Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.ConvertAd.AJ

Adware.ConvertAd.AJ

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 507
Threat Level: 20 % (Normal)
Infected Computers: 5,333
First Seen: October 22, 2024
Last Seen: April 12, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.ConvertAd.AJ
Packers: UPX!
Signature status: No Signature

Known Samples

MD5: a14fdde27ae4506ac5ef3cb452f0e2e1
SHA1: c3b14555c4b7033381356dc45542d73718d89767
SHA256: 87406835AABD9C09829ED273BA2C2891A32C63D27145B94B33E711BA572F44C6
File Size: 2.03 MB, 2032128 bytes
MD5: c4dd3241c34551d764bcb561f1792b93
SHA1: 81b96812bcdb23ad515e219ac26d581b6d63d748
SHA256: B6BC7B34FB04D68F97F7AA9E36EF0C1D216CD88D02DA6CCF39641A837C201F7D
File Size: 2.06 MB, 2056704 bytes
MD5: 0e387f13c0f0fb1862b75ea3eccf3040
SHA1: c5b2e2c86f6d783fada4828184f56f8ef66386ff
SHA256: 6BB76D87C54FF4A2637262A55029551009E36D993E74A13BDE93C44BFAFD0137
File Size: 2.03 MB, 2031104 bytes
MD5: 69a284cb9900bf88281c52a78f396668
SHA1: 17b84dc55fdcc8f4cf7a017592452a0509b729b0
SHA256: 0D69A26C4AF157F1D441924F07023B2C67C06BFF8211E6A26010C20A2F5C2358
File Size: 2.03 MB, 2032640 bytes
MD5: e6f641aa2003631a1658267225d58de2
SHA1: 1a4215e03190c82fb959befde58e8f93626b4bf8
SHA256: 16B02AEFDD67DEA20CFE4A8678678EEF4EBC8C97B7D841AEDE3803FACF9323AD
File Size: 2.06 MB, 2056704 bytes
Show More
MD5: cec0416b1128e6418c14bfa88c2fa33d
SHA1: f6d7e19c9be23a9768b43a349876a277f4a05bc1
SHA256: BD2E767FD851F9207D12FA130D7B9576E873CC6277266E6DBBBCB3EC32BCD8A1
File Size: 2.03 MB, 2030592 bytes
MD5: 4a4b3a162abf4acb46b6bca41d093da2
SHA1: cde52ebec44f352d4d32d688887e2546b7ce7892
SHA256: 514DF1E3D2367F738DA9DD225EB645B0DD189D9D5CDA062FAA37C24AD4831B1B
File Size: 3.88 MB, 3883536 bytes
MD5: 052a38ee82731c6c6ad3a8dbaccc0b80
SHA1: 7454d6797aae56f05bd5199190ea8f6301922888
SHA256: 48236124309B83D34899A371D5F705346928CF1B6D0790C82D88E8D92F961AE7
File Size: 3.91 MB, 3909048 bytes
MD5: 31363f53c409284b593c914f4220956d
SHA1: 5803ef8bedeba6a62ac2aa3087c21632aa42dd2f
SHA256: 5AB5F67E5A59CF69575D9A74C00927310F996A79B6BE835A005F1E22ADDFE264
File Size: 3.88 MB, 3883640 bytes
