2c2b1e5c2e1346d4aa24dffe81278b15

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2017-Feb-18 17:12:25
Detected languages English - United Kingdom
English - United States
CompanyName Simon Tatham
ProductName PuTTY suite
FileDescription Command-line interactive SFTP client
InternalName PSFTP
OriginalFilename PSFTP
FileVersion Release 0.68
ProductVersion Release 0.68
LegalCopyright Copyright © 1997-2017 Simon Tatham.

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to AES
Uses constants related to Blowfish
Uses known Diffie-Helman primes
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExW
 Functions which can be used for anti-debugging purposes:
  • FindWindowA
 Can access the registry:
  • RegCloseKey
  • RegOpenKeyA
  • RegQueryValueExA
  • RegCreateKeyA
  • RegSetValueExA
 Possibly launches other programs:
  • CreateProcessA
 Manipulates other processes:
  • OpenProcess
Info The PE is digitally signed. Signer: Simon Tatham
Issuer: COMODO SHA-256 Code Signing CA
Safe VirusTotal score: 0/72 (Scanned on 2019-04-25 16:22:37) All the AVs think this file is safe.

Hashes

MD5 2c2b1e5c2e1346d4aa24dffe81278b15
SHA1 4212b7dda455b843421aa972301036c91bb9d05b
SHA256 97faeea90c645ee3f2667a8095499675a3c05c4f30f448cc2533506f7eff3481
SHA3 5ff49d3a4acef48da6bbd36593e38f818bb838ef4f6e6a64eb6e23900093650c
SSDeep 12288:GOOqEZg8uARZq8bcRLjlPBeO7zUkbf+TLIafaEVohv3CZuX3:GJqZ8uAzq/z7zWEaCEVIvSZuX3
Imports Hash cb79861594fb35bf12448661de2883a3

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2017-Feb-18 17:12:25
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x5c600
SizeOfInitializedData 0x24200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0003D7A9 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x5e000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x84000
SizeOfHeaders 0x400
Checksum 0x8dafc
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 14cb6ec7544579549039b9a3b929b5e9
SHA1 9dd696a82601d52de13d01d6d0410aa69dbbc579
SHA256 6ad48d1d15663310c1d88edea7c453918681fdb66f600e41d706212d4fe42c00
SHA3 36fd857d42eb5ae1a9d292a80dccdfa2eef4d51a29c8d9e86ccd8958b806025b
VirtualSize 0x5c47c
VirtualAddress 0x1000
SizeOfRawData 0x5c600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.65789

.rdata

MD5 748b8345ab530ca3fcac768072838977
SHA1 54b02808e130410061b12c5e946d84f19bee1bd7
SHA256 39d7d93875ffc0507e6bbb6daaa7a315781f5918ce931739164ec486ffcfe8b6
SHA3 49779129c35e8610a6641516fa4872f0f5ff073af2a324610b2bfaba02ab1311
VirtualSize 0x1bd44
VirtualAddress 0x5e000
SizeOfRawData 0x1be00
PointerToRawData 0x5ca00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.00725

.data

MD5 40c7a7378b450587f3120f124d339e99
SHA1 bb83a0f74c9bded353a17aa8a3bc2a4150bf2fba
SHA256 93fd1becbe82267a5109ae67c5d8c10492a9293cf33fa22ec11377e7e621020a
SHA3 e2ff7c0014d5eb8ea0a01479e802f43a56d2d9531d13a6604272eb98b3158037
VirtualSize 0x2bf8
VirtualAddress 0x7a000
SizeOfRawData 0x1400
PointerToRawData 0x78800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.19948

.rsrc

MD5 67550de94dc88ee14c632aff18143613
SHA1 ec893abfee997e4679da3c01c4597865654bcc7a
SHA256 99ae7f772b1d883c50b24d4d157feb1b8016b6ed44a7e9ddbc54872dd10986f4
SHA3 4a676900c1c5d848640243bf3ebfe2663008dea9cf40bb9e8beb22a180b7c151
VirtualSize 0x14d8
VirtualAddress 0x7d000
SizeOfRawData 0x1600
PointerToRawData 0x79c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.88781

.reloc

MD5 1eec512186f0ea57d556e2cb8f94e37c
SHA1 0528905609b2db224cbb41dde80f1962633d08ab
SHA256 d604d5cf3a7c6c4fc50ebf3604c0ebd15ba404e8808fe40038261628596e401a
SHA3 4a8ab829ab14b6c4c80115ad6466ecfeea110c3fecb2e5f7e9bc4ec6f1c3e38d
VirtualSize 0x4028
VirtualAddress 0x7f000
SizeOfRawData 0x4200
PointerToRawData 0x7b200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.66087

Imports

ADVAPI32.dll RegCloseKey
RegOpenKeyA
RegQueryValueExA
GetUserNameA
EqualSid
AllocateAndInitializeSid
CopySid
GetLengthSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegCreateKeyA
RegSetValueExA
SystemFunction036
USER32.dll FindWindowA
SendMessageA
GetCursorPos
GetForegroundWindow
GetCapture
GetQueueStatus
GetClipboardOwner
KERNEL32.dll SetEndOfFile
HeapSize
GetTimeZoneInformation
CreateFileW
GetProcessHeap
SetStdHandle
GetTickCount
GetProcAddress
GetStdHandle
ReadFile
WriteFile
GetConsoleMode
SetConsoleMode
FreeLibrary
LoadLibraryA
CloseHandle
GetLastError
GetOverlappedResult
SetEvent
WaitForSingleObject
CreateEventA
CreateThread
GetSystemDirectoryA
FormatMessageA
FindClose
FindFirstFileA
FindNextFileA
DecodePointer
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetThreadTimes
GetSystemTime
GetSystemTimeAdjustment
GetWindowsDirectoryA
GlobalMemoryStatus
CreateFileA
LocalFree
WaitNamedPipeA
ConnectNamedPipe
CreateNamedPipeA
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
LocalAlloc
CreateFileMappingA
SetHandleInformation
CreatePipe
CreateProcessA
OpenProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
GetFileSize
GetFileTime
SetFilePointer
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
GetEnvironmentVariableA
DeleteFileA
GetLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetFileType
GetModuleFileNameA
GetModuleHandleExW
WriteConsoleW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
OutputDebugStringW
WaitForSingleObjectEx
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleCP
HeapReAlloc
GetExitCodeProcess
GetFileAttributesExW
ReadConsoleW
SetFilePointerEx
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
RaiseException

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.52572
MD5 7d3c73068d397dde148769ef8eb9b3fa
SHA1 d5fef5f130ce863351c6632e7d37d87752176714
SHA256 7eff0fe47981e64a12c549f6ee127c28fc2ef2cef81d762544dda81ef86d3325
SHA3 d1f4b772db07201bcbfbebfa4c6da07a449ed3f22c09084303f4922f5b40b58d

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.54823
MD5 996902231372d924a013649c8240e990
SHA1 db669a800f03180ad7a8496955c327849f975232
SHA256 04dc33c209dcc680df3e5012b53602554e56fa1974118dab55ef8d0521d1bd8b
SHA3 6fbb23ac4739ff315e464ef5212672401b085b715205ead23434ee9bbd2ff23e

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.32902
MD5 db628c61bb8a57188cc7751951e7de41
SHA1 cb48d83a79113c3bb1a8dd6df76490ffea7040e7
SHA256 d7e4c590a3c79f70d8a781e539bfe5f9dd894a6fbf48ac32d885253cc5adc24c
SHA3 9c9d053f455803c1e2faf5b8d5f620db37ee3bc680ef9f7cbbd42d0efadda154

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xb0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.98919
MD5 60d6e880dce25ce3906d70e6d1bf4155
SHA1 d8113072518e055213b0d11f3857bb394e936c17
SHA256 6e7f2b7d7f461a79eb00beaf863fa11af24707a14827c3e793a9237f73698728
SHA3 cf0f12718ddbfed890b51eb3ec5dbb6796fcbfbcffa98e9e8ade6930a8391fad

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x130
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.13529
MD5 5c23901f0e9d4d1783b6cb81f2360e50
SHA1 5407e9cff3fcefc3495c8c6e0f6bf213efdaac20
SHA256 b81cdcb60cd8ef3d101a5386db5857678ba677b6c40ceaaa9d37ab9bc241dd35
SHA3 e8f5abb99fd8a193248a321d2b0736dfe4e10c605ce3e83e9a055df600ee44d5

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x330
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.49222
MD5 cb0c36f92c8bae5be460b34a8647f2c2
SHA1 b7ab28dc3dcc533151ba80801ddaea44bd6fc6a4
SHA256 0bc55159bf42569115d341cc4be145ece1dd95d511dae033fa998b51724dc8c3
SHA3 1e82b16f9edb492967c4ce543c4a676a0fe886c056d76da6eadd57d841fac07b

200

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.74417
Detected Filetype Icon file
MD5 d148c75e59377aa79c180396f45f355c
SHA1 b0b26cad3bc43856c4de4bcb92e54dce6bf1f6f7
SHA256 ef77555c4d1e769f6748372d39d8422b85e6af8f11c8a811c82ce78a87cc8c9d
SHA3 e87f2a758ae18abe7e030c83b7d0b1e53c08b6b448376f9e954b53967f547bf5

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x30c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35653
MD5 2037edff411d8ee20c072bd42ac4b584
SHA1 10a2caf5fb6c7c02fe03509a2b7f4a0b0a20a597
SHA256 463592e4cb9e6a7f6b00a601afc0b9fa1881cb8c97cb77628b6bad637d6334f8
SHA3 15d4c1959f479479b3cfbeeecbec0ade793ccc7317b8569638737e07f379ba19

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.68.0.0
ProductVersion 0.68.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United Kingdom
CompanyName Simon Tatham
ProductName PuTTY suite
FileDescription Command-line interactive SFTP client
InternalName PSFTP
OriginalFilename PSFTP
FileVersion (#2) Release 0.68
ProductVersion (#2) Release 0.68
LegalCopyright Copyright © 1997-2017 Simon Tatham.
Resource LangID English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2017-Feb-18 17:12:25
Version 0.0
SizeofData 768
AddressOfRawData 0x786c4
PointerToRawData 0x770c4

TLS Callbacks

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x47a8d0
SEHandlerTable 0x478600
SEHandlerCount 3

RICH Header

XOR Key 0xa5af6fa7
Unmarked objects 0
241 (40116) 16
243 (40116) 163
242 (40116) 25
ASM objects (23013) 20
C++ objects (23013) 29
C objects (23013) 18
Imports (65501) 7
Total imports 160
C objects (VS2015 build 23026) 64
Resource objects (VS2015 build 23026) 1
Linker (VS2015 build 23026) 1

Errors

<-- -->