| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2007-Apr-29 11:43:12
|
| Detected languages |
English - United Kingdom
English - United States
|
| CompanyName |
Simon Tatham
|
| ProductName |
PuTTY suite
|
| FileDescription |
SSH, Telnet and Rlogin client
|
| InternalName |
PuTTY
|
| OriginalFilename |
PuTTY
|
| FileVersion |
Release 0.60
|
| ProductVersion |
Release 0.60
|
| LegalCopyright |
Copyright © 1997-2007 Simon Tatham.
|
| Suspicious |
PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
|
| Info |
Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
|
| Suspicious |
The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Can access the registry:
Possibly launches other programs:
Memory manipulation functions often used by packers:
- VirtualProtect
- VirtualAlloc
|
| Info |
The PE's resources present abnormal characteristics. |
Resource 111 is possibly compressed or encrypted.
Resource 113 is possibly compressed or encrypted.
|
| Malicious |
VirusTotal score: 3/73 (Scanned on 2020-01-31 07:11:07) |
F-Prot:
W32/S-d32c59ba!Eldorado
Trapmine:
suspicious.low.ml.score
Cyren:
W32/S-d32c59ba!Eldorado
|
| MD5 |
d45509d7bf6ff2ce0d393fc5597f3067
|
| SHA1 |
654da27637813894043f155b28e949fab1a002e3
|
| SHA256 |
1095c2b5b477d3d8378b4d9b8c8eb29d8544ecbd50e5da23cc769345c9d8f5a2
|
| SHA3 |
294338b9b6d6a0690dd9f336320343b124d7ce97f24997cab39acc189db7fc99
|
| SSDeep |
6144:xovvPdNODghAzKLpXdpBOrtU4FQpi9Aetcgiyiz/n:xo3PdN1AO/pByzibeCg
|
| Imports Hash |
bc52d1a5a8ffc35ca15b626f0b17ceac
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x100
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
3
|
| TimeDateStamp |
2007-Apr-29 11:43:12
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
7.0
|
| SizeOfCode |
0x35000
|
| SizeOfInitializedData |
0x3000
|
| SizeOfUninitializedData |
0x43000
|
| AddressOfEntryPoint |
0x00078CC0 (Section: UPX1)
|
| BaseOfCode |
0x44000
|
| BaseOfData |
0x79000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x7c000
|
| SizeOfHeaders |
0x1000
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x43000
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
9bd5b409f219d2760ad30a7c33b4b616
|
| SHA1 |
2d4a4b9cc723aa1ff45c2991cb913bd78c1191ad
|
| SHA256 |
65f603687a81f97b22cbe35e6e684d0f5bbec6862a4ffa31b0c54c1d5ac2e007
|
| SHA3 |
af6af7fc2a45a766e7ab56316328feb820939bd585a7dd7fa45706ec0d784adb
|
| VirtualSize |
0x35000
|
| VirtualAddress |
0x44000
|
| SizeOfRawData |
0x35000
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.92634
|
| MD5 |
9374c089827204b83b2999e8044fdc6d
|
| SHA1 |
fa32cfc609ea84a8c3dd854be3750555c3e2e138
|
| SHA256 |
3f661ea3e34c4f18fd2525f6386edd0130443c65d2c22f97c328245d382b1ef7
|
| SHA3 |
9a44c39ee3607cf5855fa630052cb53b8f321a3e0b80033a7e81c57de42cdd90
|
| VirtualSize |
0x3000
|
| VirtualAddress |
0x79000
|
| SizeOfRawData |
0x2e00
|
| PointerToRawData |
0x35400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.02487
|
| KERNEL32.DLL |
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
|
| ADVAPI32.dll |
RegCloseKey
|
| COMCTL32.dll |
#13
|
| comdlg32.dll |
ChooseFontA
|
| GDI32.dll |
LineTo
|
| IMM32.dll |
ImmGetContext
|
| SHELL32.dll |
ShellExecuteA
|
| USER32.dll |
GetDC
|
| WINMM.dll |
PlaySoundA
|
| WINSPOOL.DRV |
WritePrinter
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x128
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.74321
|
| MD5 |
84660bec1eeebe3ad61960f5b6785077
|
| SHA1 |
38a40c423383d9e79664115cf1bfea6369e82dad
|
| SHA256 |
89101ef80cb32eccdb988e8ea35f93fe4c04923023ad5c9d09d6dbaadd238073
|
| SHA3 |
c423144290bb9d9273fb83be08980440a3c2cbb0dca4e170f8a7db81b2bedbfb
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x2e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.98271
|
| MD5 |
7d4cff360d2871fed319ecef64aa7d3d
|
| SHA1 |
d7b7f55cbc2db4fad3018b6f068f1d56b1b2f88b
|
| SHA256 |
8130832a780a7c334abfaaf3fce44fd99b2b8cff2e6d652764f4180472aeba74
|
| SHA3 |
74045787c0b1a9cd244e4915f8121f761c4f3bd3afadaf720da5cef4eb4be380
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x668
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.67905
|
| MD5 |
401c9b96e28a617d87b18f017e47e714
|
| SHA1 |
15e92225acb8fb97731c2bf55b7ae535d1a04043
|
| SHA256 |
fcab313f71a454c02f47579f088001b972056019c2077da20c54473def350549
|
| SHA3 |
d464f12be5ff5584404967fabd1c380a396908062b4823eb99e7e122dbc236d7
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xb0
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.38964
|
| MD5 |
1899fdd1a312061843a64f2dc3fb9bd2
|
| SHA1 |
5c81855117b20af2a5b7405a3a875564b7601d33
|
| SHA256 |
549e2b61d82d10da12bc640ff22dbe352087d641c391fe382f7665847066c31a
|
| SHA3 |
3909e0f0041a56a52ec3a2094d2fb33cd7389b68f551ce4b94300f66e5427bac
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x130
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.48609
|
| MD5 |
ff8720e524b5fd54f831d5051e37017a
|
| SHA1 |
eb680d020357a6a7aea93e8c617205a9bd673b58
|
| SHA256 |
14528797e8c9c18854e9e5340c0453f608f83f63de0961e25c0528583c9fe781
|
| SHA3 |
90860f98bb96b9bc2d537ab29e9063690a553019ceb55d6f2721edb5d06a9a7f
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x330
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.62978
|
| MD5 |
cec32b23e7b9942c91b7d943369d82d3
|
| SHA1 |
cc936495e775e943954d3e0209ec87c715abe110
|
| SHA256 |
90ce310a4f670171b69ba82f780064dccd25c92ff92cfeebb41f69b19008111a
|
| SHA3 |
6450647b46175493d84ba14b12f84928309b81f4618d95a94df980c75acd565a
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x128
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.16607
|
| MD5 |
24fa9e5d440f1eb2741c3ff69bcf0066
|
| SHA1 |
176a233a5af1f19b578f4ff28b30abb5b35703fa
|
| SHA256 |
ca6932144ee553c7df83805a932ca120d4a6458fda707ad92b758ade870bbff5
|
| SHA3 |
7d89863c42b1bfcef049d2b1f9f3e295d8ad4d08d4d0b8f91ccdc89b8f2fd684
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x2e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.57192
|
| MD5 |
88ae047b639324c0c2532300cce7761e
|
| SHA1 |
db8418aeb902e55c805617aaca62b5148f25f385
|
| SHA256 |
40d176e64a8772483202fa25b4d7ef89341ddfb3b0c168d762fc1f86c35abae7
|
| SHA3 |
aff6159d87a79321c53dfba65f1fa7d25cf1cd9fbc98c136cef94bf0b69ef0f4
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x668
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.24629
|
| MD5 |
d814ed55a8ec423c506a097ed5452e1c
|
| SHA1 |
3199ef73669357b3176967cf729689ffdf506b12
|
| SHA256 |
a8085f0bf68db8adc5aab891081cb87d3089a4dff05d3359047c503f17510559
|
| SHA3 |
547ea078849cd72726d9b23aa04f61023fa4e6ae2796cacb09a42449f51eec44
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xb0
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.59447
|
| MD5 |
1bcd2ac1427e73b3a2616488fcb926e9
|
| SHA1 |
41f1b135dba51510b2eb89108500a54d624107b9
|
| SHA256 |
0fee484eb60dac53c69ca37b3d0fe76d75a1c927f5adc1db82949a3fd63c116c
|
| SHA3 |
a94d7c044505574da9e6396e020e037b4ec017ea42434110be12eeba60cc7773
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x130
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.131
|
| MD5 |
000e79a9829ed30a66c9e9f46b630867
|
| SHA1 |
bb080b9a8f1c3e44cfc93651bc84841615278c5a
|
| SHA256 |
09aeee834e20c34531786e0db7a69eb388d3365b1f06d2e9bfea30c6fe2a49e5
|
| SHA3 |
d19f1f5d1aa0c4262c651cf72b30b46493c9f0e8451e57e795cb476c9e03a3c1
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x330
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.12285
|
| MD5 |
6d9fd0eb34bb2598e10c2885d4c4a74e
|
| SHA1 |
70a4473f857c959408dafba7a616c9baaf4626b7
|
| SHA256 |
a0ac1114637fa796329b357fda4dcb1d6986ee0c8735b6072439322e86eb1a21
|
| SHA3 |
a1d3545ab5b2416703e70ff48f8ecbca04edee92410cd2513444b4d7aded867d
|
| Type |
RT_DIALOG
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x76
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.06635
|
| MD5 |
311759b0438f586c969b00b95c9e70fc
|
| SHA1 |
cb796ddb4e67ac25fed101484307bd0086227bb1
|
| SHA256 |
9cda7ff21530f145c2468807aaa5c45a1761b430bc34c51dc866b8439900fd84
|
| SHA3 |
784dda3d2f03840162f3d6d4c3535d22276011e552e2e048c8c174d7c8146ac8
|
| Type |
RT_DIALOG
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xba
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.74745
|
| MD5 |
b11a51671ffc855b5bfff36852d95f17
|
| SHA1 |
bb041f75cf6dcb2361daff7c542060532e377c0f
|
| SHA256 |
a615d47fedb3fa14f14611843ceaeb77b0f1596ac4916b391a39622bd35d4518
|
| SHA3 |
d34289de2bb2f2fa7cefd97e7a80799157b8bc26ef82479d0d923763b57bd5de
|
| Type |
RT_DIALOG
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x196
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.2446
|
| MD5 |
0923e3db74018a47080ed73bdd3f74f7
|
| SHA1 |
5849597b39e1b9d60a63d0170473685080c986bd
|
| SHA256 |
26c8f16bf03bbee085934dbd05efcb9cdc435c09a42556a91a8ae74ea3066a0e
|
| SHA3 |
4fa35969b2c1a480ab38d8b5af840557602163fcae63ba632675e8311cedeebe
|
| Type |
RT_DIALOG
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xcac
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.7933
|
| MD5 |
38cd92e4f4fd9e473ab68e34b1dfebd1
|
| SHA1 |
22e651ef452cf9f7cd0aaee85741f8b3753caff8
|
| SHA256 |
8dfe052200c69eb407571bcda87dd7bbf810c654680765bc9fe6de255b17e8ad
|
| SHA3 |
90d01a99a7eea38e23e68dedabfcbaf0f9d6ad4e530dc64ea995ea4d61ade91e
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x5a
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.74417
|
| Detected Filetype |
Icon file
|
| MD5 |
d148c75e59377aa79c180396f45f355c
|
| SHA1 |
b0b26cad3bc43856c4de4bcb92e54dce6bf1f6f7
|
| SHA256 |
ef77555c4d1e769f6748372d39d8422b85e6af8f11c8a811c82ce78a87cc8c9d
|
| SHA3 |
e87f2a758ae18abe7e030c83b7d0b1e53c08b6b448376f9e954b53967f547bf5
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x5a
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.92968
|
| Detected Filetype |
Icon file
|
| MD5 |
9e81388befd1d4f93e209377728cb884
|
| SHA1 |
4f7f26481375e507ac0045c531d8080586cc00f4
|
| SHA256 |
383ca4cb5b95add3073e2cd86e4c5d62477d81bc80e0066da0919a1005f5033c
|
| SHA3 |
29e35edf9c489ed74f8ae22c4e8ffc50cf11c6ca7607012da0ddcae96c53ba71
|
| Type |
RT_VERSION
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x2fc
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.37229
|
| MD5 |
8391619023698bd4251aaf87bc542d24
|
| SHA1 |
d498265d9d3b400cc13db08b2c797ec909facc73
|
| SHA256 |
90a8842cddfbd1215224205b66625329b7384a68af5d3e5c812ff52e195c7f3b
|
| SHA3 |
b470069646ee9c8378bd882b5a96e72882e03964a8424652116e373d1b9668df
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x410
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.80485
|
| MD5 |
7e778c29e973b600435e3a98aeec471f
|
| SHA1 |
b22c0dc49bb018687e2148efe48daa8eb9d3a3f6
|
| SHA256 |
81caf25570c32a6ffd3b9011e36d352e2eea92e7284499bf9f94c90cf7ab0ff9
|
| SHA3 |
19f5c0986372ab08750339c15d0c473ebd4025ac20719fadbd6fce79e5250085
|
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
0.60.0.0
|
| ProductVersion |
0.60.0.0
|
| FileFlags |
(EMPTY)
|
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language |
English - United Kingdom
|
| CompanyName |
Simon Tatham
|
| ProductName |
PuTTY suite
|
| FileDescription |
SSH, Telnet and Rlogin client
|
| InternalName |
PuTTY
|
| OriginalFilename |
PuTTY
|
| FileVersion (#2) |
Release 0.60
|
| ProductVersion (#2) |
Release 0.60
|
| LegalCopyright |
Copyright © 1997-2007 Simon Tatham.
|
| Resource LangID |
English - United States
|
| Size |
0x48
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| Version |
0.0
|
| GlobalFlagsClear |
(EMPTY)
|
| GlobalFlagsSet |
(EMPTY)
|
| CriticalSectionDefaultTimeout |
0
|
| DeCommitFreeBlockThreshold |
0
|
| DeCommitTotalFreeThreshold |
0
|
| LockPrefixTable |
0
|
| MaximumAllocationSize |
0
|
| VirtualMemoryThreshold |
0
|
| ProcessAffinityMask |
0
|
| ProcessHeapFlags |
(EMPTY)
|
| CSDVersion |
0
|
| Reserved1 |
0
|
| EditList |
0
|
| SecurityCookie |
0x46a660
|
| SEHandlerTable |
0x467cb0
|
| SEHandlerCount |
2
|
| XOR Key |
0x412cebe9
|
| Unmarked objects |
0
|
| 105 (2067) |
2
|
| C++ objects (VS2003 (.NET) build 3077) |
2
|
| ASM objects (VS2003 (.NET) build 3077) |
27
|
| Imports (2067) |
2
|
| Imports (9210) |
4
|
| Imports (2179) |
15
|
| Total imports |
287
|
| C objects (VS2003 (.NET) build 3077) |
184
|
| 94 (VS2003 (.NET) build 3052) |
1
|
| Linker (VS2003 (.NET) build 3077) |
1
|
[*] Warning: Section UPX0 has a size of 0!
d45509d7bf6ff2ce0d393fc5597f3067