General Info

File name

PuTTYPortable_0.71_English.paf.exe

Full analysis
https://app.any.run/tasks/5e0b3603-f1c5-421e-a84b-ab2f7c8528ae
Verdict
Malicious activity
Analysis date
7/18/2019, 09:03:35
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

6553b192b4da2e82412e4c673d3ac7a8

SHA1

70c9e19087124791c94aba68667a3ee0b051b749

SHA256

2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068

SSDEEP

24576:sw9DyHnYK3EeXxcp417eNdG5sA7GQsRVJ4/Maj3YqYyUhVun:19XqcKUNCeQsHi/3jYAn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • PuTTYPortable_0.71_English.paf.exe (PID: 3492)
  • PuTTYPortable.exe (PID: 3816)
Application was dropped or rewritten from another process
  • PuTTYPortable.exe (PID: 3816)
  • putty.exe (PID: 3968)
 Executable content was dropped or overwritten
  • PuTTYPortable.exe (PID: 3816)
  • PuTTYPortable_0.71_English.paf.exe (PID: 3492)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:01:30 04:58:43+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
26112
InitializedDataSize:
428544
UninitializedDataSize:
16384
EntryPoint:
0x34a5
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
0.71.0.0
ProductVersionNumber:
0.71.0.0
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
Comments:
For additional details, visit PortableApps.com
CompanyName:
PortableApps.com
FileDescription:
PuTTY Portable
FileVersion:
0.71.0.0
InternalName:
PuTTY Portable
LegalCopyright:
2007-2017 PortableApps.com, PortableApps.com Installer 3.5.11.0
LegalTrademarks:
PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFileName:
PuTTYPortable_0.71_English.paf.exe
PortableAppscomAppID:
PuTTYPortable
PortableAppscomFormatVersion:
3.5.11
PortableAppscomInstallerVersion:
3.5.11.0
ProductName:
PuTTY Portable
ProductVersion:
0.71.0.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
30-Jan-2018 03:58:43
Detected languages
English - United States
Comments:
For additional details, visit PortableApps.com
CompanyName:
PortableApps.com
FileDescription:
PuTTY Portable
FileVersion:
0.71.0.0
InternalName:
PuTTY Portable
LegalCopyright:
2007-2017 PortableApps.com, PortableApps.com Installer 3.5.11.0
LegalTrademarks:
PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFilename:
PuTTYPortable_0.71_English.paf.exe
PortableApps.comAppID:
PuTTYPortable
PortableApps.comFormatVersion:
3.5.11
PortableApps.comInstallerVersion:
3.5.11.0
ProductName:
PuTTY Portable
ProductVersion:
0.71.0.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
30-Jan-2018 03:58:43
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00006409 0x00006600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.40783
.rdata 0x00008000 0x0000138E 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.14383
.data 0x0000A000 0x00066358 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.00056
.ndata 0x00071000 0x00158000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x001C9000 0x00019968 0x00019A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 7.53231
Resources
1

2

3

4

5

6

7

8

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

Exports

    No exports.

Screenshots

Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 22071 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 72054 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 74083 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 82148 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 83149 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 87172 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 88182 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 89199 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 98201 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 102242 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 119362 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 121382 ms from task started Screenshot of 2eadbfef4892a91e7436f60a2e944a5fd2843c22c47f60a26bd4b180a8300068 taken from 122384 ms from task started

Processes

Total processes
37
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

+
drop and start start puttyportable_0.71_english.paf.exe puttyportable.exe putty.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3492
CMD
"C:\Users\admin\AppData\Local\Temp\PuTTYPortable_0.71_English.paf.exe"
Path
C:\Users\admin\AppData\Local\Temp\PuTTYPortable_0.71_English.paf.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
PortableApps.com
Description
PuTTY Portable
Version
0.71.0.0
Modules
Image
c:\users\admin\appdata\local\temp\puttyportable_0.71_english.paf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nstf8e9.tmp\system.dll
c:\users\admin\appdata\local\temp\nstf8e9.tmp\findprocdll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nstf8e9.tmp\nsdialogs.dll
c:\windows\system32\comdlg32.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\networkexplorer.dll
c:\users\admin\appdata\local\temp\nstf8e9.tmp\w7tbp.dll
c:\users\admin\puttyportable\puttyportable.exe

PID
3816
CMD
"C:\Users\admin\PuTTYPortable\PuTTYPortable.exe"
Path
C:\Users\admin\PuTTYPortable\PuTTYPortable.exe
Indicators
Parent process
PuTTYPortable_0.71_English.paf.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
PortableApps.com
Description
PuTTY Portable (PortableApps.com Launcher)
Version
2.2.1.0
Modules
Image
c:\users\admin\puttyportable\puttyportable.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nstf71f.tmp\system.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\users\admin\appdata\local\temp\nstf71f.tmp\newadvsplash.dll
c:\windows\system32\winmm.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\nstf71f.tmp\registry.dll
c:\windows\system32\psapi.dll
c:\users\admin\puttyportable\app\putty\putty.exe

PID
3968
CMD
"C:\Users\admin\PuTTYPortable\App\putty\putty.exe"
Path
C:\Users\admin\PuTTYPortable\App\putty\putty.exe
Indicators
Parent process
PuTTYPortable.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Simon Tatham
Description
SSH, Telnet and Rlogin client
Version
Release 0.71 (with embedded help)
Modules
Image
c:\users\admin\puttyportable\app\putty\putty.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\hhctrl.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll

Registry activity

Total events
769
Read events
756
Write events
13
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3492
PuTTYPortable_0.71_English.paf.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3492
PuTTYPortable_0.71_English.paf.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Browse For Folder Width
318
3492
PuTTYPortable_0.71_English.paf.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Browse For Folder Height
288
3816
PuTTYPortable.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3816
PuTTYPortable.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
14
Suspicious files
2
Text files
28
Unknown types
1

Dropped files

PID
Process
Filename
Type
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\AppData\Local\Temp\nstF8E9.tmp\System.dll
executable
MD5: 75ed96254fbf894e42058062b4b4f0d1
SHA256: a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\AppData\Local\Temp\nstF8E9.tmp\nsDialogs.dll
executable
MD5: ca95c9da8cef7062813b989ab9486201
SHA256: feb6364375d0ab081e9cdf11271c40cb966af295c600903383b0730f0821c0be
3816
PuTTYPortable.exe
C:\Users\admin\AppData\Local\Temp\nstF71F.tmp\newadvsplash.dll
executable
MD5: 55a723e125afbc9b3a41d46f41749068
SHA256: 0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\putty\PLINK.EXE
executable
MD5: 19b22229d4a6b52dadec9bfcf5c13733
SHA256: a5864a5b457d9e98331e81d72f05631598ef766e6f78cf223d68c4b7a4ea02d8
3816
PuTTYPortable.exe
C:\Users\admin\AppData\Local\Temp\nstF71F.tmp\System.dll
executable
MD5: bf712f32249029466fa86756f5546950
SHA256: 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\PuTTYPortable.exe
executable
MD5: 2320ed37a4c9084e4555c13d4b887dc9
SHA256: aeeba49851fad4e95c0bbef978ea6028e624c79811692d7d8df0d1d89fa31c92
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\putty\PUTTY.EXE
executable
MD5: 687d518c8227b9ca26dfdb2b1d571553
SHA256: 4553cb27cc06eff8a397b8d00bd3a1affe07a5db3b46a61bdd10f32b74b29b06
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\AppData\Local\Temp\nstF8E9.tmp\FindProcDLL.dll
executable
MD5: ba4c1dfe226d573d516c0529f263011e
SHA256: 2ffe1ac2555e822b4a383996168031e456f09f9cf3bb763fccee35be178cf58a
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\putty\PUTTYGEN.EXE
executable
MD5: 448985c55ed9f16a2180dff89547b0ea
SHA256: ed7f140b2b6f8f15b893eb218e9d65ccabef67b853416507eb303c2e6f283129
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\putty\PAGEANT.EXE
executable
MD5: 27d5a49c4d07d9dafb15a2737d548e34
SHA256: fda607512bb00efe4382981d9f0cc82a8d3c6a9bde06884a34de30e1a1d8dcd6
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\putty\PSFTP.EXE
executable
MD5: ca7788680655e722885f0321cb796e5c
SHA256: 2b869ee06ba2aa066c4861a1bbfd2488ad59eca3905a48e0241094dc417c07fc
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\AppData\Local\Temp\nstF8E9.tmp\w7tbp.dll
executable
MD5: 9a3031cc4cef0dba236a28eecdf0afb5
SHA256: 53bb519e3293164947ac7cbd7e612f637d77a7b863e3534ba1a7e39b350d3c00
3816
PuTTYPortable.exe
C:\Users\admin\AppData\Local\Temp\nstF71F.tmp\registry.dll
executable
MD5: 2880bf3bbbc8dcaeb4367df8a30f01a8
SHA256: acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\putty\PSCP.EXE
executable
MD5: 81214ad8bcf3c2e014da779097b1312f
SHA256: b3bbf183314ef5d149fe402eeac5b7726fe44838a28acc02f86573353ea7c897
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\AppInfo\appicon_32.png
image
MD5: 5065dddea450dd6843fd2af2a70fc3e1
SHA256: 454c5fcec4a73f4d39072ed9812967adc102b8322f3aa101dfa1eceba6bb6f02
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\Other\Source\Readme.txt
text
MD5: 55470940281718a07338d4128fd01558
SHA256: 584993657cfda6c2891131c8398c6dee281590af048e94903153edd46b33acd3
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\Other\Source\LauncherLicense.txt
text
MD5: ffa10f40b98be2c2bc9608f56827ed23
SHA256: 189b1af95d661151e054cea10c91b3d754e4de4d3fecfb074c1fb29476f7167b
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\Other\Help\images\help_background_header.png
image
MD5: a1eaee3ccb8169b680415d713720a2fa
SHA256: 3959381aab4543593fa69fa7980946dbf0b0bab25924c8b38f6e88f7f69b9c19
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\Other\Help\images\help_background_footer.png
image
MD5: 6af4a82693a403b0d0afde16972466f5
SHA256: 88c0749cc9ca14ccea1af39dffaccf7b7c35e5b5603b1e451fe7fce508252480
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\Other\Help\images\donation_button.png
image
MD5: bab4268c0bc3b3051ff38b21dbe35a44
SHA256: 9abc52858ae4ddda224ee9d229cb38d252ae9ba46633da4ac14fada25dd489c6
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\Other\Help\images\favicon.ico
image
MD5: 049a352aabb8ced245ceecb94c0a0b2d
SHA256: b06b53681ea0ba09ddaa8f8066c990cf5a7c01e65a1910e687a993ac375d1781
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\Other\Help\images\help_logo_top.png
image
MD5: 0f024e316973b9d87f3f4c3a1f33c448
SHA256: 46a1d50a869dc7e2c0511cfbc77a15f0092ad9fba0b068736f1e512683a47ee4
3816
PuTTYPortable.exe
C:\Users\admin\AppData\Local\Temp\~DFA328D0A6C260687A.TMP
––
MD5:  ––
SHA256:  ––
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\putty\PUTTY.CHM
chm
MD5: feb8213eff9e7dc4190076ce4f1a6ca9
SHA256: f57f3ba2a7dd1b56aaf2eaea28bb924f177c1fc698ace9f79de89be92f655140
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\AppData\Local\Temp\nsdF8D8.tmp
––
MD5:  ––
SHA256:  ––
3816
PuTTYPortable.exe
C:\Users\admin\AppData\Local\Temp\nstF71F.tmp\launcher.ini
text
MD5: d9daf4cb6f0bbeb941eeadcaa1b37dd6
SHA256: 22e2e5c3ae8f4b6df73b9b294cf728244a1200a87777846e5f5e3ebcafdc842b
3816
PuTTYPortable.exe
C:\Users\admin\PuTTYPortable\Data\settings\PuTTYPortableSettings.ini
text
MD5: 2fa19efe1f8e52b06f31e2f685933440
SHA256: f3930f2da5b6588c7468c0a1e422a46fa9c26d8ba9a504680b7577ae203badf9
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\AppInfo\Launcher\splash.jpg
image
MD5: 2749e3c4401013aa51e64bb456a3cde2
SHA256: 9dc96c10df02e1b6fbab9ccb01aab88a0ae0f2217e64ca2c1c5f8715f800a015
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\AppInfo\Launcher\PuTTYPortable.ini
text
MD5: d9daf4cb6f0bbeb941eeadcaa1b37dd6
SHA256: 22e2e5c3ae8f4b6df73b9b294cf728244a1200a87777846e5f5e3ebcafdc842b
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\Other\Source\AppNamePortable.ini
text
MD5: 8634c50b01d5ea4adc0d9eca692cbb5b
SHA256: 58053a49f7c9d07faceb35c298022d31da5b00b8840e611074475b41ceb9b7e9
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\AppInfo\appicon_16.png
image
MD5: 77aca5faa13ddb0c23983443ed91e072
SHA256: 3838f62ca15c88a148532adff1a376756338de0a77e9b70cec04f95d8dbc82d4
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\AppInfo\appinfo.ini
text
MD5: 8b95d2fd821b66532b8b7095b2ed8219
SHA256: 2af88ec49acc00db5171af12858a7d4cd5ec0c18c9dca8d5d065383611957046
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\AppInfo\appicon_75.png
image
MD5: 0d147cd44d1fbb75bae32c726ab11038
SHA256: 6c25a47ee44832728d1f40903fa0b4d46741c75d2912a051b4c86abaf1275136
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\AppInfo\pac_installer_log.ini
text
MD5: acbf6a4418258924ab9b3996336c5b23
SHA256: 5962f492bd0b7ba959dc8defe178b4376b2e4362001ca57323265d85920c2030
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\help.html
html
MD5: 8a4ca8a71dca5d9da9248acd12655fd8
SHA256: 8bfb3f5d0ecd5a774b90107536b6ee453c3de84e804c526d2398620a773ccef1
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\ReadMe.txt
text
MD5: 93bd6c7a592cb7d0ea410b6acebb9383
SHA256: c92de2023c70e07b7defc901a2d18c8e646ff39b3428ae0a937030f83249686d
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\AppInfo\appicon_128.png
image
MD5: 196510beaa3687db5f398e6f6f978cce
SHA256: ede5ffea9376b1b29be140b76bf233c760fd8f3d6428edea696a6fb9ac8a4864
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\PuTTYPortable\App\AppInfo\appicon.ico
image
MD5: 10f94954af528ffea75b62808232da2f
SHA256: e4b1554ed61918830ae8a1913d6b803ebf898d2d91875892cde147290f2a2efc
3816
PuTTYPortable.exe
C:\Users\admin\PuTTYPortable\Data\PortableApps.comLauncherRuntimeData-PuTTYPortable.ini
text
MD5: aa92aa301d5771a410e0c30f33b83eda
SHA256: 6cb69bcc979223b24d557ba78b79fb110c89e2d34f9634cc0cf1fccb78c816a0
3816
PuTTYPortable.exe
C:\Users\admin\AppData\Local\Temp\nstF71F.tmp\runtimedata.ini
text
MD5: aa92aa301d5771a410e0c30f33b83eda
SHA256: 6cb69bcc979223b24d557ba78b79fb110c89e2d34f9634cc0cf1fccb78c816a0
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\AppData\Local\Temp\nstF8E9.tmp\modern-wizard.bmp
image
MD5: 4df53efcaa2c52f39618b2aad77bb552
SHA256: ee13539f3d66cc0592942ea1a4c35d8fd9af67b1a7f272d0d791931e6e9ce4eb
3968
putty.exe
C:\Users\admin\AppData\Local\PUTTY.RND
binary
MD5: 94d970730f20a9af763a120ba4998dac
SHA256: f80db621d5e55057fb58ea8bfb14412e5bc159c952b26996e6203ff3dde321c2
3492
PuTTYPortable_0.71_English.paf.exe
C:\Users\admin\AppData\Local\Temp\nstF8E9.tmp\modern-header.bmp
image
MD5: 8bd2fc53eda7b2acab282b23dae497c2
SHA256: 9ab6a194565dd66bc8c4872e8c670487303d4690c5fee33db41a591a6bbfce2d
3968
putty.exe
C:\Users\admin\AppData\Local\PUTTY.RND
binary
MD5: 95b9fa9b24ceec85b2090b5c5a7e5756
SHA256: 6e9f0e7d182d1bc787ab516b2064a17cd63721319ce84fe0f8366a12a5e9d5e9
3816
PuTTYPortable.exe
C:\Users\admin\AppData\Local\Temp\nseF70F.tmp
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
2
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
3968 putty.exe 8.8.8.8:22 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
dns.msftncsi.com 131.107.255.255
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.