MD5: 930c821094994752e45cbd630bbc9e91
SHA1: 3006dac4d1aa9bc360287a2270496b0b93f66ec5
SHA256: 65331FD7AD1B54CAD7E7A4DF8740ABB6F1E4566B10A6FFF064E684F4368A1599
File Size: 2.03 MB, 2030592 bytes
MD5: cf9982d03362d273b3d9c9dbf2764829
SHA1: 16d7405cdb6a1a6ca3eb35a663b528aaac449f93
SHA256: 05BC0C95F0F1AEB7526CC0D1CF9C3A6EC6756DC2F2A3F126A4CB023D4D654022
File Size: 3.88 MB, 3880464 bytes
MD5: 3dbab62c6eab84578cfc0a95564c9745
SHA1: d1e7780e57bb239f709bb9363f13e849b97ae4ef
SHA256: 0AB18BD0B399A26667124D0FBE078D82BEFA71E0962499B8020F2FA452201375
File Size: 4.27 MB, 4271104 bytes
MD5: 6d352ebc6a71dddebb2c697359d9069c
SHA1: ece0f94d3ca1af901b6fbc5ae92341f68d66d34e
SHA256: BF7F0BC1188A90781E54F68A50C8FF5423A775EE2687BA4D04C036EBDC35F1AF
File Size: 4.27 MB, 4268032 bytes
MD5: 9e4472b5fe82b36a10d01577fa43d683
SHA1: 73beeb356912a1e2f8f402993b1cb3299f8d861b
SHA256: FDD172B0ABFC6F10553E5532667DD588C2380BB7DF1D5B392ABD82AE40115CCB
File Size: 2.07 MB, 2072576 bytes
MD5: 2aecbcd9fa50575432aba34d4d218f52
SHA1: 3b1b7348c7b74a7e294ad4ee8c9fc3ebf23e5119
SHA256: EB19553E9AD93B54AC05ADB5ECA36D53F87FFAD751A7A4456649A514F1C88F79
File Size: 2.04 MB, 2043400 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • BitTorrent Inc.
  • BitTorrent Limited
  • Rainberry, Inc.
File Description
  • utorrent
  • µTorrent
File Version
  • 3.6.0.47228
  • 3.6.0.47224
  • 3.6.0.47222
  • 3.6.0.47168
  • 3.6.0.47142
  • 3.6.0.47134
  • 3.6.0.47116
  • 3.6.0.47084
  • 3.6.0.47044
  • 3.6.0.47016
Show More
  • 3.6.0.46942
  • 3.6.0.46904
Internal Name
  • utorrent
  • uTorrent.exe
Legal Copyright
  • (c) 2022 Rainberry, Inc. All Rights Reserved.
  • (c) 2023 BitTorrent Limited All Rights Reserved.
  • ©2020 BitTorrent, Inc. All Rights Reserved.
  • ©2023 BitTorrent Limited All Rights Reserved.
Original Filename uTorrent.exe
Product Name
  • utorrent
  • µTorrent
Product Version
  • 3.6.0.47228
  • 3.6.0.47224
  • 3.6.0.47222
  • 3.6.0.47168
  • 3.6.0.47142
  • 3.6.0.47134
  • 3.6.0.47116
  • 3.6.0.47084
  • 3.6.0.47044
  • 3.6.0.47016
Show More
  • 3.6.0.46942
  • 3.6.0.46904
Special Build stable34 stable

