× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2562a4d5365165f5dfebd2ee08c7515c88735dc66b56003b63066b3d1d600b8e
File name: PUTTY.EXE
Detection ratio: 31 / 68
Analysis date: 2018-08-31 05:00:34 UTC ( 8 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.171859 20180831
AhnLab-V3 Trojan/Win32.Injector.R235841 20180831
Antiy-AVL Trojan[Downloader]/Win32.Agent 20180831
Arcabit Trojan.Strictor.D29F53 20180831
Avast Win32:MalwareX-gen [Trj] 20180831
AVG Win32:MalwareX-gen [Trj] 20180831
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9926 20180830
BitDefender Gen:Variant.Strictor.171859 20180831
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cylance Unsafe 20180831
Emsisoft Gen:Variant.Strictor.171859 (B) 20180831
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.DZXD 20180831
F-Secure Gen:Variant.Strictor.171859 20180831
Fortinet W32/Generic.AC.4195AD 20180831
GData Gen:Variant.Strictor.171859 20180831
Sophos ML heuristic 20180717
Jiangmin TrojanDownloader.Agent.fryv 20180831
Kaspersky HEUR:Trojan-Downloader.Win32.Agent.gen 20180831
MAX malware (ai score=100) 20180831
McAfee Packed-FLC!33C4CAD80404 20180831
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20180831
Microsoft VirTool:Win32/DelfInject 20180831
eScan Gen:Variant.Strictor.171859 20180831
Palo Alto Networks (Known Signatures) generic.ml 20180831
Panda Trj/GdSda.A 20180830
Rising Trojan.Injector!8.C4 (TFE:dGZlOgSiW+oOtCEYKQ) 20180831
Sophos AV Mal/Generic-S 20180831
Symantec ML.Attribute.HighConfidence 20180831
Webroot W32.Trojan.Gen 20180831
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Win32.Agent.gen 20180831
AegisLab 20180831
Alibaba 20180713
ALYac 20180831
Avast-Mobile 20180831
Avira (no cloud) 20180831
AVware 20180823
Babable 20180822
Bkav 20180831
CAT-QuickHeal 20180830
ClamAV 20180830
CMC 20180831
Comodo 20180831
Cybereason 20180225
Cyren 20180831
DrWeb 20180831
eGambit 20180831
F-Prot 20180831
Ikarus 20180830
K7AntiVirus 20180829
K7GW 20180830
Kingsoft 20180831
Malwarebytes 20180831
NANO-Antivirus 20180831
Qihoo-360 20180831
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180831
Symantec Mobile Insight 20180829
TACHYON 20180831
Tencent 20180831
TheHacker 20180829
TotalDefense 20180830
TrendMicro 20180831
TrendMicro-HouseCall 20180831
Trustlook 20180831
VBA32 20180830
VIPRE 20180831
ViRobot 20180831
Yandex 20180830
Zillya 20180830
Zoner 20180830
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.1.1.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000196F4
Number of sections 8
PE sections
PE imports
RegFlushKey
RegCloseKey
OpenProcessToken
RegQueryValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
GetDeviceCaps
SetROP2
DeleteDC
GetSystemPaletteEntries
SetBkMode
MoveToEx
CreatePalette
GetStockObject
GetCurrentPositionEx
SelectPalette
CreateFontIndirectA
GetTextMetricsA
UnrealizeObject
CreatePenIndirect
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
lstrlenA
GetModuleFileNameW
GetStringTypeExA
WaitForSingleObject
FreeLibrary
MulDiv
IsDebuggerPresent
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
CopyFileW
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
CreateDirectoryA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
GetFullPathNameA
SetFilePointer
GetTempPathA
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
GetCurrentProcessId
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
GetACP
GetDiskFreeSpaceA
CreateThread
GetCurrentThreadId
FreeResource
FileTimeToLocalFileTime
SetFileAttributesA
SetEvent
LocalFree
FindResourceA
CreateProcessA
EnumCalendarInfoA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
RtlSetProcessIsCritical
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetCursorPos
MessageBoxExA
GetWindowTextLengthA
GetSysColor
LoadIconA
ReleaseDC
LoadStringA
CharNextA
EnumWindows
MessageBoxA
GetWindowTextA
GetSystemMetrics
GetKeyboardType
GetDC
CharToOemA
Number of PE resources by type
RT_STRING 7
RT_ICON 6
RT_RCDATA 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
POLISH DEFAULT 18
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
132608

ImageVersion
0.0

FileVersionNumber
1.1.1.0

LanguageCode
Unknown (400A)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.1.1.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
109568

FileSubtype
0

ProductVersionNumber
1.1.1.0

EntryPoint
0x196f4

ObjectFileType
Executable application

File identification
MD5 33c4cad80404e9a918c9b8c01bfce4cb
SHA1 1996979e45f1f0bf0dbd3b76adcee803edb97315
SHA256 2562a4d5365165f5dfebd2ee08c7515c88735dc66b56003b63066b3d1d600b8e
ssdeep
3072:4Pvdwe0aN6XYwISJt+JJTFzEKS8n7TZmI+nTuMxt9x76QJJfffWD9593CC9ceNL:4HOYuPU17TLgTuMxt7rmp

authentihash b22899182f38385c96236cfb9a30fb08a91f2dd45c365b5589e150f56cc58c01
imphash ede4ba6204d0154a9bcd87db7d18160c
File size 237.5 KB ( 243200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (52.9%)
Win32 Executable (generic) (16.8%)
Win16/32 Executable Delphi generic (7.7%)
OS/2 Executable (generic) (7.5%)
Generic Win/DOS Executable (7.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-31 00:27:29 UTC ( 8 months, 4 weeks ago )
Last submission 2018-08-31 04:58:34 UTC ( 8 months, 4 weeks ago )
File names PUTTY.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.