8 \ 0x41308

4.4580776247067

233

RT_DIALOG

1053 (0)

0x1a0 \ 0x3f610

4.594197214864

234

RT_DIALOG

1053 (0)

0x2c0 \ 0x42538

4.6750181462201

235

RT_DIALOG

1053 (0)

0x220 \ 0x427f8

3.7348306984007

236

RT_DIALOG

1053 (0)

0xa0 \ 0x43458

2.1624447498858

237

RT_DIALOG

1053 (0)

0x60 \ 0x40aa0

2.5481619672287

238

RT_DIALOG

1053 (0)

0x120 \ 0x3f470

3.2160201165212

240

RT_DIALOG

1053 (0)

0xa0 \ 0x409a0

3.3869767380675

242

RT_DIALOG

1053 (0)

0x160 \ 0x40c20

2.6629237157398

243

RT_DIALOG

1053 (0)

0x2e0 \ 0x43db8

3.6464165970561

244

RT_DIALOG

1053 (0)

0xe0 \ 0x441b8

2.5091985294598

245

RT_DIALOG

1053 (0)

0xe0 \ 0x44298

4.4540605735204

246

RT_DIALOG

1053 (0)

0x120 \ 0x446a8

5.3116598005356

248

RT_DIALOG

1053 (0)

0x528 \ 0x3ef48

6.3328816843634

249

RT_DIALOG

1053 (0)

0xe0 \ 0x44098

4.6650417387319

250

RT_DIALOG

1053 (0)

0x154 \ 0x40e20

4.9050433693334

257

RT_DIALOG

1053 (0)

0xe0 \ 0x44378

5.0761072097519

259

RT_DIALOG

1053 (0)

0x250 \ 0x44458

5.5821336068639

260

RT_DIALOG

1053 (0)

0xa0 \ 0x40d80

2.994859385682

269

RT_DIALOG

1053 (0)

0xe0 \ 0x447c8

2.9908462212055

270

RT_DIALOG

1053 (0)

0x60 \ 0x448a8

2.7881282491548

1048

RT_DIALOG

1053 (0)

0x40 \ 0x44178

2.6856671866887

2

RT_GROUP_ICON

1053 (0)

0x30 \ 0x5f7b8

2.6603382807542

5

RT_GROUP_ICON

1053 (0)

0x14 \ 0x48a30

1.556779649447

6

RT_GROUP_ICON

1053 (0)

0x14 \ 0x48db8

1.556779649447

7

RT_GROUP_ICON

1053 (0)

0x14 \ 0x49140

1.556779649447

8

RT_GROUP_ICON

1053 (0)

0x14 \ 0x494c8

1.556779649447

245

RT_GROUP_ICON

1053 (0)

0x14 \ 0x49d88

1.556779649447

246

RT_GROUP_ICON

1053 (0)

0x14 \ 0x4a648

1.556779649447

247

RT_GROUP_ICON

1053 (0)

0x14 \ 0x4af08

1.556779649447

253

RT_GROUP_ICON

1053 (0)

0x14 \ 0x4b388

1.556779649447

254

RT_GROUP_ICON

1053 (0)

0x14 \ 0x4b808

1.556779649447

256

RT_GROUP_ICON

1053 (0)

0x14 \ 0x4bc88

1.556779649447

1

RT_VERSION

1053 (0)

0x300 \ 0x5f7ec

3.3301755442885

1

RT_MANIFEST

1053 (0)

0x512 \ 0x5faf0

5.396427418676

Total Number of Resources: 87 | Total Size of Rsrc Section: 22528 | Total Entropy of Rsrc Section: 3.4945034007739 | Total Ratio of Rsrc Section: 0.056357197%

PE Opcodes Frequency & Anomalies Analyzer suspect

# Opcode Quantity of instruction Frequency of instruction Byte

2

ADD

231

20.81081%

-)

3

AND

7

0.63063061%

-)

4

CALL

5

0.45045045%

-)

5

CMP

74

6.6666665%

-)

6

DEC

7

0.63063061%

-)

7

IMUL

14

1.2612612%

-)

8

INC

32

2.8828828%

-)

9

JA

18

1.6216216%

-)

10

JAE

15

1.3513514%

-)

11

JB

4

0.36036035%

-)

12

JG

6

0.54054052%

-)

13

JLE

5

0.45045045%

-)

14

JMP

24

2.1621621%

-)

15

JNS

1

0.090090089%

-)

16

JNZ

8

0.72072071%

-)

17

JO

1

0.090090089%

-)

18

JS

1

0.090090089%

-)

19

JZ

25

2.2522523%

-)

20

LEA

48

4.3243241%

-)

21

LOCK ADD

1

0.090090089%

-)

22

LOOP

2

0.18018018%

-)

23

MOV

287

25.855856%

-)

24

MOVZX

35

3.1531532%

-)

25

NOP

5

0.45045045%

-)

26

OR

27

2.4324324%

-)

27

POP

7

0.63063061%

-)

28

POPA

1

0.090090089%

-)

29

PUSH

35

3.1531532%

-)

30

PUSHA

2

0.18018018%

-)

31

ROL

1

0.090090089%

-)

32

SAR

15

1.3513514%

-)

33

SBB

6

0.54054052%

-)

34

SETG

3

0.27027026%

-)

35

SHL

43

3.8738739%

-)

36

SHR

28

2.5225224%

-)

37

SUB

69

6.2162161%

-)

38

TEST

2

0.18018018%

-)

39

XCHG

2

0.18018018%

-)

40

XOR

10

0.9009009%

-)

Load more

Total Number Of Opcodes: 1110

Opcodes Frequency Chart

PE Dumped Strings valid

# String Common

21

Vt8L

Yes

26

NqUn

Yes

30

z-pM

Yes

33

kGhW

Yes

41

sEqq

Yes

48

TbJl

Yes

59

hsCS

Yes

63

tBRz

Yes

70

PXTa

Yes

72

KYQ2

Yes

74

dKE-Q

Yes

83

OqXu

Yes

87

SPhk

Yes

104

Q8tCIh

Yes

106

DIqi

Yes

109

iNxnjh

Yes

114

w EQ

Yes

119

F06x

Yes

126

y1k4

Yes

131

B6O.b

Yes

139

nRqP

Yes

142

Het4

Yes

146

nU25

Yes

156

msE5

Yes

161

N3zp

Yes

168

CNaU

Yes

173

ocy-_

Yes

175

oDq

Yes

181

rbsnE

Yes

182

gnZDp

Yes

195

nd8j

Yes

202

Ibm1U

Yes

214

a84S

Yes

225

QCVJ

Yes

227

AMdHj

Yes

229

EgIG9

Yes

246

L.wO

Yes

248

tUS9

Yes

252

jAgr

Yes

258

QSn-

Yes

264

nte3

Yes

270

nwzy_

Yes

273

vgG

Yes

286

fnwi

Yes

290

FRPMP4

Yes

293

eW4a

Yes

295

km t

Yes

301

zmoi

Yes

313

EFq9

Yes

321

DwH.

Yes

Load more

Total Number of Strings: 808 |  Common strings: 808 | Danger strings: 0

Bytes Frequency Chart