× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de7bb7e417ae6e0e1e14e405ebe922193f11b583460329bc1032276eae60dfc5
File name: DE7BB7E417AE6E0E1E14E405EBE922193F11B583460329BC1032276EAE60DFC5
Detection ratio: 15 / 72
Analysis date: 2018-12-22 18:20:19 UTC ( 3 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.9d5a41 20180225
Cylance Unsafe 20181222
eGambit Unsafe.AI_Score_76% 20181222
Endgame malicious (moderate confidence) 20181108
Sophos ML heuristic 20181128
K7GW Hacktool ( 700007861 ) 20181222
Microsoft Trojan:Win32/Fuerboos.A!cl 20181222
Qihoo-360 HEUR/QVM19.1.0A63.Malware.Gen 20181222
Rising Malware.Heuristic!ET#96% (RDM+:cmRtazqvwqT8cBs4mYWaf+/F9HPT) 20181222
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANX 20181222
Symantec Packed.Generic.517 20181222
Trapmine malicious.high.ml.score 20181205
VBA32 BScope.Trojan.Refinka 20181222
Acronis 20180726
Ad-Aware 20181222
AegisLab 20181222
AhnLab-V3 20181222
Alibaba 20180921
ALYac 20181222
Antiy-AVL 20181222
Arcabit 20181222
Avast 20181222
Avast-Mobile 20181222
AVG 20181222
Avira (no cloud) 20181222
AVware 20180925
Babable 20180918
Baidu 20181207
BitDefender 20181222
Bkav 20181221
CAT-QuickHeal 20181222
ClamAV 20181222
CMC 20181221
Comodo 20181222
Cyren 20181222
DrWeb 20181222
Emsisoft 20181222
ESET-NOD32 20181222
F-Prot 20181222
F-Secure 20181222
Fortinet 20181222
GData 20181222
Ikarus 20181222
Jiangmin 20181222
K7AntiVirus 20181222
Kaspersky 20181222
Kingsoft 20181222
Malwarebytes 20181222
MAX 20181222
McAfee 20181222
McAfee-GW-Edition 20181222
eScan 20181222
NANO-Antivirus 20181222
Palo Alto Networks (Known Signatures) 20181222
Panda 20181222
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181222
Tencent 20181222
TheHacker 20181220
TotalDefense 20181222
TrendMicro 20181222
TrendMicro-HouseCall 20181222
Trustlook 20181222
VIPRE 20181222
ViRobot 20181222
Webroot 20181222
Yandex 20181221
Zillya 20181222
ZoneAlarm by Check Point 20181222
Zoner 20181222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2003-2013

Product TortoiseSVN TortoisePlink
Original name TortoisePlink.exe
Internal name TortoisePlink
File version Release 0.63
Description TortoisePlink
Comments Adapted from PuTTY plink (http://www.chiark.greenend.org.uk/~sgtatham/putty/)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-22 18:02:41
Entry Point 0x00003773
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorControl
LookupPrivilegeNameW
GetSidSubAuthority
LogonUserW
CryptDestroyHash
FindTextW
CertAddCTLContextToStore
GlobalSize
GetNamedPipeClientProcessId
FlushProcessWriteBuffers
GetModuleHandleA
GetSystemDefaultLCID
TransactNamedPipe
GetDynamicTimeZoneInformation
GetModuleFileNameA
FlsFree
LZSeek
LZInit
MprAdminInterfaceTransportGetInfo
DsFreeDomainControllerInfoW
CreateErrorInfo
VarI2FromStr
VarI4FromR4
SysAllocStringLen
RpcServerRegisterIf2
CM_Get_Class_Name_ExW
SetupDiDestroyClassImageList
ShellAboutW
UrlApplySchemeW
StrFromTimeIntervalW
PathGetCharTypeW
PathCreateFromUrlW
FreeDDElParam
ShowScrollBar
SetTimer
GetKeyboardType
HideCaret
GetClassNameA
RegisterDeviceNotificationW
GetMenuContextHelpId
GetMenuItemInfoW
midiStreamOpen
GetPrinterW
SCardStatusA
SCardGetStatusChangeW
Ord(30)
CoEnableCallCancellation
OleIsRunning
Number of PE resources by type
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
GERMAN SWISS 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Adapted from PuTTY plink (http://www.chiark.greenend.org.uk/~sgtatham/putty/)

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.63.0.9999

LanguageCode
English (British)

FileFlagsMask
0x003f

FileDescription
TortoisePlink

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
126976

EntryPoint
0x3773

OriginalFileName
TortoisePlink.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2003-2013

FileVersion
Release 0.63

TimeStamp
2018:12:22 19:02:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TortoisePlink

ProductVersion
Release 0.63

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
http://tortoisesvn.net

CodeSize
280576

ProductName
TortoiseSVN TortoisePlink

ProductVersionNumber
0.63.0.9999

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5b94f739d5a41b5c39f1750895161779
SHA1 9a4755ac1bfff50157ae7efa184c224ef92e481c
SHA256 de7bb7e417ae6e0e1e14e405ebe922193f11b583460329bc1032276eae60dfc5
ssdeep
3072:N/nCYU1LZTNMKkFcfNioh3K3SdbxY2xJN0A1tOMKH1OzzJQnwD6J/KUisx:N/nCBuAh3K3cbxY23v7u5hF

authentihash 3f1bad223138684327e830153a94a0451143d06ef0d3c5236c98e42343c1b51b
imphash d2896e6b631b2b909166e3375bd707de
File size 556.0 KB ( 569344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-22 18:15:31 UTC ( 3 months ago )
Last submission 2018-12-22 18:20:19 UTC ( 3 months ago )
File names A2NjwLhckD.exe
TortoisePlink.exe
TortoisePlink
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!