Digital Signatures

Signer Root Status
BitTorrent Inc DigiCert Trusted Root G4 Root Not Trusted
BitTorrent Inc DigiCert Trusted Root G4 Hash Mismatch
Rainberry Inc DigiCert Trusted Root G4 Root Not Trusted

File Traits

  • 2+ executable sections
  • Badsig nsis
  • BINinO
  • HighEntropy
  • Installer Manifest
  • MZ (In Overlay)
  • Nullsoft Installer
  • packed
  • SusSec
  • upx
Show More
  • UPX!
  • x86

Block Information

Total Blocks: 10,571
Potentially Malicious Blocks: 4,661
Whitelisted Blocks: 5,909
Unknown Blocks: 1

Visual Map

0 1 0 1 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x 0 x 0 x 0 x x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x x 0 x 0 0 x x 0 x 0 x x x x x x x x x x x 0 x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x x x x x x x x x 0 0 x 0 0 0 0 x x x x x x 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x x x x x x 0 0 x x 0 x x x x 0 x x x x x 0 0 0 x x x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 x 0 x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 x 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 x 0 0 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 x x x 0 0 0 0 0 x x 0 0 0 0 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 x x 0 0 0 x 0 x x 0 0 0 0 0 0 x x 0 0 x 0 0 x x 0 x x x x x x x 0 x x x x 0 0 0 0 0 0 0 x 0 x 0 0 x x 0 x x x 0 x x x 0 0 x x 0 x x x x x 0 x 0 x x x x 0 0 0 0 x 1 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 x x x 0 x x x x x 0 0 0 x x x 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 x x x 0 0 x x x x 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 x x x 0 0 x x x x 0 x 0 0 0 0 0 x x x 0 0 0 x 0 0 x 0 0 x 0 x x x x 0 x x x x x x 0 0 0 0 0 x 0 0 x 0 x x 0 x 0 0 0 x 0 x x x x 0 0 0 0 x 0 x x 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 x x x 0 0 0 0 0 0 0 x x 0 x 0 x 0 0 0 0 0 x x 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 x x x 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 0 x 0 x x 0 x x x x x x x x x x 0 0 0 0 x x x 0 0 0 0 x 0 x x 0 0 x x x x x 0 x x x x x 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x 0 x x x x 0 x 0 x x x x x x x x x 0 0 x x x x x 0 x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 0 0 x 0 x 0 0 0 x x 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x 0 x x x x x 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 0 0 0 0 x 0 x x x x 0 0 0 x x 0 0 0 0 0 0 x x x x x x x x 0 0 0 x 0 x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 x x x x x x x 0 0 0 0 0 x 0 x 0 0 x 0 0 0 0 0 1 0 x 0 0 x 0 x 0 0 0 x x x x x 0 x 0 0 x 0 0 x x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x 0 0 0 x 0 x 0 x 0 x 0 0 0 0 0 0 x 0 x x x 0 0 0 0 x 0 x x x x x x x x x 0 0 0 x 0 x 0 0 x x x x 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 x 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 x x 0 0 0 x x 0 0 x 0 0 0 x 0 x x 0 0 0 0 0 0 0 x 0 0 x 0 x 0 0 0 x x 0 0 x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x x x 0 0 x 0 x x x 0 0 x x x x 0 0 0 0 x x x x x x x x x x 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • ConvertAd.AJ
  • Gametool.ADA

Files Modified

File Attributes
c:\users\user\appdata\local\temp\nsk43f8.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk43f8.tmp\nsisfirewall.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk43f8.tmp\nsislog.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk43f8.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk43f8.tmp\utorrent.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk43f8.tmp\utwin_install.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3584.tmp\bt_datachannel.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3584.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3584.tmp\nsisfirewall.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3584.tmp\nsislog.txt Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsq3584.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3584.tmp\utorrent.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3584.tmp\utwin_install.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbe27.tmp\nsisfirewall.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbe27.tmp\nsislog.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbe27.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbe27.tmp\utorrent.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\utt41f7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3119368278-1123331430-659265220-1001\1f91d2d17ea675d4c2c3192e241743f9_bfeb5820-9643-42ad-a79f-071dff4d8e64 Generic Write,Read Attributes
c:\users\user\appdata\roaming\utorrent\46942-utorrent.7cf4.dmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\utorrent\bt_datachannel.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\utorrent\updates.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\utorrent\updates\3.6.0_46942.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
  • ZwMapViewOfSection
Process Shell Execute
  • ShellExecuteEx
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Other Suspicious
  • AdjustTokenPrivileges
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Winsock
  • freeaddrinfo
  • getaddrinfo
Cert Store Read
  • CertOpenStore
Cert Store Write
  • CertAddCertificateContextToStore

Shell Command Execution

(NULL) C:\Users\Wsabcibk\AppData\Local\Temp\nsk43F8.tmp\utorrent.exe
(NULL) C:\Users\Yxibvcuq\AppData\Local\Temp\nsq3584.tmp\utorrent.exe

Trending

Most Viewed

Loading...