Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2020-Jun-21 17:46:30 |
Detected languages |
English - United Kingdom
English - United States |
CompanyName | Simon Tatham |
ProductName | PuTTY suite |
FileDescription | Command-line SSH, Telnet, and Rlogin client |
InternalName | Plink |
OriginalFilename | Plink |
FileVersion | Release 0.74 |
ProductVersion | Release 0.74 |
LegalCopyright | Copyright © 1997-2020 Simon Tatham. |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to Blowfish Uses known Diffie-Helman primes |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Simon Tatham
Issuer: COMODO RSA Code Signing CA |
Safe | VirusTotal score: 0/71 (Scanned on 2021-01-06 20:08:26) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x78 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0 |
e_ss | 0 |
e_sp | 0 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x78 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 8 |
TimeDateStamp | 2020-Jun-21 17:46:30 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x73e00 |
SizeOfInitializedData | 0x2d000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000000505A0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xa8000 |
SizeOfHeaders | 0x400 |
Checksum | 0xaf0c8 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
AllocateAndInitializeSid
CopySid EqualSid GetLengthSid GetUserNameA InitializeSecurityDescriptor RegCloseKey RegCreateKeyA RegOpenKeyA RegQueryValueExA RegSetValueExA SetSecurityDescriptorDacl SetSecurityDescriptorOwner |
---|---|
USER32.dll |
FindWindowA
GetCapture GetClipboardOwner GetCursorPos GetForegroundWindow GetQueueStatus MsgWaitForMultipleObjects PeekMessageA SendMessageA |
KERNEL32.dll |
ClearCommBreak
CloseHandle CompareStringW ConnectNamedPipe CreateEventA CreateFileA CreateFileMappingA CreateFileW CreateMutexA CreateNamedPipeA CreatePipe CreateProcessA CreateThread DeleteCriticalSection DeleteFileA EnterCriticalSection EnumSystemLocalesW ExitProcess FindClose FindFirstFileA FindFirstFileExA FindNextFileA FlushFileBuffers FormatMessageA FreeEnvironmentStringsW FreeLibrary GetACP GetCPInfo GetCommState GetCommandLineA GetCommandLineW GetConsoleCP GetConsoleMode GetCurrentProcess GetCurrentProcessId GetCurrentThread GetCurrentThreadId GetDateFormatW GetEnvironmentStringsW GetEnvironmentVariableA GetFileAttributesExA GetFileType GetLastError GetLocalTime GetLocaleInfoW GetModuleFileNameA GetModuleFileNameW GetModuleHandleExW GetModuleHandleW GetOEMCP GetOverlappedResult GetProcAddress GetProcessHeap GetProcessTimes GetStartupInfoW GetStdHandle GetStringTypeW GetSystemDirectoryA GetSystemTimeAsFileTime GetThreadTimes GetTickCount GetTimeFormatW GetTimeZoneInformation GetUserDefaultLCID GetWindowsDirectoryA GlobalMemoryStatus HeapAlloc HeapFree HeapReAlloc HeapSize InitializeCriticalSectionAndSpinCount InitializeSListHead IsDebuggerPresent IsProcessorFeaturePresent IsValidCodePage IsValidLocale LCMapStringW LeaveCriticalSection LoadLibraryA LoadLibraryExA LoadLibraryExW LocalAlloc LocalFileTimeToFileTime LocalFree MapViewOfFile MultiByteToWideChar OpenProcess OutputDebugStringW QueryPerformanceCounter RaiseException ReadConsoleW ReadFile ReleaseMutex RtlCaptureContext RtlLookupFunctionEntry RtlUnwindEx RtlVirtualUnwind SetCommBreak SetCommState SetCommTimeouts SetConsoleMode SetEndOfFile SetEnvironmentVariableA SetEvent SetFilePointerEx SetHandleInformation SetLastError SetStdHandle SetUnhandledExceptionFilter TerminateProcess TlsAlloc TlsFree TlsGetValue TlsSetValue UnhandledExceptionFilter UnmapViewOfFile WaitForSingleObject WaitForSingleObjectEx WaitNamedPipeA WideCharToMultiByte WriteConsoleW WriteFile |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 0.74.0.0 |
ProductVersion | 0.74.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United Kingdom |
CompanyName | Simon Tatham |
ProductName | PuTTY suite |
FileDescription | Command-line SSH, Telnet, and Rlogin client |
InternalName | Plink |
OriginalFilename | Plink |
FileVersion (#2) | Release 0.74 |
ProductVersion (#2) | Release 0.74 |
LegalCopyright | Copyright © 1997-2020 Simon Tatham. |
Resource LangID | English - United States |
---|
Size | 0x94 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14009a0b0 |