3fbea74b92f41809f46145f480782ef9

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Jun-21 17:46:30
Detected languages English - United Kingdom
English - United States
CompanyName Simon Tatham
ProductName PuTTY suite
FileDescription Command-line SSH, Telnet, and Rlogin client
InternalName Plink
OriginalFilename Plink
FileVersion Release 0.74
ProductVersion Release 0.74
LegalCopyright Copyright © 1997-2020 Simon Tatham.

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • github.com
  • https://github.com
  • libssh.org
  • lysator.liu.se
  • openssh.com
  • projects.tartarus.org
  • putty.projects.tartarus.org
  • tartarus.org
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to Blowfish
Uses known Diffie-Helman primes
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExA
  • LoadLibraryExW
 Functions which can be used for anti-debugging purposes:
  • FindWindowA
 Can access the registry:
  • RegCloseKey
  • RegCreateKeyA
  • RegOpenKeyA
  • RegQueryValueExA
  • RegSetValueExA
 Possibly launches other programs:
  • CreateProcessA
 Manipulates other processes:
  • OpenProcess
Info The PE is digitally signed. Signer: Simon Tatham
Issuer: COMODO RSA Code Signing CA
Safe VirusTotal score: 0/71 (Scanned on 2021-01-06 20:08:26) All the AVs think this file is safe.

Hashes

MD5 3fbea74b92f41809f46145f480782ef9
SHA1 736ba9daf63a2add3217c79fa9d83088358f7012
SHA256 ca57391cdbac224f159e858425d231d068aa76316e0345cb8d58c716b9eff587
SHA3 5fd765945c67459fb33be8e75e862d8e3be7e6ff24d29df24e7f7a8079448ffb
SSDeep 12288:YsOlmdo5WwBjy668m3nwvsOVwLkkowZfgl8k9H:Y/lzWwByT3wvdVw5rZYl8Q
Imports Hash 87aecf008d87ec86ec8b00a2394b3e6c

DOS Header

e_magic MZ
e_cblp 0x78
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x78

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 2020-Jun-21 17:46:30
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x73e00
SizeOfInitializedData 0x2d000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000505A0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xa8000
SizeOfHeaders 0x400
Checksum 0xaf0c8
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 19757fa40c0d3d12989efbd008120203
SHA1 5fe361c812f731adf07ad33382c8fc4bdb3f599d
SHA256 f1bf75a4762b81eadc3bbe28470b6fc82574ed14b6b296ed5450bab3f672e3ee
SHA3 788180d6dd123ef2872162ceccbb4a11b34914d713b0818c3a780e6ef235304e
VirtualSize 0x73ca6
VirtualAddress 0x1000
SizeOfRawData 0x73e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.43935

.rdata

MD5 16e0de738170b78715271069a0f66ca1
SHA1 f7a5cd07966a431dc45ccce64da8fbebc9777d5d
SHA256 edeb7a5a899e21627d524252b54c70ffa6474a81a219899daeb88f757556326e
SHA3 bfbe59801dd26ce0b3c8c1afcc5da8c236970ef0613f8e8b5f68221e989f7946
VirtualSize 0x2460c
VirtualAddress 0x75000
SizeOfRawData 0x24800
PointerToRawData 0x74200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.66862

.data

MD5 3f2847adf00844f0a01e8d6e5efaf41a
SHA1 5899efc7bf6a1124bd1435ff2ac2069064b12831
SHA256 239607d7b5c091aabfa66d2f3bd823f39c4c6310222eee56390d0a3845786648
SHA3 9fde48d26af73b1d8d713c389d21ed419af5ebc021ab12dfe51d775dbfcaa8b7
VirtualSize 0x2be8
VirtualAddress 0x9a000
SizeOfRawData 0xc00
PointerToRawData 0x98a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.04361

.pdata

MD5 f9b41aa5612e4ffbcd3aa3c297f7e7e1
SHA1 129a9ece306ca6839dc405965228df8400dd1263
SHA256 1f3caebf85e7404293ed93587a47c6badc7e5a1e1a4ee461c1c9b092cb24bb28
SHA3 d4ad1e2af947ac1490530ea754c99718dd698b54e084fb09c04d10051f7af4e8
VirtualSize 0x4dc4
VirtualAddress 0x9d000
SizeOfRawData 0x4e00
PointerToRawData 0x99600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.76199

.00cfg

MD5 b5948abe51727bcfe0bd0cb91b711ecd
SHA1 96ff03c24d06ea3c84e90c0aca6842ab0f50aa77
SHA256 bc5312458d7de2bd044e1be6e63ba597d2b65a059a99f47ed6c48c96a7ad6a94
SHA3 7bd53afb1ab9a04f22e92181534738f971b21b940d7e1fd7a3e935c97d4a2782
VirtualSize 0x10
VirtualAddress 0xa2000
SizeOfRawData 0x200
PointerToRawData 0x9e400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.195869

.gfids

MD5 2681a03e7930e86526d2261c18c71baa
SHA1 cbf7f4e534b3b62959ec6193256272198a3f2c95
SHA256 091054660a82208e4cfa335ebc32491772d17647465864ee9f28809162a27be3
SHA3 38e09e974da93891f9095b71c02f93d2399bbbaea12dbf31282ba4dec7b4aa14
VirtualSize 0xb8
VirtualAddress 0xa3000
SizeOfRawData 0x200
PointerToRawData 0x9e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.1775

.rsrc

MD5 7feeb7e5c93fd713bfe6b55da78e226f
SHA1 961ad49e0ceb048bd7c9ce04c81f01afb59ab8c5
SHA256 e167d7273e0d781e4d13a7ac83e1c41ad110ed42fd2823a6299d67f01b2a5993
SHA3 07df9a4a31a835188432f05a12d5dceb09418e28da9b273249f6dc3bd0254283
VirtualSize 0x14e0
VirtualAddress 0xa4000
SizeOfRawData 0x1600
PointerToRawData 0x9e800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.15165

.reloc

MD5 471105008c230e20cb9ac1beca97364f
SHA1 77e7685119a1f861a981ccd46dcae1015d830922
SHA256 3c27d78dcb4bbb183f904a9d4cf58118d76fc10e5b983c8c1fc00484b488cf5a
SHA3 6f4bca3881cd5ea4a344456e2d4061ffe50665714765bc8a6e42ea470646610b
VirtualSize 0x12a8
VirtualAddress 0xa6000
SizeOfRawData 0x1400
PointerToRawData 0x9fe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.30372

Imports

ADVAPI32.dll AllocateAndInitializeSid
CopySid
EqualSid
GetLengthSid
GetUserNameA
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
USER32.dll FindWindowA
GetCapture
GetClipboardOwner
GetCursorPos
GetForegroundWindow
GetQueueStatus
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
KERNEL32.dll ClearCommBreak
CloseHandle
CompareStringW
ConnectNamedPipe
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateNamedPipeA
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileA
FindFirstFileExA
FindNextFileA
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommState
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesExA
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessTimes
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetWindowsDirectoryA
GlobalMemoryStatus
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LocalAlloc
LocalFileTimeToFileTime
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetCommBreak
SetCommState
SetCommTimeouts
SetConsoleMode
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFilePointerEx
SetHandleInformation
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteConsoleW
WriteFile

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.74321
MD5 84660bec1eeebe3ad61960f5b6785077
SHA1 38a40c423383d9e79664115cf1bfea6369e82dad
SHA256 89101ef80cb32eccdb988e8ea35f93fe4c04923023ad5c9d09d6dbaadd238073
SHA3 c423144290bb9d9273fb83be08980440a3c2cbb0dca4e170f8a7db81b2bedbfb

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.98271
MD5 7d4cff360d2871fed319ecef64aa7d3d
SHA1 d7b7f55cbc2db4fad3018b6f068f1d56b1b2f88b
SHA256 8130832a780a7c334abfaaf3fce44fd99b2b8cff2e6d652764f4180472aeba74
SHA3 74045787c0b1a9cd244e4915f8121f761c4f3bd3afadaf720da5cef4eb4be380

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.67905
MD5 401c9b96e28a617d87b18f017e47e714
SHA1 15e92225acb8fb97731c2bf55b7ae535d1a04043
SHA256 fcab313f71a454c02f47579f088001b972056019c2077da20c54473def350549
SHA3 d464f12be5ff5584404967fabd1c380a396908062b4823eb99e7e122dbc236d7

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xb0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.38964
MD5 1899fdd1a312061843a64f2dc3fb9bd2
SHA1 5c81855117b20af2a5b7405a3a875564b7601d33
SHA256 549e2b61d82d10da12bc640ff22dbe352087d641c391fe382f7665847066c31a
SHA3 3909e0f0041a56a52ec3a2094d2fb33cd7389b68f551ce4b94300f66e5427bac

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x130
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.48609
MD5 ff8720e524b5fd54f831d5051e37017a
SHA1 eb680d020357a6a7aea93e8c617205a9bd673b58
SHA256 14528797e8c9c18854e9e5340c0453f608f83f63de0961e25c0528583c9fe781
SHA3 90860f98bb96b9bc2d537ab29e9063690a553019ceb55d6f2721edb5d06a9a7f

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x330
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.62978
MD5 cec32b23e7b9942c91b7d943369d82d3
SHA1 cc936495e775e943954d3e0209ec87c715abe110
SHA256 90ce310a4f670171b69ba82f780064dccd25c92ff92cfeebb41f69b19008111a
SHA3 6450647b46175493d84ba14b12f84928309b81f4618d95a94df980c75acd565a

200

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.74417
Detected Filetype Icon file
MD5 d148c75e59377aa79c180396f45f355c
SHA1 b0b26cad3bc43856c4de4bcb92e54dce6bf1f6f7
SHA256 ef77555c4d1e769f6748372d39d8422b85e6af8f11c8a811c82ce78a87cc8c9d
SHA3 e87f2a758ae18abe7e030c83b7d0b1e53c08b6b448376f9e954b53967f547bf5

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x318
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.37307
MD5 4af8919f4f97629b0a56ca496fc5414e
SHA1 744b8c364b0479698200b9444b28ae11482b4d7c
SHA256 5eb9719475a003d2ab87933b7cb32838247d8d2914fd98d8eb577abbe5c5ea44
SHA3 9382f5e099a5e00ac09b356675656795d725fd156e401c2a77779f2e4582ef83

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.74.0.0
ProductVersion 0.74.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United Kingdom
CompanyName Simon Tatham
ProductName PuTTY suite
FileDescription Command-line SSH, Telnet, and Rlogin client
InternalName Plink
OriginalFilename Plink
FileVersion (#2) Release 0.74
ProductVersion (#2) Release 0.74
LegalCopyright Copyright © 1997-2020 Simon Tatham.
Resource LangID English - United States

TLS Callbacks

Load Configuration

Size 0x94
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14009a0b0

RICH Header

Errors

<-- -->