Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2022-Jun-29 13:01:49 |
Detected languages |
English - United Kingdom
English - United States |
CompanyName | Simon Tatham |
ProductName | PuTTY suite |
FileDescription | SSH, Telnet, Rlogin, and SUPDUP client |
InternalName | PuTTY |
OriginalFilename | PuTTY |
FileVersion | Release 0.77 (without embedded help) |
ProductVersion | Release 0.77 |
LegalCopyright | Copyright © 1997-2022 Simon Tatham. |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to Blowfish |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 11/66 (Scanned on 2022-06-30 12:37:40) |
Bkav:
W32.AIDetect.malware2
Elastic: malicious (moderate confidence) FireEye: Generic.mg.76ec76309ca49a2e Sangfor: Suspicious.Win32.Save.a Symantec: ML.Attribute.HighConfidence APEX: Malicious Cynet: Malicious (score: 100) Trapmine: malicious.moderate.ml.score SentinelOne: Static AI - Malicious PE Rising: Trojan.Generic@AI.88 (RDML:CbWBkCZ3QK1eRyMWzxVBKQ) BitDefenderTheta: Gen:NN.ZexaF.34742.@B0@am!43ybi |
e_magic | MZ |
---|---|
e_cblp | 0x78 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0 |
e_ss | 0 |
e_sp | 0 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x78 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2022-Jun-29 13:01:49 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x4b9e00 |
SizeOfInitializedData | 0x66600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0047A67F (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x524000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CloseHandle
CompareStringW CreateFileW DecodePointer DeleteCriticalSection EncodePointer EnterCriticalSection EnumSystemLocalesW ExitProcess FindClose FindFirstFileExW FindNextFileW FlushFileBuffers FreeEnvironmentStringsW FreeLibrary GetACP GetCPInfo GetCommandLineA GetCommandLineW GetConsoleMode GetConsoleOutputCP GetCurrentProcess GetCurrentProcessId GetCurrentThread GetCurrentThreadId GetDateFormatW GetEnvironmentStringsW GetFileSizeEx GetFileType GetLastError GetLocaleInfoW GetModuleFileNameW GetModuleHandleA GetModuleHandleExW GetModuleHandleW GetOEMCP GetProcAddress GetProcessHeap GetStartupInfoW GetStdHandle GetStringTypeW GetSystemTimeAsFileTime GetTimeFormatW GetUserDefaultLCID HeapAlloc HeapFree HeapReAlloc HeapSize InitializeCriticalSectionAndSpinCount InitializeSListHead InterlockedFlushSList InterlockedPushEntrySList IsDebuggerPresent IsProcessorFeaturePresent IsValidCodePage IsValidLocale LCMapStringW LeaveCriticalSection LoadLibraryExW LocalAlloc MultiByteToWideChar OutputDebugStringW QueryPerformanceCounter RaiseException ReadConsoleW ReadFile RtlUnwind SetConsoleCtrlHandler SetEnvironmentVariableW SetFilePointerEx SetLastError SetStdHandle SetUnhandledExceptionFilter TerminateProcess TlsAlloc TlsFree TlsGetValue TlsSetValue UnhandledExceptionFilter WideCharToMultiByte WriteConsoleW WriteFile |
---|---|
COMDLG32.dll |
ChooseColorW
ChooseFontW |
USER32.dll |
GetCursorInfo
LoadCursorW |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 0.77.0.0 |
ProductVersion | 0.77.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United Kingdom |
CompanyName | Simon Tatham |
ProductName | PuTTY suite |
FileDescription | SSH, Telnet, Rlogin, and SUPDUP client |
InternalName | PuTTY |
OriginalFilename | PuTTY |
FileVersion (#2) | Release 0.77 (without embedded help) |
ProductVersion (#2) | Release 0.77 |
LegalCopyright | Copyright © 1997-2022 Simon Tatham. |
Resource LangID | English - United States |
---|
Size | 0xc0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x8d2084 |
SEHandlerTable | 0x8c4d8c |
SEHandlerCount | 7 |