× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: abcc2a2d828b1624459cf8c4d2ccdfdcde62c8d1ab51e438db200ab3c5c8cd17
File name: 17_3_RES103_1033
Detection ratio: 0 / 47
Analysis date: 2013-09-12 18:42:37 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Yandex 20130912
AhnLab-V3 20130912
AntiVir 20130912
Antiy-AVL 20130912
Avast 20130912
AVG 20130912
Baidu-International 20130912
BitDefender 20130912
ByteHero 20130903
CAT-QuickHeal 20130912
ClamAV 20130912
Commtouch 20130912
Comodo 20130912
DrWeb 20130912
Emsisoft 20130912
ESET-NOD32 20130912
F-Prot 20130912
F-Secure 20130912
Fortinet 20130912
GData 20130912
Ikarus 20130912
Jiangmin 20130903
K7AntiVirus 20130912
K7GW 20130912
Kaspersky 20130912
Kingsoft 20130829
Malwarebytes 20130912
McAfee 20130912
McAfee-GW-Edition 20130912
Microsoft 20130912
eScan 20130912
NANO-Antivirus 20130911
Norman 20130912
nProtect 20130912
Panda 20130912
PCTools 20130912
Rising 20130912
Sophos 20130912
SUPERAntiSpyware 20130912
Symantec 20130912
TheHacker 20130912
TotalDefense 20130911
TrendMicro 20130912
TrendMicro-HouseCall 20130912
VBA32 20130912
VIPRE 20130912
ViRobot 20130912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2013 Simon Tatham.

Product PuTTY suite
Original name PuTTY
Internal name PuTTY
File version Release 0.63
Description SSH, Telnet and Rlogin client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-06 17:12:38
Entry Point 0x0004F125
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegSetValueExA
CopySid
RegQueryValueExA
GetUserNameA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
GetLengthSid
RegCreateKeyA
Ord(15)
Ord(14)
Ord(17)
Ord(13)
SetMapMode
CreatePen
GetBkMode
GetCharWidth32W
TextOutA
CreateFontIndirectA
GetTextMetricsA
UpdateColors
GetPixel
Rectangle
GetDeviceCaps
ExcludeClipRect
TranslateCharsetInfo
LineTo
GetTextExtentExPointA
DeleteDC
SetBkMode
GetCharacterPlacementW
GetCharWidthW
SetPixel
IntersectClipRect
GetCharWidthA
RealizePalette
SetTextColor
GetObjectA
MoveToEx
ExtTextOutW
SetPaletteEntries
CreateBitmap
CreateFontA
CreatePalette
GetStockObject
SelectPalette
ExtTextOutA
UnrealizeObject
SetTextAlign
CreateCompatibleDC
SelectObject
GetTextExtentPoint32A
GetCharABCWidthsFloatA
CreateSolidBrush
Polyline
SetBkColor
GetCharWidth32A
DeleteObject
CreateCompatibleBitmap
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCompositionFontA
GetStdHandle
GetOverlappedResult
WaitForSingleObject
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
IsDBCSLeadByteEx
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
GetEnvironmentVariableA
FindClose
FormatMessageA
GetSystemTime
Beep
ExitProcess
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
CreateThread
MulDiv
GetSystemDirectoryA
SetHandleInformation
SetEnvironmentVariableA
GlobalMemoryStatus
GetCommState
SetEndOfFile
GetCurrentThreadId
SetCurrentDirectoryA
HeapFree
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
OpenProcess
DeleteFileA
GetWindowsDirectoryA
GetCPInfo
GlobalLock
CompareStringW
FindFirstFileA
CompareStringA
CreateFileMappingA
FindNextFileA
TerminateProcess
GetProcAddress
SetCommTimeouts
GetTimeZoneInformation
SetCommState
CreateEventA
GetFileType
CreateFileA
HeapAlloc
GetLastError
LCMapStringW
HeapCreate
GetSystemInfo
GlobalFree
LCMapStringA
GetProcessTimes
GlobalAlloc
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
ClearCommBreak
HeapSize
GetCommandLineA
GetCurrentThread
MapViewOfFile
SetFilePointer
SetCommBreak
ReadFile
CloseHandle
lstrcpynA
GetACP
GetSystemTimeAdjustment
CreateProcessA
UnmapViewOfFile
VirtualFree
VirtualAlloc
GetOEMCP
GetTimeFormatA
ShellExecuteA
SetDlgItemTextA
GetForegroundWindow
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
CreateWindowExA
SendMessageA
GetClientRect
GetWindowTextLengthA
TrackPopupMenu
ShowCursor
MsgWaitForMultipleObjects
GetWindowTextA
DestroyWindow
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
CreateCaret
ShowWindow
SetClassLongA
EnableWindow
SetWindowPlacement
GetDlgItemTextA
PeekMessageA
TranslateMessage
DestroyCaret
GetQueueStatus
SetClipboardData
IsZoomed
GetWindowPlacement
IsIconic
RegisterClassA
GetWindowLongA
SetTimer
GetKeyboardLayout
FlashWindow
IsDialogMessageA
SetFocus
GetMessageA
SetCapture
BeginPaint
SetCaretPos
KillTimer
GetClipboardOwner
RegisterWindowMessageA
DefWindowProcA
ToAsciiEx
GetClipboardData
ToUnicodeEx
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
SetKeyboardState
EndDialog
CreatePopupMenu
CheckMenuItem
CreateMenu
GetDlgItem
CreateDialogParamA
ScreenToClient
InsertMenuA
LoadCursorA
LoadIconA
GetKeyboardState
IsDlgButtonChecked
CheckDlgButton
GetDesktopWindow
GetSystemMenu
SetForegroundWindow
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
MapDialogRect
GetScrollInfo
HideCaret
GetCapture
FindWindowA
MessageBeep
ShowCaret
AppendMenuA
RegisterClipboardFormatA
MessageBoxIndirectA
MoveWindow
MessageBoxA
DialogBoxParamA
GetSysColor
SetScrollInfo
SystemParametersInfoA
GetDoubleClickTime
WinHelpA
DeleteMenu
InvalidateRect
SetWindowTextA
DefDlgProcA
CloseClipboard
SetCursor
PlaySoundA
EnumPrintersA
EndPagePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA
WritePrinter
EndDocPrinter
ClosePrinter
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 12
RT_DIALOG 4
RT_GROUP_ICON 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 20
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
155648

ImageVersion
0.0

ProductName
PuTTY suite

FileVersionNumber
0.63.0.0

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x000b

CharacterSet
Unicode

LinkerVersion
7.1

FileTypeExtension
exe

OriginalFileName
PuTTY

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
Release 0.63

TimeStamp
2013:08:06 18:12:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PuTTY

ProductVersion
Release 0.63

FileDescription
SSH, Telnet and Rlogin client

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 1997-2013 Simon Tatham.

MachineType
Intel 386 or later, and compatibles

CompanyName
Simon Tatham

CodeSize
352256

FileSubtype
0

ProductVersionNumber
0.63.0.0

EntryPoint
0x4f125

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
PCAP parents
File identification
MD5 7a0dfc5353ff6de7de0208a29fa2ffc9
SHA1 44ac2504a02af84ee142adaa3ea70b868185906f
SHA256 abcc2a2d828b1624459cf8c4d2ccdfdcde62c8d1ab51e438db200ab3c5c8cd17
ssdeep
6144:wBJBbIOkgKzCe9dMVHsGLULRTXFewKFWTyMTkiYCw+VSvGFal+412cJcnoACqzMD:MJBMOkce9dgHs+UTVhdK12cJOs60

authentihash a58cc0d7a88656226cbc91c1a95e43ca971cd69c3fc004871078d2bb2cd20965
imphash 6331cdb5d878c7264ad0657f66b30caf
File size 484.0 KB ( 495616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.8%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2013-08-06 19:38:29 UTC ( 3 years, 9 months ago )
Last submission 2017-05-28 20:57:00 UTC ( 14 hours, 21 minutes ago )
File names putty .exe
putty_0.63.exe
putty_old.exe
is-egre4.tmp
is-27aal.tmp
is-22vve.tmp
bit81be.tmp
file.jpg
putty.exe
is-am666.tmp
putty.exe
radAA442.tmp
putty1.exe
is-9bn2h.tmp
7a0dfc5353ff6de7de0208a29fa2ffc9.exe
is-81j8p.tmp
prf3f7.tmp
is-qivf3.tmp
path_hash-930c25e660a3e2290d02c45a9c0ee28490bf0c9511547dbaa088a3a69292e23e
Cisco VPN Terminal.exe
44ac2504a02af84ee142adaa3ea70b868185906f.exe
896414
bcsavm01.lab.cygate.fi_2016-12-19T15.07.00+0200_192.168.250.10-53695_10.206.4.117-80_7a0dfc5353ff6de7de0208a29fa2ffc9_11.exe
putty.txt
bit30ac.tmp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.