× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76cff7da86c12660fa708a7b57eefa2f089fdd9a82d2b4276a243d2e4e0df8a6
File name: putty.exe
Detection ratio: 24 / 67
Analysis date: 2018-08-20 15:48:53 UTC ( 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.510566 20180820
AegisLab Troj.W32.Inject.lfwW 20180820
Arcabit Trojan.Graftor.D7CA66 20180820
Avast Win32:GenX 20180820
AVG Win32:GenX 20180820
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9931 20180820
BitDefender Gen:Variant.Graftor.510566 20180820
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180820
Emsisoft Gen:Variant.Graftor.510566 (B) 20180820
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.DZXD 20180820
F-Secure Gen:Variant.Graftor.510566 20180820
Fortinet W32/Generic.AC.418BA4 20180820
GData Gen:Variant.Graftor.510566 20180820
Sophos ML heuristic 20180717
Kaspersky HEUR:Trojan.Win32.Agent.gen 20180820
Malwarebytes Trojan.Injector 20180820
MAX malware (ai score=88) 20180820
McAfee GenericRXGH-QS!D444AF7368A9 20180820
eScan Gen:Variant.Graftor.510566 20180820
Panda Trj/GdSda.A 20180820
Webroot W32.Trojan.Gen 20180820
ZoneAlarm by Check Point HEUR:Trojan.Win32.Agent.gen 20180820
AhnLab-V3 20180820
ALYac 20180820
Antiy-AVL 20180820
Avast-Mobile 20180820
Avira (no cloud) 20180820
AVware 20180820
Babable 20180725
Bkav 20180820
CAT-QuickHeal 20180820
ClamAV 20180820
CMC 20180817
Comodo 20180820
Cybereason 20180225
Cyren 20180820
DrWeb 20180820
eGambit 20180820
F-Prot 20180820
Jiangmin 20180820
K7AntiVirus 20180820
K7GW 20180820
Kingsoft 20180820
McAfee-GW-Edition 20180820
Microsoft 20180820
NANO-Antivirus 20180820
Palo Alto Networks (Known Signatures) 20180820
Qihoo-360 20180820
Rising 20180820
SentinelOne (Static ML) 20180701
Sophos AV 20180820
SUPERAntiSpyware 20180820
Symantec 20180820
Symantec Mobile Insight 20180814
TACHYON 20180820
Tencent 20180820
TheHacker 20180818
TotalDefense 20180820
TrendMicro 20180820
TrendMicro-HouseCall 20180820
Trustlook 20180820
VBA32 20180820
VIPRE 20180820
ViRobot 20180820
Yandex 20180818
Zillya 20180820
Zoner 20180819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2000 - 2037 Van Loo Software(TM)

Product SSuite Office Advanced Software.
Original name putty.exe
Internal name putty.exe
File version 2.21.3.4
Description SSuite Image Editor
Comments EZDraw for everyone at Home.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0001B450
Number of sections 8
PE sections
PE imports
RegFlushKey
RegCloseKey
OpenProcessToken
RegQueryValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
GetDeviceCaps
SetROP2
DeleteDC
GetSystemPaletteEntries
SetBkMode
MoveToEx
CreatePalette
GetStockObject
GetCurrentPositionEx
SelectPalette
CreateFontIndirectA
GetTextMetricsA
UnrealizeObject
CreatePenIndirect
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
lstrlenA
GetModuleFileNameW
GetStringTypeExA
WaitForSingleObject
FreeLibrary
MulDiv
IsDebuggerPresent
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
CopyFileW
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
CreateDirectoryA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
GetFullPathNameA
SetFilePointer
GetTempPathA
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
GetCurrentProcessId
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
GetACP
GetDiskFreeSpaceA
CreateThread
GetCurrentThreadId
FreeResource
FileTimeToLocalFileTime
SetFileAttributesA
SetEvent
LocalFree
FindResourceA
CreateProcessA
EnumCalendarInfoA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
RtlSetProcessIsCritical
CoUninitialize
CoInitialize
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
ShellExecuteA
GetCursorPos
MessageBoxExA
GetWindowTextLengthA
GetSysColor
LoadIconA
ReleaseDC
LoadStringA
CharNextA
EnumWindows
MessageBoxA
GetWindowTextA
GetSystemMetrics
GetKeyboardType
GetDC
CharToOemA
Number of PE resources by type
RT_ICON 9
RT_STRING 7
RT_RCDATA 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NORWEGIAN BOKMAL 10
KASHMIRI DEFAULT 10
ENGLISH PHILIPPINES 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
EZDraw for everyone at Home.

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.21.3.4

LanguageCode
German

FileFlagsMask
0x0000

FileDescription
SSuite Image Editor

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
441856

EntryPoint
0x1b450

OriginalFileName
putty.exe

MIMEType
application/octet-stream

LegalCopyright
2000 - 2037 Van Loo Software(TM)

FileVersion
2.21.3.4

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
putty.exe

ProductVersion
3.3.3.5

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Van Loo Software(TM)

CodeSize
113664

ProductName
SSuite Office Advanced Software.

ProductVersionNumber
3.3.3.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d444af7368a9ad13f47f0d191e857d96
SHA1 420ef00d52a51251f6cd4daf344d29e84e2e0406
SHA256 76cff7da86c12660fa708a7b57eefa2f089fdd9a82d2b4276a243d2e4e0df8a6
ssdeep
12288:i+CDbPmKt+hblTGMpHsqlQY3xh/CUjggRRhy8OA:jCnPhtgbjHsGQoxEUj9Hhrr

authentihash be1d0d1086215ea6851aceb914794532e49e42b29f34bcc4d24eb866b4d1d69c
imphash 93895b154c732146e823d849717aed2c
File size 543.5 KB ( 556544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (96.1%)
Win32 Executable Delphi generic (2.0%)
Win32 Executable (generic) (0.6%)
Win16/32 Executable Delphi generic (0.2%)
OS/2 Executable (generic) (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-20 15:48:53 UTC ( 9 months ago )
Last submission 2018-10-23 20:28:19 UTC ( 6 months, 3 weeks ago )
File names putty0.exe.rename
putty.exe
putty.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.