Manalyze report for f43852a976edcab5a7c82d248ce242d2

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Apr-06 09:49:39
Detected languages	English - United Kingdom English - United States
CompanyName	Simon Tatham
ProductName	PuTTY suite
FileDescription	SSH, Telnet, Rlogin, and SUPDUP client
InternalName	PuTTY
OriginalFilename	PuTTY
FileVersion	`Release 0.81 (with embedded help)`
ProductVersion	`Release 0.81`
LegalCopyright	Copyright © 1997-2024 Simon Tatham.

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: chiark.greenend.org.uk demo-server.example.com example.com greenend.org.uk https://www.chiark.greenend.org.uk https://www.chiark.greenend.org.uk/ libssh.org lysator.liu.se openssh.com projects.tartarus.org putty.projects.tartarus.org server.example.com tartarus.org www.chiark.greenend.org.uk`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to Blowfish` `Uses known Diffie-Helman primes`
Suspicious	The PE is possibly packed.	`Unusual section name found: .voltbl`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA` `Can access the registry: RegCloseKey RegCreateKeyExA RegDeleteKeyA RegEnumKeyA RegOpenKeyA RegOpenKeyExA RegQueryValueExA RegSetValueExA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: CreateFileA CreateFileW GetTempPathA` `Manipulates other processes: OpenProcess` `Can take screenshots: BitBlt CreateCompatibleDC FindWindowA GetDC` `Reads the contents of the clipboard: GetClipboardData`
Info	The PE is digitally signed.	`Signer: Simon Tatham` `Issuer: Sectigo Public Code Signing CA R36`
Malicious	VirusTotal score: 3/75 (Scanned on 2024-08-12 08:33:05)	`Jiangmin: Trojan.Shelm.arq` `MaxSecure: Trojan.Malware.121218.susgen` `Zillya: Trojan.Rozena.Win32.216888`

Hashes

MD5	`f43852a976edcab5a7c82d248ce242d2`
SHA1	`446ac2bb76e472c185f56b2b1246910a4438246d`
SHA256	`4a38db0744930e1f5bfc0a82f63c907f7dc94270b930a3950e6a0abbc903c47f`
SHA3	`e329b8dd0152e71ab62cec728b64e9e0b66fe21d220fdfd6f0ebb48c6022b7d4`
SSDeep	`24576:VWzNpYIUzAcFZPVUw1L9ub0VsfMzXGk1GUzwgBaPIJdTaKIe0MStS/o6ui2OXK0:gc3vpJSMwgkk8KIeVSc/zuiV`
Imports Hash	`1bcee876dfae5e68c3451c29f9217c72`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2024-Apr-06 09:49:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xc7200`
SizeOfInitializedData	`0x9ee00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000A0126 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x170000`
SizeOfHeaders	`0x400`
Checksum	`0x16c3ef`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ef2d6649c1d211e9e21ac85db7479828`
SHA1	`3d54f051c54d3c7285222b9112ed728398ab3492`
SHA256	`1436f1b542a576cb9864eb87dfa3f1e2af6ab4080338886a683a203e3e1fca59`
SHA3	`d210b29ac06984b62b637090ef417538274834859fd3a7a081524d81757a1417`
VirtualSize	`0xc718a`
VirtualAddress	`0x1000`
SizeOfRawData	`0xc7200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56578`

.rdata

MD5	`bfba239cd998737d70a3ee35be906078`
SHA1	`396f961eedd61bc60a2966dc75894db61f64aa1c`
SHA256	`cc35d2d0ba87b1e92902c907e508de08360d330f4e576c9dfb1a2fb53d863efa`
SHA3	`a218090440682edb55dbeeade145aa59d8b54a840b6966d7b5ae53fdc5a0e718`
VirtualSize	`0x38ea4`
VirtualAddress	`0xc9000`
SizeOfRawData	`0x39000`
PointerToRawData	`0xc7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.6864`

.data

MD5	`e6c7c4efb25863a7406b1343454e9e66`
SHA1	`c3ea975fdb4ee97652420a9d49268ff8b3186f05`
SHA256	`e9f14f6c48e0aa1b878c91793ef5b8e27a0f0ade4e2d4119207679c2b57b9b65`
SHA3	`6def247be30485b33f3bcd65f3a4edc8cd8743a46cafe4ea28a9d626da14d104`
VirtualSize	`0x40d8`
VirtualAddress	`0x102000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x100600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.34685`

