× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f2fb4151f26ff8b735c197da6143284a75bf2e1625c43d8c15a712ab130c3cd
File name: Plink
Detection ratio: 25 / 68
Analysis date: 2018-08-16 01:48:39 UTC ( 7 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12577412 20180816
AegisLab Trojan.Win32.Generic.4!c 20180816
ALYac Trojan.GenericKD.12577412 20180816
Arcabit Trojan.Generic.DBFEA84 20180816
AVG FileRepMalware 20180815
AVware Trojan.Win32.Generic!BT 20180816
BitDefender Trojan.GenericKD.12577412 20180816
Comodo UnclassifiedMalware 20180815
Cybereason malicious.52dd3d 20180225
Cylance Unsafe 20180816
Cyren W32/GenBl.E45CD905!Olympus 20180815
Emsisoft Trojan.GenericKD.12577412 (B) 20180816
F-Secure Trojan.GenericKD.12577412 20180815
GData Trojan.GenericKD.12577412 20180815
MAX malware (ai score=98) 20180816
McAfee Artemis!E45CD9052DD3 20180815
McAfee-GW-Edition BehavesLike.Win32.Trojan.cc 20180815
Microsoft Trojan:Win32/Bitrep.A 20180815
eScan Trojan.GenericKD.12577412 20180815
Qihoo-360 Win32/Backdoor.121 20180816
Rising Trojan.Win32.Generic.15C2B87E (C64:YzY0OqXnaszGm00S) 20180816
Symantec Backdoor.Trojan 20180816
VIPRE Trojan.Win32.Generic!BT 20180816
Yandex Backdoor.Swrort!rYcJbsSFF3o 20180815
Zillya Trojan.GenericKD.Win32.94556 20180815
AhnLab-V3 20180815
Alibaba 20180713
Antiy-AVL 20180816
Avast 20180815
Avast-Mobile 20180815
Avira (no cloud) 20180815
Babable 20180725
Baidu 20180815
Bkav 20180815
CAT-QuickHeal 20180814
ClamAV 20180815
CMC 20180812
CrowdStrike Falcon (ML) 20180723
DrWeb 20180816
eGambit 20180816
Endgame 20180730
ESET-NOD32 20180816
F-Prot 20180815
Fortinet 20180815
Ikarus 20180815
Sophos ML 20180717
Jiangmin 20180815
K7AntiVirus 20180815
K7GW 20180815
Kaspersky 20180816
Kingsoft 20180816
Malwarebytes 20180815
NANO-Antivirus 20180816
Palo Alto Networks (Known Signatures) 20180816
Panda 20180815
SentinelOne (Static ML) 20180701
Sophos AV 20180816
SUPERAntiSpyware 20180815
Symantec Mobile Insight 20180814
TACHYON 20180816
Tencent 20180816
TheHacker 20180815
TotalDefense 20180815
TrendMicro 20180816
TrendMicro-HouseCall 20180816
Trustlook 20180816
VBA32 20180815
ViRobot 20180815
Webroot 20180816
ZoneAlarm by Check Point 20180816
Zoner 20180815
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright ? 1997-2011 Simon Tatham.

Product PuTTY suite
Original name Plink
Internal name Plink
File version Unidentified build
Description Command-line SSH, Telnet, and Rlogin client
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-15 08:12:58
Entry Point 0x00063A30
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
GetCapture
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH UK 8
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
245760

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x000b

FileDescription
Command-line SSH, Telnet, and Rlogin client

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

PrivateBuild
Unidentified build

EntryPoint
0x63a30

OriginalFileName
Plink

MIMEType
application/octet-stream

LegalCopyright
Copyright ? 1997-2011 Simon Tatham.

FileVersion
Unidentified build

TimeStamp
2013:02:15 09:12:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Plink

ProductVersion
Unidentified build

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Simon Tatham

CodeSize
159744

ProductName
PuTTY suite

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e45cd9052dd3dd502685dfd9aa2575ca
SHA1 a66dd0047b86e93c1ae2cdfc8ce91a02059e4265
SHA256 6f2fb4151f26ff8b735c197da6143284a75bf2e1625c43d8c15a712ab130c3cd
ssdeep
3072:0msWrHVH3ue7D2iZ6wd8i2xsg2aR7FJTDZgtdp2AVJUXxx+Bv3zPiD13hWsEPw:UWZHee7qCBwxyaN3ZgtdMAVVxi539

authentihash 41684c269694d7edeca86d9ead3d9159c96e1695ec461ac69cb1fb6ffa175fd3
imphash 6892d71d97b93e4cec9b68232b3153c7
File size 163.0 KB ( 166912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-03-21 05:17:51 UTC ( 6 years ago )
Last submission 2018-04-27 23:16:16 UTC ( 11 months ago )
File names alg.exe.sim
vti-rescan
alg.exe_
Plink
alg.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs