× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d4ffa4559a1e22167933772d82cf714cd4bb7a0e79511c2424e18bdb619d63a4
File name: putty.exe
Detection ratio: 1 / 58
Analysis date: 2016-08-29 17:40:50 UTC ( 17 minutes ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
Invincea trojan.win32.swrort.a 20160829
ALYac 20160829
AVG 20160829
AVware 20160829
Ad-Aware 20160829
AegisLab 20160829
AhnLab-V3 20160829
Alibaba 20160829
Antiy-AVL 20160829
Arcabit 20160829
Avast 20160829
Avira (no cloud) 20160829
Baidu 20160829
BitDefender 20160829
Bkav 20160829
CAT-QuickHeal 20160829
CMC 20160824
ClamAV 20160827
Comodo 20160829
CrowdStrike Falcon (ML) 20160725
Cyren 20160829
DrWeb 20160829
ESET-NOD32 20160829
Emsisoft 20160829
F-Prot 20160829
F-Secure 20160829
Fortinet 20160829
GData 20160829
Ikarus 20160829
Jiangmin 20160829
K7AntiVirus 20160829
K7GW 20160829
Kaspersky 20160829
Kingsoft 20160829
Malwarebytes 20160829
McAfee 20160829
McAfee-GW-Edition 20160829
eScan 20160829
Microsoft 20160829
NANO-Antivirus 20160829
Panda 20160829
Qihoo-360 20160829
Rising 20160829
SUPERAntiSpyware 20160828
Sophos 20160829
Symantec 20160829
Tencent 20160829
TheHacker 20160829
TotalDefense 20160829
TrendMicro 20160829
TrendMicro-HouseCall 20160829
VBA32 20160829
VIPRE 20160829
ViRobot 20160829
Yandex 20160828
Zillya 20160829
Zoner 20160829
nProtect 20160829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2011 Simon Tatham.

Product PuTTY suite
Original name PuTTY
Internal name PuTTY
File version Release 0.62
Description SSH, Telnet and Rlogin client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-10 12:35:49
Entry Point 0x0004C4DF
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegSetValueExA
CopySid
RegQueryValueExA
GetUserNameA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
GetLengthSid
RegCreateKeyA
Ord(15)
Ord(14)
Ord(17)
Ord(13)
SetMapMode
CreatePen
GetBkMode
GetCharWidth32W
TextOutA
CreateFontIndirectA
GetTextMetricsA
UpdateColors
GetPixel
Rectangle
GetDeviceCaps
ExcludeClipRect
TranslateCharsetInfo
LineTo
GetTextExtentExPointA
DeleteDC
SetBkMode
GetCharacterPlacementW
GetCharWidthW
SetPixel
IntersectClipRect
GetCharWidthA
RealizePalette
SetTextColor
GetObjectA
MoveToEx
ExtTextOutW
SetPaletteEntries
CreateBitmap
CreateFontA
CreatePalette
GetStockObject
SelectPalette
ExtTextOutA
UnrealizeObject
SetTextAlign
CreateCompatibleDC
SelectObject
GetTextExtentPoint32A
GetCharABCWidthsFloatA
CreateSolidBrush
Polyline
SetBkColor
GetCharWidth32A
DeleteObject
CreateCompatibleBitmap
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCompositionFontA
GetStdHandle
GetOverlappedResult
WaitForSingleObject
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
IsDBCSLeadByteEx
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
GetEnvironmentVariableA
FindClose
GetSystemTime
Beep
ExitProcess
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
CreateThread
MulDiv
GetSystemDirectoryA
SetHandleInformation
SetEnvironmentVariableA
GlobalMemoryStatus
GetCommState
SetEndOfFile
GetCurrentThreadId
SetCurrentDirectoryA
HeapFree
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
OpenProcess
DeleteFileA
GetWindowsDirectoryA
GetCPInfo
GlobalLock
CompareStringW
FindFirstFileA
CompareStringA
CreateFileMappingA
FindNextFileA
TerminateProcess
GetProcAddress
SetCommTimeouts
GetTimeZoneInformation
SetCommState
CreateEventA
GetFileType
CreateFileA
HeapAlloc
GetLastError
LCMapStringW
HeapCreate
GetSystemInfo
GlobalFree
LCMapStringA
GetProcessTimes
GlobalAlloc
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
ClearCommBreak
HeapSize
GetCommandLineA
GetCurrentThread
MapViewOfFile
SetFilePointer
SetCommBreak
ReadFile
CloseHandle
lstrcpynA
GetACP
GetSystemTimeAdjustment
CreateProcessA
UnmapViewOfFile
VirtualFree
VirtualAlloc
GetOEMCP
GetTimeFormatA
ShellExecuteA
SetDlgItemTextA
GetForegroundWindow
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
CreateWindowExA
SendMessageA
GetClientRect
GetWindowTextLengthA
TrackPopupMenu
ShowCursor
MsgWaitForMultipleObjects
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
CheckRadioButton
CreateCaret
ShowWindow
SetClassLongA
EnableWindow
SetWindowPlacement
GetDlgItemTextA
PeekMessageA
TranslateMessage
DestroyCaret
GetQueueStatus
SetClipboardData
IsZoomed
GetWindowPlacement
IsIconic
RegisterClassA
GetWindowLongA
SetTimer
GetKeyboardLayout
FlashWindow
IsDialogMessageA
SetFocus
DrawEdge
SetCapture
BeginPaint
SetCaretPos
KillTimer
GetClipboardOwner
RegisterWindowMessageA
DefWindowProcA
ToAsciiEx
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
SetKeyboardState
CheckDlgButton
CreatePopupMenu
CheckMenuItem
CreateMenu
GetDlgItem
CreateDialogParamA
ScreenToClient
InsertMenuA
LoadCursorA
LoadIconA
GetKeyboardState
IsDlgButtonChecked
GetDesktopWindow
GetSystemMenu
SetForegroundWindow
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
MapDialogRect
EndDialog
HideCaret
GetCapture
FindWindowA
MessageBeep
ShowCaret
AppendMenuA
RegisterClipboardFormatA
MessageBoxIndirectA
MoveWindow
MessageBoxA
DialogBoxParamA
GetSysColor
SetScrollInfo
SystemParametersInfoA
GetDoubleClickTime
WinHelpA
DeleteMenu
InvalidateRect
SetWindowTextA
DefDlgProcA
CloseClipboard
SetCursor
PlaySoundA
EnumPrintersA
EndPagePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA
WritePrinter
EndDocPrinter
ClosePrinter
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 12
RT_DIALOG 4
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 20
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.62.0.0

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x000b

CharacterSet
Unicode

InitializedDataSize
163840

EntryPoint
0x4c4df

OriginalFileName
PuTTY

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997-2011 Simon Tatham.

FileVersion
Release 0.62

TimeStamp
2011:12:10 13:35:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PuTTY

ProductVersion
Release 0.62

FileDescription
SSH, Telnet and Rlogin client

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Simon Tatham

CodeSize
344064

ProductName
PuTTY suite

ProductVersionNumber
0.62.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
PCAP parents
File identification
MD5 a3ccfd0aa0b17fd23aa9fd0d84b86c05
SHA1 89c19274ad51b6fbd12fb59908316088c1135307
SHA256 d4ffa4559a1e22167933772d82cf714cd4bb7a0e79511c2424e18bdb619d63a4
ssdeep
12288:J743NHanev1s4kd83ubHX2+v1g8YyCCTlaG9PnV6I:RgN6nY13ebHX2+tlNl7V6

authentihash e0517ea6c2896caa97d6cbf4e8caea00409f03703e888e83cfbc460f7682f337
imphash 74638b0911b0c9268aae1edee5a60a9f
File size 472.0 KB ( 483328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (33.0%)
Win32 Executable MS Visual C++ (generic) (23.9%)
Win64 Executable (generic) (21.2%)
Windows screen saver (10.0%)
Win32 Dynamic Link Library (generic) (5.0%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2011-12-10 15:52:37 UTC ( 4 years, 8 months ago )
Last submission 2016-08-29 17:40:50 UTC ( 17 minutes ago )
File names altd7a6.tmp
681272_putty.jpg
putty-{9fefff8c-c618-40c4-bbe6-0c74b8e75c2a}-v14829379.exe
altdaab.tmp
alt2c40.tmp
puttee.exe
putty(2).exe
puttyzzz.exe
altaa8a.tmp
alt694a.tmp
PUTTY.EXE
A3CCFD0AA0B17FD23AA9FD0D84B86C05_H-80.242.123.155._exe_putty_exe.bin
altbf65.tmp
altb7e4.tmp
altb2c8.tmp
alta837.tmp
is-hv41p.tmp
alt3609.tmp
is-8nkec.tmp
alt66b0.tmp
putty - 副本.exe
path_hash-03330367c51355edb861a95628caa7f63bf70d043c7dea319271a2cc1ed7fe81
putty-0.62.exe
path_hash-e0c7a5bd8b56267c9bc5dc09ae4e95b03a07c52046758094db3d33c237833a3b
putty.ex_
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!