× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: be535a8c325e4eec17bbc63d813f715d2c8af9fd23901135046fbc5c187aabb2
File name: 00000.exe
Detection ratio: 9 / 70
Analysis date: 2019-01-21 06:00:14 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190119
AhnLab-V3 Malware/Win32.Generic.C2949324 20190121
ESET-NOD32 a variant of Win32/Injector.ECYY 20190121
Kaspersky UDS:DangerousObject.Multi.Generic 20190121
Microsoft Trojan:Win32/Fuerboos.C!cl 20190121
Qihoo-360 HEUR/QVM20.1.B061.Malware.Gen 20190121
Rising Rogue.FakeSpypro!8.D39/N3#88% (RDM+:cmRtazq5iWk5gUeCxVv827b+bqYf) 20190121
Trapmine malicious.high.ml.score 20190103
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190121
Ad-Aware 20190121
AegisLab 20190121
Alibaba 20180921
ALYac 20190121
Antiy-AVL 20190121
Arcabit 20190121
Avast 20190121
Avast-Mobile 20190118
AVG 20190121
Avira (no cloud) 20190120
Babable 20180918
Baidu 20190121
BitDefender 20190121
Bkav 20190121
CAT-QuickHeal 20190120
ClamAV 20190121
CMC 20190120
Comodo 20190121
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190121
DrWeb 20190121
eGambit 20190121
Emsisoft 20190121
Endgame 20181108
F-Prot 20190121
F-Secure 20190121
Fortinet 20190121
GData 20190121
Ikarus 20190120
Sophos ML 20181128
Jiangmin 20190121
K7AntiVirus 20190121
K7GW 20190121
Kingsoft 20190121
Malwarebytes 20190121
MAX 20190121
McAfee 20190121
McAfee-GW-Edition 20190121
eScan 20190121
NANO-Antivirus 20190121
Palo Alto Networks (Known Signatures) 20190121
Panda 20190120
SentinelOne (Static ML) 20190118
Sophos AV 20190121
SUPERAntiSpyware 20190116
Symantec 20190120
TACHYON 20190121
Tencent 20190121
TheHacker 20190118
TotalDefense 20190120
TrendMicro 20190121
TrendMicro-HouseCall 20190121
Trustlook 20190121
VBA32 20190118
VIPRE 20190120
ViRobot 20190121
Webroot 20190121
Yandex 20190120
Zillya 20190118
Zoner 20190121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2015 Simon Tatham.

Product PuTTY suite
Original name PuTTY
Internal name PuTTY
File version Release 0.64
Description SSH, Telnet and Rlogin client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-18 05:29:34
Entry Point 0x000016E0
Number of sections 4
PE sections
PE imports
GetUserNameW
VirtualAllocEx
LoadResource
GetCurrentProcess
ResumeThread
WriteProcessMemory
LoadLibraryW
lstrlenA
GetModuleFileNameW
LockResource
CreateFileW
GlobalAlloc
CreateProcessW
ReadProcessMemory
lstrcpyA
ExitProcess
FindResourceW
GetProcAddress
lstrcmpW
Number of PE resources by type
RT_ICON 12
RT_DIALOG 4
RT_GROUP_ICON 2
RT_MANIFEST 1
3SGK9Y 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 20
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.14

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.64.0.0

LanguageCode
English (British)

FileFlagsMask
0x000b

FileDescription
SSH, Telnet and Rlogin client

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
391168

EntryPoint
0x16e0

OriginalFileName
PuTTY

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997-2015 Simon Tatham.

FileVersion
Release 0.64

TimeStamp
2019:01:18 06:29:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PuTTY

ProductVersion
Release 0.64

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Simon Tatham

CodeSize
2560

ProductName
PuTTY suite

ProductVersionNumber
0.64.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 059ffb48aef0de69cdf182895c6ce69b
SHA1 fd303abaa5de824a5e23bfde73e17d904d3670bb
SHA256 be535a8c325e4eec17bbc63d813f715d2c8af9fd23901135046fbc5c187aabb2
ssdeep
12288:EuhMDFL7alk0poG5hnDg375ROEehKyDzVbuYzJ:nMBL7alk0OGv01ROEeNDJ

authentihash 0a50800eeba921350a60ba8d0255a634f780d0fb5a6fed1faa3329ffc243d3c2
imphash 845a409ae83ab660e3b0f539942c8883
File size 385.5 KB ( 394752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-21 06:00:14 UTC ( 2 months ago )
Last submission 2019-01-23 16:33:44 UTC ( 2 months ago )
File names 00000.exe
PuTTY
RevCode-ea8e.gxe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files