File name: | PuTTYPortable_0.71_English.paf.exe |
Full analysis: | https://app.any.run/tasks/5e0b3603-f1c5-421e-a84b-ab2f7c8528ae |
Verdict: | Malicious activity |
Analysis date: | July 18, 2019, 07:03:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
MD5: | 6553B192B4DA2E82412E4C673D3AC7A8 |
SHA1: | 70C9E19087124791C94ABA68667A3EE0B051B749 |
SHA256: | 2EADBFEF4892A91E7436F60A2E944A5FD2843C22C47F60A26BD4B180A8300068 |
SSDEEP: | 24576:sw9DyHnYK3EeXxcp417eNdG5sA7GQsRVJ4/Maj3YqYyUhVun:19XqcKUNCeQsHi/3jYAn |
.exe | | | Win32 Executable MS Visual C++ (generic) (67.4) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (14.2) |
.exe | | | Win32 Executable (generic) (9.7) |
.exe | | | Generic Win/DOS Executable (4.3) |
.exe | | | DOS Executable Generic (4.3) |
ProductVersion: | 0.71.0.0 |
---|---|
ProductName: | PuTTY Portable |
PortableAppscomInstallerVersion: | 3.5.11.0 |
PortableAppscomFormatVersion: | 3.5.11 |
PortableAppscomAppID: | PuTTYPortable |
OriginalFileName: | PuTTYPortable_0.71_English.paf.exe |
LegalTrademarks: | PortableApps.com is a registered trademark of Rare Ideas, LLC. |
LegalCopyright: | 2007-2017 PortableApps.com, PortableApps.com Installer 3.5.11.0 |
InternalName: | PuTTY Portable |
FileVersion: | 0.71.0.0 |
FileDescription: | PuTTY Portable |
CompanyName: | PortableApps.com |
Comments: | For additional details, visit PortableApps.com |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x0000 |
ProductVersionNumber: | 0.71.0.0 |
FileVersionNumber: | 0.71.0.0 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | 6 |
OSVersion: | 4 |
EntryPoint: | 0x34a5 |
UninitializedDataSize: | 16384 |
InitializedDataSize: | 428544 |
CodeSize: | 26112 |
LinkerVersion: | 6 |
PEType: | PE32 |
TimeStamp: | 2018:01:30 04:58:43+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 30-Jan-2018 03:58:43 |
Detected languages: |
|
Comments: | For additional details, visit PortableApps.com |
CompanyName: | PortableApps.com |
FileDescription: | PuTTY Portable |
FileVersion: | 0.71.0.0 |
InternalName: | PuTTY Portable |
LegalCopyright: | 2007-2017 PortableApps.com, PortableApps.com Installer 3.5.11.0 |
LegalTrademarks: | PortableApps.com is a registered trademark of Rare Ideas, LLC. |
OriginalFilename: | PuTTYPortable_0.71_English.paf.exe |
PortableApps.comAppID: | PuTTYPortable |
PortableApps.comFormatVersion: | 3.5.11 |
PortableApps.comInstallerVersion: | 3.5.11.0 |
ProductName: | PuTTY Portable |
ProductVersion: | 0.71.0.0 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000D8 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 30-Jan-2018 03:58:43 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00006409 | 0x00006600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.40783 |
.rdata | 0x00008000 | 0x0000138E | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.14383 |
.data | 0x0000A000 | 0x00066358 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.00056 |
.ndata | 0x00071000 | 0x00158000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x001C9000 | 0x00019968 | 0x00019A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.53231 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.28639 | 1249 | UNKNOWN | English - United States | RT_MANIFEST |
2 | 5.1717 | 9640 | UNKNOWN | English - United States | RT_ICON |
3 | 5.50995 | 4264 | UNKNOWN | English - United States | RT_ICON |
4 | 5.70014 | 3752 | UNKNOWN | English - United States | RT_ICON |
5 | 5.6488 | 2440 | UNKNOWN | English - United States | RT_ICON |
6 | 6.01856 | 2216 | UNKNOWN | English - United States | RT_ICON |
7 | 5.66656 | 1384 | UNKNOWN | English - United States | RT_ICON |
8 | 5.83657 | 1128 | UNKNOWN | English - United States | RT_ICON |
103 | 2.80233 | 118 | UNKNOWN | English - United States | RT_GROUP_ICON |
105 | 2.68372 | 512 | UNKNOWN | English - United States | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.dll |
GDI32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3492 | "C:\Users\admin\AppData\Local\Temp\PuTTYPortable_0.71_English.paf.exe" | C:\Users\admin\AppData\Local\Temp\PuTTYPortable_0.71_English.paf.exe | explorer.exe | |
User: admin Company: PortableApps.com Integrity Level: MEDIUM Description: PuTTY Portable Exit code: 0 Version: 0.71.0.0 | ||||
3816 | "C:\Users\admin\PuTTYPortable\PuTTYPortable.exe" | C:\Users\admin\PuTTYPortable\PuTTYPortable.exe | PuTTYPortable_0.71_English.paf.exe | |
User: admin Company: PortableApps.com Integrity Level: MEDIUM Description: PuTTY Portable (PortableApps.com Launcher) Exit code: 0 Version: 2.2.1.0 | ||||
3968 | "C:\Users\admin\PuTTYPortable\App\putty\putty.exe" | C:\Users\admin\PuTTYPortable\App\putty\putty.exe | PuTTYPortable.exe | |
User: admin Company: Simon Tatham Integrity Level: MEDIUM Description: SSH, Telnet and Rlogin client Exit code: 0 Version: Release 0.71 (with embedded help) |
(PID) Process: | (3492) PuTTYPortable_0.71_English.paf.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3492) PuTTYPortable_0.71_English.paf.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer |
Operation: | write | Name: | Browse For Folder Width |
Value: 318 | |||
(PID) Process: | (3492) PuTTYPortable_0.71_English.paf.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer |
Operation: | write | Name: | Browse For Folder Height |
Value: 288 | |||
(PID) Process: | (3816) PuTTYPortable.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (3816) PuTTYPortable.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3492 | PuTTYPortable_0.71_English.paf.exe | C:\Users\admin\PuTTYPortable\App\putty\PLINK.EXE | executable | |
MD5:19B22229D4A6B52DADEC9BFCF5C13733 | SHA256:A5864A5B457D9E98331E81D72F05631598EF766E6F78CF223D68C4B7A4EA02D8 | |||
3492 | PuTTYPortable_0.71_English.paf.exe | C:\Users\admin\PuTTYPortable\App\AppInfo\pac_installer_log.ini | text | |
MD5:ACBF6A4418258924AB9B3996336C5B23 | SHA256:5962F492BD0B7BA959DC8DEFE178B4376B2E4362001CA57323265D85920C2030 | |||
3492 | PuTTYPortable_0.71_English.paf.exe | C:\Users\admin\PuTTYPortable\help.html | html | |
MD5:8A4CA8A71DCA5D9DA9248ACD12655FD8 | SHA256:8BFB3F5D0ECD5A774B90107536B6EE453C3DE84E804C526D2398620A773CCEF1 | |||
3492 | PuTTYPortable_0.71_English.paf.exe | C:\Users\admin\PuTTYPortable\App\AppInfo\appinfo.ini | text | |
MD5:8B95D2FD821B66532B8B7095B2ED8219 | SHA256:2AF88EC49ACC00DB5171AF12858A7D4CD5EC0C18C9DCA8D5D065383611957046 | |||
3492 | PuTTYPortable_0.71_English.paf.exe | C:\Users\admin\PuTTYPortable\PuTTYPortable.exe | executable | |
MD5:2320ED37A4C9084E4555C13D4B887DC9 | SHA256:AEEBA49851FAD4E95C0BBEF978EA6028E624C79811692D7D8DF0D1D89FA31C92 | |||
3492 | PuTTYPortable_0.71_English.paf.exe | C:\Users\admin\PuTTYPortable\App\putty\PAGEANT.EXE | executable | |
MD5:27D5A49C4D07D9DAFB15A2737D548E34 | SHA256:FDA607512BB00EFE4382981D9F0CC82A8D3C6A9BDE06884A34DE30E1A1D8DCD6 | |||
3492 | PuTTYPortable_0.71_English.paf.exe | C:\Users\admin\PuTTYPortable\App\ReadMe.txt | text | |
MD5:93BD6C7A592CB7D0EA410B6ACEBB9383 | SHA256:C92DE2023C70E07B7DEFC901A2D18C8E646FF39B3428AE0A937030F83249686D | |||
3492 | PuTTYPortable_0.71_English.paf.exe | C:\Users\admin\AppData\Local\Temp\nstF8E9.tmp\w7tbp.dll | executable | |
MD5:9A3031CC4CEF0DBA236A28EECDF0AFB5 | SHA256:53BB519E3293164947AC7CBD7E612F637D77A7B863E3534BA1A7E39B350D3C00 | |||
3492 | PuTTYPortable_0.71_English.paf.exe | C:\Users\admin\PuTTYPortable\App\AppInfo\appicon_16.png | image | |
MD5:77ACA5FAA13DDB0C23983443ED91E072 | SHA256:3838F62CA15C88A148532ADFF1A376756338DE0A77E9B70CEC04F95D8DBC82D4 | |||
3492 | PuTTYPortable_0.71_English.paf.exe | C:\Users\admin\PuTTYPortable\App\AppInfo\appicon.ico | image | |
MD5:10F94954AF528FFEA75B62808232DA2F | SHA256:E4B1554ED61918830AE8A1913D6B803EBF898D2D91875892CDE147290F2A2EFC |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3968 | putty.exe | 8.8.8.8:22 | — | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
dns.msftncsi.com |
| shared |