Malware

Trojan.Siggen31.34463

Trojan.Siggen31.34463 is a trojan written in the Go programming language. According to the provided content, it is designed to download additional malware onto infected systems, specifically various miner trojans and adware. It is described as a DLL file located at %appdata%\utorrent\lib.dll and is launched by exploiting a DLL Search Order Hijacking vulnerability/class issue in the uTorrent torrent client. The content lists it among common threats observed by Dr.Web in late 2025 and Q1 2026. High-confidence indicators and artifacts directly mentioned include the malware name Trojan.Siggen31.34463, its file path %appdata%\utorrent\lib.dll, its use of the Go programming language, its downloader behavior for miner trojans and adware, and its execution via DLL Search Order Hijacking in uTorrent. No specific threat actor, industry targeting, or additional infrastructure is identified in the provided content.

For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial

MITRE ATT&CK

Techniques & procedures

2 distinct techniques documented for this family, organized by ATT&CK tactic.

Execution

1 technique

T1574.001DLLEvidence1

To launch, it exploits a DLL Search Order Hijacking vulnerability in the uTorrent torrent client.

Stealth

1 technique

T1574.001DLLEvidence1

To launch, it exploits a DLL Search Order Hijacking vulnerability in the uTorrent torrent client.

Command and Control

1 technique

T1105Ingress Tool TransferEvidence1

Trojan.Siggen31.34463 A trojan written in the Go programming language and designed to download various miner trojans and adware into infected systems.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

news drweb comNews

Apr 1, 2026

Dr.Web - Doctor Web’s Q1 2026 virus activity review

Go-based trojan downloader delivered as a DLL that abuses DLL search order hijacking in uTorrent to load and then download miner trojans and adware.

news drweb comNews

Jan 15, 2026

Dr.Web - Doctor Web’s virus activity review for 2025

Go-based DLL loader/downloader dropped as %appdata%\utorrent\lib.dll; abuses DLL Search Order Hijacking in uTorrent to execute and then downloads miner trojans and adware.

news drweb comNews

Jan 12, 2026

Doctor Web’s Q4 2025 virus activity review

Go-based downloader (DLL at %appdata%\utorrent\lib.dll) that leverages DLL Search Order Hijacking in the uTorrent client to execute, then downloads miner trojans and adware.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.

Start free trial

IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping2

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.