Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2017-Feb-18 17:12:25 |
Detected languages |
English - United Kingdom
English - United States |
CompanyName | Simon Tatham |
ProductName | PuTTY suite |
FileDescription | Command-line interactive SFTP client |
InternalName | PSFTP |
OriginalFilename | PSFTP |
FileVersion | Release 0.68 |
ProductVersion | Release 0.68 |
LegalCopyright | Copyright © 1997-2017 Simon Tatham. |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to AES Uses constants related to Blowfish Uses known Diffie-Helman primes |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Simon Tatham
Issuer: COMODO SHA-256 Code Signing CA |
Safe | VirusTotal score: 0/72 (Scanned on 2019-04-25 16:22:37) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2017-Feb-18 17:12:25 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x5c600 |
SizeOfInitializedData | 0x24200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0003D7A9 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5e000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x84000 |
SizeOfHeaders | 0x400 |
Checksum | 0x8dafc |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
RegCloseKey
RegOpenKeyA RegQueryValueExA GetUserNameA EqualSid AllocateAndInitializeSid CopySid GetLengthSid InitializeSecurityDescriptor SetSecurityDescriptorDacl SetSecurityDescriptorOwner RegCreateKeyA RegSetValueExA SystemFunction036 |
---|---|
USER32.dll |
FindWindowA
SendMessageA GetCursorPos GetForegroundWindow GetCapture GetQueueStatus GetClipboardOwner |
KERNEL32.dll |
SetEndOfFile
HeapSize GetTimeZoneInformation CreateFileW GetProcessHeap SetStdHandle GetTickCount GetProcAddress GetStdHandle ReadFile WriteFile GetConsoleMode SetConsoleMode FreeLibrary LoadLibraryA CloseHandle GetLastError GetOverlappedResult SetEvent WaitForSingleObject CreateEventA CreateThread GetSystemDirectoryA FormatMessageA FindClose FindFirstFileA FindNextFileA DecodePointer GetProcessTimes GetCurrentProcess GetCurrentProcessId GetCurrentThread GetThreadTimes GetSystemTime GetSystemTimeAdjustment GetWindowsDirectoryA GlobalMemoryStatus CreateFileA LocalFree WaitNamedPipeA ConnectNamedPipe CreateNamedPipeA GetCurrentThreadId MapViewOfFile UnmapViewOfFile LocalAlloc CreateFileMappingA SetHandleInformation CreatePipe CreateProcessA OpenProcess SetCurrentDirectoryA GetCurrentDirectoryA CreateDirectoryA GetFileAttributesA GetFileSize GetFileTime SetFilePointer WaitForMultipleObjects ReleaseMutex CreateMutexA GetEnvironmentVariableA DeleteFileA GetLocalTime UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetStartupInfoW GetModuleHandleW QueryPerformanceCounter GetModuleFileNameW InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree LoadLibraryExW RtlUnwind SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection GetFileType GetModuleFileNameA GetModuleHandleExW WriteConsoleW MultiByteToWideChar WideCharToMultiByte ExitProcess GetCommandLineA GetCommandLineW GetACP HeapFree HeapAlloc OutputDebugStringW WaitForSingleObjectEx GetStringTypeW GetDateFormatW GetTimeFormatW CompareStringW LCMapStringW FlushFileBuffers GetConsoleCP HeapReAlloc GetExitCodeProcess GetFileAttributesExW ReadConsoleW SetFilePointerEx FindFirstFileExA IsValidCodePage GetOEMCP GetCPInfo GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableA RaiseException |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 0.68.0.0 |
ProductVersion | 0.68.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United Kingdom |
CompanyName | Simon Tatham |
ProductName | PuTTY suite |
FileDescription | Command-line interactive SFTP client |
InternalName | PSFTP |
OriginalFilename | PSFTP |
FileVersion (#2) | Release 0.68 |
ProductVersion (#2) | Release 0.68 |
LegalCopyright | Copyright © 1997-2017 Simon Tatham. |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Feb-18 17:12:25 |
Version | 0.0 |
SizeofData | 768 |
AddressOfRawData | 0x786c4 |
PointerToRawData | 0x770c4 |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x47a8d0 |
SEHandlerTable | 0x478600 |
SEHandlerCount | 3 |
XOR Key | 0xa5af6fa7 |
---|---|
Unmarked objects | 0 |
241 (40116) | 16 |
243 (40116) | 163 |
242 (40116) | 25 |
ASM objects (23013) | 20 |
C++ objects (23013) | 29 |
C objects (23013) | 18 |
Imports (65501) | 7 |
Total imports | 160 |
C objects (VS2015 build 23026) | 64 |
Resource objects (VS2015 build 23026) | 1 |
Linker (VS2015 build 23026) | 1 |