.00cfg

MD5	`c6b95c9f4425789f7064a4d6031b1920`
SHA1	`1d3da9e2ef52724df02d54772f1e12972980acb2`
SHA256	`ce78bbb51aa50f60594031e52ffbb9636a23b287eccf81b2165be56d3c2e18e2`
SHA3	`fc4444d4392c2bf73ef90edc109a2fbd009bb9028203eff86be1bdec2ead58d7`
VirtualSize	`0x8`
VirtualAddress	`0x107000`
SizeOfRawData	`0x200`
PointerToRawData	`0x101200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x9`
VirtualAddress	`0x108000`
SizeOfRawData	`0x200`
PointerToRawData	`0x101400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.voltbl

MD5	`03a5735da454908b67301bcd8a21faed`
SHA1	`10c9fb40d8f425ae2863c015e0e0fd55cbc2c155`
SHA256	`882a25ce6f3c51e2b8a988edd5a477a1ec84ce700276b28d14a6bd948c42cc6e`
SHA3	`49f28da7e4b4d30a161e44f0bd3f1ec37a42d7b38f74efc33cc96562d87e595c`
VirtualSize	`0x92`
VirtualAddress	`0x109000`
SizeOfRawData	`0x200`
PointerToRawData	`0x101600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`(EMPTY)`
Entropy	`2.45643`

.rsrc

MD5	`9c764f4e8094f8b15d198664caad28ee`
SHA1	`4330625b42dd4fa1abfea1e589c164c26d3e97e3`
SHA256	`81757447c8b5a500dfc6ac130e5e2d90709cd856cf053350b13ced1f2c7ec1ea`
SHA3	`6a0ec1b01ae5d12c64f700b302f64898ab6e7e54ae1a1f2cced8b1b853202f48`
VirtualSize	`0x5ab40`
VirtualAddress	`0x10a000`
SizeOfRawData	`0x5ac00`
PointerToRawData	`0x101800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.82732`

.reloc

MD5	`5ba611bd8ec9464eeca1f9de434b7024`
SHA1	`055b76515f8145bac979813c536ecd68792503f5`
SHA256	`97e1713aed9c61267b82ddd5eedc2785fba874ac08cc30fae5af915cfe207a63`
SHA3	`b6c6149e829e813ef45542e667c5eec646e61b29abebb67c044c98e177c4beb5`
VirtualSize	`0xa118`
VirtualAddress	`0x165000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x15c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.69463`

Imports

GDI32.dll	`BitBlt` `CreateBitmap` `CreateCompatibleBitmap` `CreateCompatibleDC` `CreateFontA` `CreateFontIndirectA` `CreatePalette` `CreatePen` `CreateSolidBrush` `DeleteDC` `DeleteObject` `ExcludeClipRect` `ExtTextOutA` `ExtTextOutW` `GetBkMode` `GetCharABCWidthsFloatA` `GetCharWidth32A` `GetCharWidth32W` `GetCharWidthA` `GetCharWidthW` `GetCharacterPlacementW` `GetCurrentObject` `GetDIBits` `GetDeviceCaps` `GetObjectA` `GetOutlineTextMetricsA` `GetPixel` `GetStockObject` `GetTextExtentExPointA` `GetTextExtentPoint32A` `GetTextMetricsA` `IntersectClipRect` `LineTo` `MoveToEx` `Polyline` `RealizePalette` `Rectangle` `SelectObject` `SelectPalette` `SetBkColor` `SetBkMode` `SetMapMode` `SetPaletteEntries` `SetPixel` `SetTextAlign` `SetTextColor` `TextOutA` `TranslateCharsetInfo` `UnrealizeObject` `UpdateColors`
IMM32.dll	`ImmGetCompositionStringW` `ImmGetContext` `ImmReleaseContext` `ImmSetCompositionFontA` `ImmSetCompositionWindow`
ole32.dll	`CoCreateInstance` `CoInitialize` `CoUninitialize`
USER32.dll	`AppendMenuA` `BeginPaint` `CheckDlgButton` `CheckMenuItem` `CheckRadioButton` `CloseClipboard` `CreateCaret` `CreateDialogParamA` `CreateMenu` `CreatePopupMenu` `CreateWindowExA` `CreateWindowExW` `DefDlgProcA` `DefWindowProcA` `DefWindowProcW` `DeleteMenu` `DestroyCaret` `DestroyIcon` `DestroyWindow` `DialogBoxParamA` `DispatchMessageA` `DispatchMessageW` `DrawEdge` `DrawIconEx` `EmptyClipboard` `EnableMenuItem` `EnableWindow` `EndDialog` `EndPaint` `FindWindowA` `FlashWindow` `GetCapture` `GetCaretBlinkTime` `GetClientRect` `GetClipboardData` `GetClipboardOwner` `GetCursorPos` `GetDC` `GetDesktopWindow` `GetDlgItem` `GetDlgItemTextA` `GetDoubleClickTime` `GetForegroundWindow` `GetKeyboardLayout` `GetKeyboardState` `GetMessageA` `GetMessageTime` `GetParent` `GetQueueStatus` `GetScrollInfo` `GetSysColor` `GetSysColorBrush` `GetSystemMenu` `GetSystemMetrics` `GetWindowLongA` `GetWindowPlacement` `GetWindowRect` `GetWindowTextA` `GetWindowTextLengthA` `HideCaret` `InsertMenuA` `InvalidateRect` `IsDialogMessageA` `IsDlgButtonChecked` `IsIconic` `IsWindow` `IsZoomed` `KillTimer` `LoadCursorA` `LoadIconA` `LoadImageA` `MapDialogRect` `MessageBeep` `MessageBoxA` `MessageBoxIndirectA` `MoveWindow` `MsgWaitForMultipleObjects` `OffsetRect` `OpenClipboard` `PeekMessageA` `PeekMessageW` `PostMessageA` `PostQuitMessage` `RegisterClassA` `RegisterClassW` `RegisterClipboardFormatA` `RegisterWindowMessageA` `ReleaseCapture` `ReleaseDC` `ScreenToClient` `SendDlgItemMessageA` `SendMessageA` `SetActiveWindow` `SetCapture` `SetCaretPos` `SetClassLongA` `SetClipboardData` `SetCursor` `SetDlgItemTextA` `SetFocus` `SetForegroundWindow` `SetKeyboardState` `SetScrollInfo` `SetTimer` `SetWindowLongA` `SetWindowPlacement` `SetWindowPos` `SetWindowTextA` `SetWindowTextW` `ShowCaret` `ShowCursor` `ShowWindow` `SystemParametersInfoA` `ToAsciiEx` `TrackPopupMenu` `TranslateMessage` `UpdateWindow`
KERNEL32.dll	`Beep` `ClearCommBreak` `CloseHandle` `CompareStringW` `ConnectNamedPipe` `CreateEventA` `CreateFileA` `CreateFileMappingA` `CreateFileW` `CreateMutexA` `CreateNamedPipeA` `CreatePipe` `CreateProcessA` `CreateThread` `DecodePointer` `DeleteCriticalSection` `DeleteFileA` `EncodePointer` `EnterCriticalSection` `EnumSystemLocalesW` `ExitProcess` `FindClose` `FindFirstFileA` `FindFirstFileExW` `FindNextFileA` `FindNextFileW` `FindResourceA` `FlushFileBuffers` `FormatMessageA` `FreeEnvironmentStringsW` `FreeLibrary` `GetACP` `GetCPInfo` `GetCommState` `GetCommandLineA` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryA` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetDateFormatW` `GetEnvironmentStringsW` `GetEnvironmentVariableA` `GetFileSizeEx` `GetFileType` `GetLastError` `GetLocalTime` `GetLocaleInfoA` `GetLocaleInfoW` `GetModuleFileNameA` `GetModuleFileNameW` `GetModuleHandleExW` `GetModuleHandleW` `GetOEMCP` `GetOverlappedResult` `GetProcAddress` `GetProcessHeap` `GetProcessTimes` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemDirectoryA` `GetSystemTimeAsFileTime` `GetTempPathA` `GetThreadTimes` `GetTickCount` `GetTimeFormatW` `GetTimeZoneInformation` `GetUserDefaultLCID` `GetWindowsDirectoryA` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalMemoryStatus` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `HeapSize` `InitializeCriticalSection` `InitializeCriticalSectionAndSpinCount` `InitializeSListHead` `IsDBCSLeadByteEx` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `IsValidLocale` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExA` `LoadLibraryExW` `LoadResource` `LocalAlloc` `LocalFileTimeToFileTime` `LocalFree` `LockResource` `MapViewOfFile` `MulDiv` `MultiByteToWideChar` `OpenProcess` `OutputDebugStringW` `QueryPerformanceCounter` `RaiseException` `ReadConsoleW` `ReadFile` `ReleaseMutex` `RtlUnwind` `SetCommBreak` `SetCommState` `SetCommTimeouts` `SetCurrentDirectoryA` `SetEndOfFile` `SetEnvironmentVariableW` `SetEvent` `SetFilePointerEx` `SetHandleInformation` `SetLastError` `SetStdHandle` `SetUnhandledExceptionFilter` `SizeofResource` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnhandledExceptionFilter` `UnmapViewOfFile` `WaitForSingleObject` `WaitNamedPipeA` `WideCharToMultiByte` `WriteConsoleW` `WriteFile`
SHELL32.dll	`ShellExecuteA`
COMDLG32.dll	`ChooseColorA` `ChooseFontA` `GetOpenFileNameA` `GetSaveFileNameA`
ADVAPI32.dll	`AllocateAndInitializeSid` `CopySid` `EqualSid` `GetLengthSid` `GetUserNameA` `InitializeSecurityDescriptor` `RegCloseKey` `RegCreateKeyExA` `RegDeleteKeyA` `RegEnumKeyA` `RegOpenKeyA` `RegOpenKeyExA` `RegQueryValueExA` `RegSetValueExA` `SetSecurityDescriptorDacl` `SetSecurityDescriptorOwner`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74321`
MD5	`84660bec1eeebe3ad61960f5b6785077`
SHA1	`38a40c423383d9e79664115cf1bfea6369e82dad`
SHA256	`89101ef80cb32eccdb988e8ea35f93fe4c04923023ad5c9d09d6dbaadd238073`
SHA3	`c423144290bb9d9273fb83be08980440a3c2cbb0dca4e170f8a7db81b2bedbfb`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98271`
MD5	`7d4cff360d2871fed319ecef64aa7d3d`
SHA1	`d7b7f55cbc2db4fad3018b6f068f1d56b1b2f88b`
SHA256	`8130832a780a7c334abfaaf3fce44fd99b2b8cff2e6d652764f4180472aeba74`
SHA3	`74045787c0b1a9cd244e4915f8121f761c4f3bd3afadaf720da5cef4eb4be380`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67905`
MD5	`401c9b96e28a617d87b18f017e47e714`
SHA1	`15e92225acb8fb97731c2bf55b7ae535d1a04043`
SHA256	`fcab313f71a454c02f47579f088001b972056019c2077da20c54473def350549`
SHA3	`d464f12be5ff5584404967fabd1c380a396908062b4823eb99e7e122dbc236d7`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38964`
MD5	`1899fdd1a312061843a64f2dc3fb9bd2`
SHA1	`5c81855117b20af2a5b7405a3a875564b7601d33`
SHA256	`549e2b61d82d10da12bc640ff22dbe352087d641c391fe382f7665847066c31a`
SHA3	`3909e0f0041a56a52ec3a2094d2fb33cd7389b68f551ce4b94300f66e5427bac`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x130`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48609`
MD5	`ff8720e524b5fd54f831d5051e37017a`
SHA1	`eb680d020357a6a7aea93e8c617205a9bd673b58`
SHA256	`14528797e8c9c18854e9e5340c0453f608f83f63de0961e25c0528583c9fe781`
SHA3	`90860f98bb96b9bc2d537ab29e9063690a553019ceb55d6f2721edb5d06a9a7f`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x330`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62978`
MD5	`cec32b23e7b9942c91b7d943369d82d3`
SHA1	`cc936495e775e943954d3e0209ec87c715abe110`
SHA256	`90ce310a4f670171b69ba82f780064dccd25c92ff92cfeebb41f69b19008111a`
SHA3	`6450647b46175493d84ba14b12f84928309b81f4618d95a94df980c75acd565a`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16607`
MD5	`24fa9e5d440f1eb2741c3ff69bcf0066`
SHA1	`176a233a5af1f19b578f4ff28b30abb5b35703fa`
SHA256	`ca6932144ee553c7df83805a932ca120d4a6458fda707ad92b758ade870bbff5`
SHA3	`7d89863c42b1bfcef049d2b1f9f3e295d8ad4d08d4d0b8f91ccdc89b8f2fd684`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.57192`
MD5	`88ae047b639324c0c2532300cce7761e`
SHA1	`db8418aeb902e55c805617aaca62b5148f25f385`
SHA256	`40d176e64a8772483202fa25b4d7ef89341ddfb3b0c168d762fc1f86c35abae7`
SHA3	`aff6159d87a79321c53dfba65f1fa7d25cf1cd9fbc98c136cef94bf0b69ef0f4`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24629`
MD5	`d814ed55a8ec423c506a097ed5452e1c`
SHA1	`3199ef73669357b3176967cf729689ffdf506b12`
SHA256	`a8085f0bf68db8adc5aab891081cb87d3089a4dff05d3359047c503f17510559`
SHA3	`547ea078849cd72726d9b23aa04f61023fa4e6ae2796cacb09a42449f51eec44`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59447`
MD5	`1bcd2ac1427e73b3a2616488fcb926e9`
SHA1	`41f1b135dba51510b2eb89108500a54d624107b9`
SHA256	`0fee484eb60dac53c69ca37b3d0fe76d75a1c927f5adc1db82949a3fd63c116c`
SHA3	`a94d7c044505574da9e6396e020e037b4ec017ea42434110be12eeba60cc7773`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x130`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.131`
MD5	`000e79a9829ed30a66c9e9f46b630867`
SHA1	`bb080b9a8f1c3e44cfc93651bc84841615278c5a`
SHA256	`09aeee834e20c34531786e0db7a69eb388d3365b1f06d2e9bfea30c6fe2a49e5`
SHA3	`d19f1f5d1aa0c4262c651cf72b30b46493c9f0e8451e57e795cb476c9e03a3c1`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x330`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12285`
MD5	`6d9fd0eb34bb2598e10c2885d4c4a74e`
SHA1	`70a4473f857c959408dafba7a616c9baaf4626b7`
SHA256	`a0ac1114637fa796329b357fda4dcb1d6986ee0c8735b6072439322e86eb1a21`
SHA3	`a1d3545ab5b2416703e70ff48f8ecbca04edee92410cd2513444b4d7aded867d`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03977`
MD5	`0a2c5ab8767275738e79922a882de64a`
SHA1	`31720966b798968da9f39f54de0ef3dd1ebc1f8a`
SHA256	`351948a69293ee808ea5d6189f242fc5789dd7dc7ecd64a4401c1d21bb35f16b`
SHA3	`826048c4e8bd66d10c2a5d9e048c341a3c7cc4f57e05b9ea0a727def01f9c4b1`

110

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31878`
MD5	`1e765c553e8c1c3c6ec35855247b47a9`
SHA1	`10510dc04fc29b33943420c9399fcb8d9154ab59`
SHA256	`0d9e394d80fc7df4aa10f0e96cad4a477a035a250fcfb59a91cd16dbca8381a8`
SHA3	`5de7600840998959a30322eea3f0737518fea3a747285077fac90f372b4ce968`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xfa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42355`
MD5	`940958bf7a44fe1b07800f9254d0e246`
SHA1	`0f1f143f42ad6fa17f488325753b8e4d2f4cb893`
SHA256	`9dd425f4a7be20de7b1ec5dbee63b3ab01863475847f68235e79c5b6656fe9de`
SHA3	`3c0b7b13f0f138095a4769703de13ea54499ac83107e4e00fc62e247c52c930b`

113

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27848`
MD5	`bbeef4707528834d9d145e7da5539109`
SHA1	`27a33fbb492a18eb28fd87f617cca24d26688257`
SHA256	`0e2ec7f3cf311724ba1021fc77efb9e95fa1f390a11cd830915b3b79ab8f843a`
SHA3	`ad1e6593041c8fd182db3b5628bb99cca61100e08f30890649334b0d1e8b7b1a`

114

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44456`
MD5	`d926af68d3f47fac953a171c70342146`
SHA1	`bc1436fcf202edd544b78ddf8a2a08192ca5efdd`
SHA256	`adf1c4c1ebbd6459d183b17f4f5d4c4198de4e894c5736c3f7877ca30ff4a2b2`
SHA3	`6cec50f0dd5c73f80a62d2c78c0b0c1c58454d6a06b2cc2c1726eeabfd862f04`

116

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xde`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43732`
MD5	`72838f04c596a295f460976cfe0042bf`
SHA1	`9586479afec0bd490fa0315856b0fc8de248d0e7`
SHA256	`1ab3e57d80640451d8a740855e7428cec54efc6e944f535050579553de386df4`
SHA3	`9544d2bad8448b93d80c44a9f8d21cf5f425a90e1abaea867109b125f73f4651`

117

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18061`
MD5	`a9296f891d93d8716dc4dd38fc5f7a91`
SHA1	`fc4c987dd4e9ed81e4bfdbc037d9f95b1e065cac`
SHA256	`339d96b395e4251932e37fa9a4626724f41bac230c4f06ce0179ee1d9b52c4fc`
SHA3	`1e9d0c1be773ecd9d4d67ae378aca1f8ff8f45bafa4301fdbd05533d1245a8e0`

200

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74417`
Detected Filetype	Icon file
MD5	`d148c75e59377aa79c180396f45f355c`
SHA1	`b0b26cad3bc43856c4de4bcb92e54dce6bf1f6f7`
SHA256	`ef77555c4d1e769f6748372d39d8422b85e6af8f11c8a811c82ce78a87cc8c9d`
SHA3	`e87f2a758ae18abe7e030c83b7d0b1e53c08b6b448376f9e954b53967f547bf5`

201

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92968`
Detected Filetype	Icon file
MD5	`9e81388befd1d4f93e209377728cb884`
SHA1	`4f7f26481375e507ac0045c531d8080586cc00f4`
SHA256	`383ca4cb5b95add3073e2cd86e4c5d62477d81bc80e0066da0919a1005f5033c`
SHA3	`29e35edf9c489ed74f8ae22c4e8ffc50cf11c6ca7607012da0ddcae96c53ba71`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42745`
MD5	`3a92c3acd7e9d64edb53eecf444a4127`
SHA1	`a78a1aeb368f1771783c12e34cfdd4a6a9b0e069`
SHA256	`61826ed1593adce347845c3675a01f6e9475efdc148549a711375ea3e2e6968d`
SHA3	`94df5b0706266c6435b80b921e1ed3d9b8457a887734256e5f385aa0a5a4d664`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x559`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.83039`
MD5	`30d8f5958f077d3bfa0c2a5a524e39cb`
SHA1	`330d87b5196ababbc9680cf74b38a9e283b7b449`
SHA256	`998b3d94f46beec7085a426a39f242ff732c689c73c74e4ee8bb171c5d70d183`
SHA3	`830938f58d0a5f9ddb477a1cc6f70753a845abc09e69bfedff5800a635da9fe0`

2000

Type	`UNKNOWN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x577b7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89299`
Detected Filetype	Microsoft Compiled HTML Help File
MD5	`ebf24330322c84a120d17cf29f623a75`
SHA1	`70820212c649d6763b9005356a734401a693617a`
SHA256	`f849eb121474e3dd67a09fac455eb1d69ff092a747a2b438307c230ac631b5d6`
SHA3	`c69b34d8ca90460039f2057d03c4b4cb3e9ddfefa09e0fecb6c4c9eb11ff5175`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.81.0.0
ProductVersion	0.81.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United Kingdom
CompanyName	Simon Tatham
ProductName	PuTTY suite
FileDescription	SSH, Telnet, Rlogin, and SUPDUP client
InternalName	PuTTY
OriginalFilename	PuTTY
FileVersion (#2)	Release 0.81 (with embedded help)
ProductVersion (#2)	Release 0.81
LegalCopyright	Copyright © 1997-2024 Simon Tatham.

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x508000`
EndAddressOfRawData	`0x508008`
AddressOfIndex	`0x505724`
AddressOfCallbacks	`0x4ff3d0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x502034`
SEHandlerTable	`0x4ff36c`
SEHandlerCount	`12`

RICH Header

f43852a976edcab5a7c82d248ce242d2

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.00cfg

.tls

.voltbl

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

102

110

111

113

114

116

117

200

201

1 (#2)

1 (#3)

2000

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors