Antivirus scan for 587dbcd1a27ce5b81c42b71915d212d6d4657aa58f9a14f2db975878d0703d59 at 2018-07-29 06:55:01 UTC

Antivirus	Result	Update
AegisLab	Troj.W32.Vucha!c	20180729
AhnLab-V3	Trojan/Win32.Emotet.R232758	20180728
Avast	Win32:Malware-gen	20180729
AVG	Win32:Malware-gen	20180729
Bkav	HW32.Packed.40A8	20180728
Comodo	CloudScanner.Trojan.Gen	20180729
CrowdStrike Falcon (ML)	malicious_confidence_100% (D)	20180723
Cylance	Unsafe	20180729
Endgame	malicious (high confidence)	20180711
Fortinet	W32/GenKryptik.CFYN!tr	20180729
GData	Win32.Trojan-Spy.Emotet.N1JNYE	20180729
Sophos ML	heuristic	20180717
Kaspersky	HEUR:Trojan.Win32.Vucha.dc	20180729
McAfee	Artemis!DCFEF1F89CCD	20180729
McAfee-GW-Edition	BehavesLike.Win32.Emotet.cc	20180729
Microsoft	Trojan:Win32/Emotet.AC!bit	20180729
Palo Alto Networks (Known Signatures)	generic.ml	20180729
Qihoo-360	HEUR/QVM20.1.D051.Malware.Gen	20180729
Rising	Trojan.Fuerboos!8.EFC8 (CLOUD)	20180729
SentinelOne (Static ML)	static engine - malicious	20180701
Symantec	ML.Attribute.HighConfidence	20180729
TrendMicro	TROJ_GEN.USGS18	20180729
TrendMicro-HouseCall	TROJ_GEN.USGS18	20180729
VBA32	BScope.Backdoor.PMax	20180727
Webroot	W32.Trojan.Emotet	20180729
ZoneAlarm by Check Point	HEUR:Trojan.Win32.Vucha.dc	20180729
Ad-Aware		20180729
Alibaba		20180713
ALYac		20180729
Antiy-AVL		20180729
Arcabit		20180729
Avast-Mobile		20180729
Avira (no cloud)		20180728
AVware		20180727
Babable		20180725
Baidu		20180726
BitDefender		20180729
CAT-QuickHeal		20180728
ClamAV		20180729
CMC		20180729
Cybereason		20180225
Cyren		20180729
DrWeb		20180729
eGambit		20180729
Emsisoft		20180729
ESET-NOD32		20180729
F-Prot		20180729
F-Secure		20180729
Ikarus		20180728
Jiangmin		20180729
K7AntiVirus		20180727
K7GW		20180727
Kingsoft		20180729
Malwarebytes		20180729
MAX		20180729
eScan		20180729
NANO-Antivirus		20180729
Panda		20180728
Sophos AV		20180729
SUPERAntiSpyware		20180728
TACHYON		20180729
Tencent		20180729
TheHacker		20180727
TotalDefense		20180729
Trustlook		20180729
VIPRE		20180729
ViRobot		20180728
Yandex		20180725
Zillya		20180727
Zoner		20180728

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Product PuTTY suite

Original name PSCP

Internal name PSCP

File version Release 0.63

Description Command-line SCP/SFTP client

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2018-07-29 04:30:17

Entry Point 0x000016F8

Number of sections 5

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 102640 102912 7.68 b7dcd06070bc67c63c46ad02f6e981db

.text 110592 24336 24576 3.24 d28c9c47979770d3f191c0aeb1e23717

.idata 135168 514 1024 2.67 815c1dd4eafb397a893b1e4eafc6bfe6

.rsrc 139264 864 1024 2.82 43c044a50c3a429315201d086dc531de

.reloc 143360 1456 1536 5.88 1221a7fd538b0afd749383e7a1c395ec

PE imports

Number of PE resources by type

RT_VERSION 1

Number of PE resources by language

ENGLISH US 1

PE resources

0c9bd4c734afedac3926ced0c1f432c97001b379a30affb8dc93f703f790ec3d data

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Sun Jul 29 04:30:17 2018 128128 37 Bytes

12 (12) Sun Jul 29 04:30:17 2018 128252 20 Bytes

ExifTool file metadata

UninitializedDataSize

LinkerVersion

12.0

ImageVersion

0.0

FileSubtype

FileVersionNumber

0.63.0.0

LanguageCode

English (British)

FileFlagsMask

0x000b

FileDescription

Command-line SCP/SFTP client

ImageFileCharacteristics

Executable, 32-bit

CharacterSet

Unicode

InitializedDataSize

28160

EntryPoint

0x16f8

OriginalFileName

PSCP

MIMEType

application/octet-stream

LegalCopyright

FileVersion

Release 0.63

TimeStamp

2018:07:29 05:30:17+01:00

FileType

Win32 EXE

PEType

PE32

InternalName

PSCP

ProductVersion

Release 0.63

SubsystemVersion

5.0

OSVersion

5.0

FileOS

Win32

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

Simon Tatham

CodeSize

102912

ProductName

PuTTY suite

ProductVersionNumber

0.63.0.0

FileTypeExtension

exe

ObjectFileType

Executable application

File identification

MD5 dcfef1f89ccd0d4e5d46365ef460eb86

SHA1 abb141e5e897f6a6f24ee6fb535b0a2bc18adb55

SHA256 587dbcd1a27ce5b81c42b71915d212d6d4657aa58f9a14f2db975878d0703d59

ssdeep

3072:M8O+yn+erxJ0FbTxaCsM/hKougkBuz5A:MT+yn+eL0FbTJB/hKgks

authentihash 4b5945aefbdbd86a691389be17eed44988c025b58f5f1105c4634f266fb97da4

imphash 15c5fc88a667dd466bf200e813a74608

File size 129.0 KB ( 132096 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	OS/2 Executable (generic) (33.6%) Generic Win/DOS Executable (33.1%) DOS Executable Generic (33.1%)

VirusTotal metadata

First submission 2018-07-28 21:35:36 UTC ( 6 months, 4 weeks ago )

Last submission 2018-07-29 01:30:26 UTC ( 6 months, 4 weeks ago )

File names

abb141e5e897f6a6f24ee6fb535b0a2bc18adb55
PSCP
KoA0HfcTSm8J.exe

SHA256:	587dbcd1a27ce5b81c42b71915d212d6d4657aa58f9a14f2db975878d0703d59
File name:	abb141e5e897f6a6f24ee6fb535b0a2bc18adb55
Detection ratio:	26 / 68
Analysis date:	2018-07-29 06:55:01 UTC ( 6 months, 4 weeks ago ) View latest

Ciphered bundle