Thursday, February 7, 2008

µTorrent 1.7.7 Stealth MoD

µTorrent 1.7.7 stealth MoD
µTorrent 1.7.7 stealth MoD AHA *FIXED*

You aren't shown on trackers during file transfer (no peerlist entry)
Flag not send to tracker
No Call Homes
DHT private flag bypass - always enabled

Virus analysis Result: 4/32 (12.5%): http://www.virustotal.com/de/analisis/bc4b98eb876416d53f02ba6e12db447f

Download (216.00 KB) Fixed: utorrent2.exe
utorrent3.exe
File size: 215.54 KB: utorrent4.exe - Mirror
Analise: http://www.virustotal.com/de/analisis/6e6af8694672d46597b0635b526b0146
packers: dsig, PE_Patch.EPProt = VMProtect 1. reg (215.53 KB) utorrent5.exe
http://www.virustotal.com/analisis/9826e8fa32bfaf7669b45c4617b92542

AiO (210.82 KB): uTorrent MoDs tEsT.rar - MiRR0r1 - MiRR0r2

Result: AV Programs are crazy the only changes I did is changing the exe packer sig and different AV scan results shown up. ACProtect 1.09, UPX seems to be with 4 positive from 32 AV scanner the safest. All other packer (87 tested) incl. all commercial and free (Y0da, PECompact,...different versions) shown 5 positive from 32 scan engines Scan by self: http://www.virustotal.com/

µTorrent 1.7.7 Stealth MoD AGAiN


uTorrentAGAiN.exe 231.74 KB (packers: Aspack) VirusTotal Scan result: http://www.virustotal.com/analisis/070a9792a589cf4405fbf4ec1ad36197

uTorrent.exe 233.50 KB (packers: ASPack) VirusTotal result: http://www.virustotal.com/analisis/b10662836a07d9ba1f791cb03970e8ef

uTorrentMGBiM.exe 234.00 KB (packers: ASPack) VirusTotal result: http://www.virustotal.com/analisis/b774f0ed4876d45ae4e387eb0c1704cf

AiO: uTorrent MoDs AGAiN.rar - Mirror - Mirror

5 comments:

Anonymous said...

What's the difference between all those versions? Which one should I download?

Anonymous said...

Yeah which one is the best to use ?
im confused.....

Anonymous said...

A romanian AntiVirus firm have been fallen over it cause utorrent upx already show some false positive in original download but now we've used a old packer with higher compression as upx names Xcomp from Februar last year and this AV Firm have put the whole packer as a virus in them database. By testing random files with Xcomp it proves that XComp is no Virus.
It's up to you it was a test of compression with the result that AV firms force users, developers to use for them "known" packers such as upx, pecompact an the rest of commercial once.
But after all it keep me thinking that these AV Firms do not have any research labs and collect just user submission stats to select what they put as possible virus in them list. If they will have research labs and dissamble XComp they will see the true. Lazy AV Firms out there.

Anonymous said...

is this removed from the original uTorrent 1.7

64.124.145.113
64.124.145.104
206.169.225.92
64.34.174.141
64.34.172.152
206.169.170.246
206.169.230.102

whois/trace:
http://whois.domaintools.com/64.124.145.113 Abovenet Communications, Inc
http://whois.domaintools.com/64.124.145.104 Abovenet Communications, Inc
http://whois.domaintools.com/206.169.225.92 Time Warner Telecom, Inc.
http://whois.domaintools.com/64.34.174.141 Peer 1 Network Inc.
http://whois.domaintools.com/64.34.172.152 Peer 1 Network Inc.
http://whois.domaintools.com/206.169.170.246 Time Warner Telecom, Inc.
http://whois.domaintools.com/206.169.230.102 Time Warner Telecom, Inc.

Anonymous said...

This wont work at some sites. It would read how many seeders & leechers there are but it wont start downloading. Is it possible some sites are blocking this program ?

Post a Comment