Thursday, February 7, 2008

µTorrent 1.7.7 Stealth MoD

µTorrent 1.7.7 stealth MoD
µTorrent 1.7.7 stealth MoD AHA *FIXED*

You aren't shown on trackers during file transfer (no peerlist entry)
Flag not send to tracker
No Call Homes
DHT private flag bypass - always enabled

Virus analysis Result: 4/32 (12.5%):

Download (216.00 KB) Fixed: utorrent2.exe
File size: 215.54 KB: utorrent4.exe - Mirror
packers: dsig, PE_Patch.EPProt = VMProtect 1. reg (215.53 KB) utorrent5.exe

AiO (210.82 KB): uTorrent MoDs tEsT.rar - MiRR0r1 - MiRR0r2

Result: AV Programs are crazy the only changes I did is changing the exe packer sig and different AV scan results shown up. ACProtect 1.09, UPX seems to be with 4 positive from 32 AV scanner the safest. All other packer (87 tested) incl. all commercial and free (Y0da, PECompact,...different versions) shown 5 positive from 32 scan engines Scan by self:

µTorrent 1.7.7 Stealth MoD AGAiN

uTorrentAGAiN.exe 231.74 KB (packers: Aspack) VirusTotal Scan result:

uTorrent.exe 233.50 KB (packers: ASPack) VirusTotal result:

uTorrentMGBiM.exe 234.00 KB (packers: ASPack) VirusTotal result:

AiO: uTorrent MoDs AGAiN.rar - Mirror - Mirror


Anonymous said...

What's the difference between all those versions? Which one should I download?

Anonymous said...

Yeah which one is the best to use ?
im confused.....

Anonymous said...

A romanian AntiVirus firm have been fallen over it cause utorrent upx already show some false positive in original download but now we've used a old packer with higher compression as upx names Xcomp from Februar last year and this AV Firm have put the whole packer as a virus in them database. By testing random files with Xcomp it proves that XComp is no Virus.
It's up to you it was a test of compression with the result that AV firms force users, developers to use for them "known" packers such as upx, pecompact an the rest of commercial once.
But after all it keep me thinking that these AV Firms do not have any research labs and collect just user submission stats to select what they put as possible virus in them list. If they will have research labs and dissamble XComp they will see the true. Lazy AV Firms out there.

Anonymous said...

This wont work at some sites. It would read how many seeders & leechers there are but it wont start downloading. Is it possible some sites are blocking this program ?

Post a Comment