× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1882307c10187a70c3ec3978665d0dd1f5ce3955156a4a577c3872dc6f013290
File name: 9843b5e48ecb45f176a19b840da2fd3e_ry.bin
Detection ratio: 29 / 68
Analysis date: 2018-08-16 20:38:36 UTC ( 6 months, 1 week ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R233308 20180816
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9984 20180816
Bkav HW32.Packed. 20180816
CAT-QuickHeal Trojan.Emotet.Z4 20180816
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.9b3cb1 20180225
Cyren W32/Emotet.EM.gen!Eldorado 20180816
DrWeb Trojan.EmotetENT.257 20180816
Emsisoft Trojan.Emotet (A) 20180816
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJLI 20180816
F-Prot W32/Emotet.EM.gen!Eldorado 20180816
Fortinet W32/GenKryptik.CHRS!tr 20180816
Sophos ML heuristic 20180717
K7GW Hacktool ( 700007861 ) 20180816
Kaspersky HEUR:Trojan.Win32.Generic 20180816
Malwarebytes Spyware.Emotet 20180816
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180816
Microsoft Trojan:Win32/Emotet.AS 20180816
Qihoo-360 HEUR/QVM20.1.3A03.Malware.Gen 20180816
Rising Malware.Heuristic!ET#91% (RDM+:cmRtazpzIrCpq9CNWMAEMFZ8MGU4) 20180816
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180816
TrendMicro TSPY_EMOTET.SMAL8A 20180816
TrendMicro-HouseCall TSPY_EMOTET.SMAL8A 20180816
VBA32 BScope.Backdoor.PMax 20180816
ViRobot Trojan.Win32.Agent.135680.AG 20180816
Webroot W32.Trojan.Emotet 20180816
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180816
Ad-Aware 20180816
AegisLab 20180816
Alibaba 20180713
ALYac 20180816
Antiy-AVL 20180816
Arcabit 20180816
Avast 20180816
Avast-Mobile 20180816
AVG 20180816
Avira (no cloud) 20180816
AVware 20180816
Babable 20180725
BitDefender 20180816
ClamAV 20180816
CMC 20180812
Comodo 20180816
Cylance 20180816
eGambit 20180816
F-Secure 20180816
GData 20180816
Ikarus 20180816
Jiangmin 20180816
K7AntiVirus 20180816
Kingsoft 20180816
MAX 20180816
McAfee 20180816
eScan 20180816
NANO-Antivirus 20180816
Palo Alto Networks (Known Signatures) 20180816
Panda 20180816
Sophos AV 20180816
SUPERAntiSpyware 20180816
Symantec Mobile Insight 20180814
TACHYON 20180816
Tencent 20180816
TheHacker 20180815
TotalDefense 20180816
Trustlook 20180816
VIPRE 20180816
Yandex 20180816
Zillya 20180816
Zoner 20180816
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2013 Simon Tatham.

Product PuTTY suite
Original name PSCP
Internal name PSCP
File version Release 0.63
Description Command-line SCP/SFTP client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-01 22:45:29
Entry Point 0x00001F84
Number of sections 5
PE sections
PE imports
GetSecurityDescriptorLength
QueryUsersOnEncryptedFile
GdiFlush
GetDIBColorTable
Module32Next
GetLastError
LoadLibraryExA
GetNativeSystemInfo
DeleteCriticalSection
GetCommandLineW
FreeLibrary
FatalAppExitA
LoadLibraryExW
GetTempFileNameA
GetTimeFormatA
GetMailslotInfo
GetThreadPriority
GetProcessHeap
FindFirstVolumeW
FindCloseChangeNotification
ExtractIconA
ExtractAssociatedIconW
GetUserNameExA
GetCursorPos
GetSubMenu
GetSysColor
GetTopWindow
DefWindowProcW
DeferWindowPos
IsZoomed
DestroyCaret
DrawTextExA
GetMenuStringW
DefDriverProc
Ord(29)
strlen
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.63.0.0

LanguageCode
English (British)

FileFlagsMask
0x000b

FileDescription
Command-line SCP/SFTP client

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
29184

EntryPoint
0x1f84

OriginalFileName
PSCP

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997-2013 Simon Tatham.

FileVersion
Release 0.63

TimeStamp
2018:08:01 22:45:29+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
PSCP

ProductVersion
Release 0.63

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Simon Tatham

CodeSize
105472

ProductName
PuTTY suite

ProductVersionNumber
0.63.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0dfbd319b3cb1ba865cf7978f5c8bc93
SHA1 f54ee6ffeb62299a2d2d7ca323fe62127571df30
SHA256 1882307c10187a70c3ec3978665d0dd1f5ce3955156a4a577c3872dc6f013290
ssdeep
3072:FZAJdhuTBbmZUane4WL2RMOToa+Gxhe1jc9Y:F2HhGBxIZqrah7e1jc

authentihash e1dcc4b4b4153de5b87854a56a3485253d03abd74b924890dd477e36591cbbaf
imphash b7e7e03638c508345e24f7f017f524df
File size 132.5 KB ( 135680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-16 20:38:36 UTC ( 6 months, 1 week ago )
Last submission 2018-08-16 20:38:36 UTC ( 6 months, 1 week ago )
File names PSCP
9843b5e48ecb45f176a19b840da2fd3e_ry.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs