× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b10922648f6ad71f3f20b9acdfacf9aeff706cad6c52737cdc426307ccfa51d9
Detection ratio: 1 / 66
Analysis date: 2018-04-23 08:26:23 UTC ( 10 months ago ) View latest
Antivirus Result Update
Kingsoft Win32.Troj.Agent.uu.(kcloud) 20180423
Ad-Aware 20180423
AegisLab 20180423
AhnLab-V3 20180423
Alibaba 20180423
ALYac 20180423
Antiy-AVL 20180418
Arcabit 20180423
Avast 20180423
Avast-Mobile 20180422
AVG 20180423
Avira (no cloud) 20180423
AVware 20180423
Babable 20180406
Baidu 20180423
BitDefender 20180423
Bkav 20180410
CAT-QuickHeal 20180423
ClamAV 20180423
CMC 20180422
Comodo 20180423
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cylance 20180423
Cyren 20180423
DrWeb 20180423
eGambit 20180423
Emsisoft 20180423
Endgame 20180403
ESET-NOD32 20180423
F-Prot 20180423
F-Secure 20180423
Fortinet 20180423
GData 20180423
Ikarus 20180423
Sophos ML 20180121
Jiangmin 20180423
K7AntiVirus 20180423
K7GW 20180423
Kaspersky 20180423
Malwarebytes 20180423
MAX 20180423
McAfee 20180423
McAfee-GW-Edition 20180423
Microsoft 20180423
eScan 20180423
NANO-Antivirus 20180423
nProtect 20180423
Palo Alto Networks (Known Signatures) 20180423
Panda 20180422
Qihoo-360 20180423
Rising 20180423
SentinelOne (Static ML) 20180225
Sophos AV 20180423
SUPERAntiSpyware 20180423
Symantec 20180422
Symantec Mobile Insight 20180419
Tencent 20180423
TheHacker 20180423
TrendMicro 20180423
TrendMicro-HouseCall 20180423
Trustlook 20180423
VBA32 20180420
VIPRE 20180423
ViRobot 20180423
Webroot 20180423
Yandex 20180420
Zillya 20180420
ZoneAlarm by Check Point 20180423
Zoner 20180422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2015 Simon Tatham.

Product PuTTY suite
Original name PuTTY
Internal name PuTTY
File version Release 0.66
Description SSH, Telnet and Rlogin client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-07 10:17:40
Entry Point 0x00054EB0
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegOpenKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
CopySid
RegQueryValueExA
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetUserNameA
RegDeleteKeyA
RegEnumKeyA
EqualSid
RegCreateKeyExA
GetLengthSid
RegCreateKeyA
Ord(15)
Ord(14)
Ord(17)
Ord(13)
SetMapMode
CreatePen
GetBkMode
GetCharWidth32W
TextOutA
CreateFontIndirectA
GetTextMetricsA
UpdateColors
GetPixel
Rectangle
GetDeviceCaps
ExcludeClipRect
TranslateCharsetInfo
LineTo
GetTextExtentExPointA
DeleteDC
SetBkMode
GetCharacterPlacementW
GetCharWidthW
SetPixel
IntersectClipRect
GetCharWidthA
RealizePalette
SetTextColor
GetObjectA
MoveToEx
ExtTextOutW
SetPaletteEntries
CreateBitmap
CreateFontA
CreatePalette
GetStockObject
SelectPalette
ExtTextOutA
UnrealizeObject
SetTextAlign
CreateCompatibleDC
SelectObject
GetTextExtentPoint32A
GetCharABCWidthsFloatA
CreateSolidBrush
Polyline
SetBkColor
GetCharWidth32A
DeleteObject
CreateCompatibleBitmap
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCompositionFontA
GetStdHandle
ReleaseMutex
GetOverlappedResult
WaitForSingleObject
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
IsDBCSLeadByteEx
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
ConnectNamedPipe
GetEnvironmentVariableA
FindClose
FormatMessageA
GetSystemTime
Beep
ExitProcess
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
CreateThread
MulDiv
GetSystemDirectoryA
SetHandleInformation
SetEnvironmentVariableA
GlobalMemoryStatus
GetCommState
SetEndOfFile
GetCurrentThreadId
SetCurrentDirectoryA
HeapFree
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
OpenProcess
DeleteFileA
GetWindowsDirectoryA
GetCPInfo
GlobalLock
CompareStringW
FindFirstFileA
WaitNamedPipeA
CompareStringA
CreateFileMappingA
FindNextFileA
TerminateProcess
GetProcAddress
SetCommTimeouts
GetTimeZoneInformation
SetCommState
CreateEventA
GetFileType
CreateFileA
HeapAlloc
GetLastError
LCMapStringW
UnmapViewOfFile
GetSystemInfo
GlobalFree
LCMapStringA
GetProcessTimes
GlobalAlloc
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
CreateNamedPipeA
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
ClearCommBreak
HeapSize
GetCommandLineA
GetCurrentThread
MapViewOfFile
SetFilePointer
SetCommBreak
ReadFile
CloseHandle
lstrcpynA
GetACP
GetSystemTimeAdjustment
CreateProcessA
HeapCreate
VirtualFree
VirtualAlloc
GetOEMCP
GetTimeFormatA
ShellExecuteA
SetDlgItemTextA
GetForegroundWindow
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GetMessageTime
SetActiveWindow
DispatchMessageW
GetCursorPos
ReleaseDC
CreateWindowExA
SendMessageA
GetClientRect
SetCaretPos
GetWindowTextLengthA
TrackPopupMenu
ShowCursor
MsgWaitForMultipleObjects
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
CheckRadioButton
CreateCaret
ShowWindow
SetClassLongA
PeekMessageW
EnableWindow
SetWindowPlacement
GetDlgItemTextA
PeekMessageA
TranslateMessage
DestroyCaret
RegisterClassW
CreatePopupMenu
GetQueueStatus
SetClipboardData
IsZoomed
GetWindowPlacement
IsIconic
RegisterClassA
GetWindowLongA
SetTimer
GetKeyboardLayout
FlashWindow
CreateWindowExW
IsDialogMessageA
SetFocus
DrawEdge
SetCapture
BeginPaint
DefWindowProcW
KillTimer
GetClipboardOwner
RegisterWindowMessageA
DefWindowProcA
ToAsciiEx
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
SetKeyboardState
GetScrollInfo
SetWindowTextA
CheckMenuItem
CreateMenu
GetDlgItem
CreateDialogParamA
ScreenToClient
InsertMenuA
LoadCursorA
LoadIconA
GetKeyboardState
IsDlgButtonChecked
CheckDlgButton
GetDesktopWindow
GetSystemMenu
GetDC
SetForegroundWindow
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
MapDialogRect
EndDialog
HideCaret
GetCapture
FindWindowA
MessageBeep
ShowCaret
AppendMenuA
RegisterClipboardFormatA
MessageBoxIndirectA
MoveWindow
MessageBoxA
DialogBoxParamA
GetSysColor
SetScrollInfo
SystemParametersInfoA
GetDoubleClickTime
WinHelpA
DeleteMenu
InvalidateRect
DefDlgProcA
CloseClipboard
SetCursor
PlaySoundA
EnumPrintersA
EndPagePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA
WritePrinter
EndDocPrinter
ClosePrinter
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 12
RT_DIALOG 4
RT_GROUP_ICON 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 20
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.66.0.0

LanguageCode
English (British)

FileFlagsMask
0x000b

FileDescription
SSH, Telnet and Rlogin client

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
159744

EntryPoint
0x54eb0

OriginalFileName
PuTTY

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997-2015 Simon Tatham.

FileVersion
Release 0.66

TimeStamp
2015:11:07 11:17:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PuTTY

ProductVersion
Release 0.66

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Simon Tatham

CodeSize
376832

ProductName
PuTTY suite

ProductVersionNumber
0.66.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 33c9d1e56152e212367e9c5b01671e45
SHA1 9ded3ce2ae09c37ca173bbd3dcb57258b72cdbd5
SHA256 b10922648f6ad71f3f20b9acdfacf9aeff706cad6c52737cdc426307ccfa51d9
ssdeep
12288:ApoNd4D7aVwSn8nW+nGQZZcLYX4RXwWLJQ6LU:UoNde7aVT8WvQ3O+4NzLu6w

authentihash a9d7b52c934c110df7932157753b14ee622445ae4a96893ced4044768cf1033c
imphash dae4485dd029c5e0256f477eda4797a4
File size 512.0 KB ( 524288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-11-07 15:25:14 UTC ( 3 years, 3 months ago )
Last submission 2019-02-12 10:46:33 UTC ( 1 week, 3 days ago )
File names is-ekeq7.tmp
putty (2).exe
putty (softonic).exe
path_hash-93935b5c47b006bf7c2598b40dfacc1c5105cc7297501144e6228dc01032d866
putty.exe
putty.exe.txt
dd.exe
putty-old.exe
putty(2).exe
2016_05_05_07_09_42.000783
PUTTY.EXE
putty.jpg
putty.exe
putty.exe.ubqu
xxxh.dcf
dony6.yarn
1.exe
243.exe
(223f571735e25236ae1e1c049c9838d9)putty.exe
unita5.yarn
path_hash-2347bd0f5ae53f997d80d7647a69502f2ad581f9d992937ba2516c9083b064b1
c5ab1180-f390-45de-8f18-c413f576206c.tmp
putty-2.exe
p.d2
putty__.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs