× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98939c5b58ac31aea41d48aaf59dfe9a68f46d262049d7d1202704af395cf1dc
File name: enumsdbg.exe
Detection ratio: 22 / 67
Analysis date: 2018-08-01 16:43:22 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9989 20180801
Bkav HW32.Packed.91BA 20180801
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.776a35 20180225
Cylance Unsafe 20180801
Emsisoft Trojan.Emotet (A) 20180801
Endgame malicious (high confidence) 20180730
Fortinet W32/Kryptik.GJJE!tr 20180801
Sophos ML heuristic 20180717
K7GW Hacktool ( 700007861 ) 20180801
Kaspersky UDS:DangerousObject.Multi.Generic 20180801
McAfee Artemis!FD0CAAC776A3 20180801
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180801
Microsoft Trojan:Win32/Emotet.AC!bit 20180801
Palo Alto Networks (Known Signatures) generic.ml 20180801
Qihoo-360 HEUR/QVM20.1.E551.Malware.Gen 20180801
Rising Trojan.Vucha!8.E18A (TFE:4:IRaNB4ihoGF) 20180801
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180801
VBA32 BScope.Backdoor.PMax 20180801
Webroot W32.Trojan.Emotet 20180801
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180801
Ad-Aware 20180801
AegisLab 20180801
AhnLab-V3 20180801
Alibaba 20180713
ALYac 20180801
Antiy-AVL 20180801
Arcabit 20180801
Avast 20180801
Avast-Mobile 20180801
AVG 20180801
Avira (no cloud) 20180801
AVware 20180727
Babable 20180725
BitDefender 20180801
CAT-QuickHeal 20180801
ClamAV 20180801
CMC 20180801
Comodo 20180801
Cyren 20180801
DrWeb 20180801
eGambit 20180801
ESET-NOD32 20180801
F-Prot 20180801
F-Secure 20180801
GData 20180801
Ikarus 20180801
Jiangmin 20180801
K7AntiVirus 20180801
Kingsoft 20180801
Malwarebytes 20180801
MAX 20180801
eScan 20180801
NANO-Antivirus 20180801
Panda 20180801
Sophos AV 20180801
SUPERAntiSpyware 20180801
Symantec Mobile Insight 20180801
TACHYON 20180801
Tencent 20180801
TheHacker 20180730
TotalDefense 20180801
TrendMicro 20180801
TrendMicro-HouseCall 20180801
Trustlook 20180801
VIPRE 20180801
ViRobot 20180801
Yandex 20180731
Zoner 20180801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2013 Simon Tatham.

Product PuTTY suite
Original name PSCP
Internal name PSCP
File version Release 0.63
Description Command-line SCP/SFTP client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-01 14:46:09
Entry Point 0x00002075
Number of sections 5
PE sections
PE imports
QueryUsersOnEncryptedFile
GetSecurityDescriptorLength
GdiFlush
GetDIBColorTable
GetMailslotInfo
GetNativeSystemInfo
DeleteCriticalSection
FindCloseChangeNotification
Module32Next
GetLastError
GetCommandLineW
FreeLibrary
FatalAppExitA
LoadLibraryExW
GetTimeFormatA
GetTempFileNameA
GetThreadPriority
GetProcessHeap
FindFirstVolumeW
LoadLibraryExA
ExtractIconA
ExtractAssociatedIconW
GetUserNameExA
GetCursorPos
GetSubMenu
DestroyCaret
GetTopWindow
DefWindowProcW
DeferWindowPos
IsZoomed
GetSysColor
DrawTextExA
GetMenuStringW
DefDriverProc
Ord(29)
strlen
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.63.0.0

LanguageCode
English (British)

FileFlagsMask
0x000b

FileDescription
Command-line SCP/SFTP client

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0x2075

OriginalFileName
PSCP

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997-2013 Simon Tatham.

FileVersion
Release 0.63

TimeStamp
2018:08:01 07:46:09-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
PSCP

ProductVersion
Release 0.63

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Simon Tatham

CodeSize
105984

ProductName
PuTTY suite

ProductVersionNumber
0.63.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fd0caac776a35ee9a01a12cac2297c5f
SHA1 2ed5479ab7b9ea2c9ec22d897319ba58731de77c
SHA256 98939c5b58ac31aea41d48aaf59dfe9a68f46d262049d7d1202704af395cf1dc
ssdeep
1536:bA6JCuuwbYLlSOmpjkYflGBQdLfe2l2N6qunpDVFw7QW6IONiPNm23PeoZDdxHO+:bXVufmpjkY8uo36dor61s8ALZxxHOcp

authentihash 6a8ee98fbe9e943487d92b9ab2d99c064ae63b45ae3c3bf690dd4656fd457629
imphash 32f9b1ac753f37336bc7453699c08c39
File size 132.5 KB ( 135680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-01 14:50:01 UTC ( 6 months, 3 weeks ago )
Last submission 2018-08-01 16:43:22 UTC ( 6 months, 3 weeks ago )
File names 727.exe
8520.exe
51.exe
4497.exe
039.exe
189341.exe
749.exe
489439.exe
25487.exe
44806.exe
smxecl.exe
93279.exe
2.exe
9824.exe
16105.exe
0.exe
35.exe
7850820.exe
683465.exe
PSCP
934078.exe
w3xUqj7CjtW1Ro.exe
042381.exe
enumsdbg.exe
7052979.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs