putty.exe

Win

The executable putty.exe has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from the.earth.li.
Publisher:
Microsoft*  (Invalid match)

Product:
Win

Version:
1.00

MD5:
caa7ef51c412662f8d496a334afe4b24

SHA-1:
085aeaba0086f6320f69b1ed4d5e811a68ac766f

SHA-256:
82ac12acb672818f26b4fa5c03e9113f34b649732ebf6cec10e2035ede6c808f

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/27/2024 3:47:48 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:VB-OJQ [Wrm]
160518-2

Dr.Web
Trojan.Siggen6.54687
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.6753864
11.5.0.6191

ESET NOD32
Win32/VB.OSK trojan
7.0.302.0

F-Prot
W32/VB.AD.gen
4.6.5.141

Kaspersky
Trojan.Win32.Swisyn
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.1840.0

Norman
Trojan.Generic.6753864
28.05.2016 13:03:37

File size:
725.8 KB (743,212 bytes)

Product version:
1.00

Original file name:
Win.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\putty.exe

File PE Metadata
Compilation timestamp:
6/15/2011 2:01:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:zENN+T5xYrllrU7QY60Ff6eiet+e/tvVamNW9ALZ67kUMpaAZ3t3P9e6haW:Z5xolYQY6ef6eiU+e/t49AdU80At9PcS

Entry address:
0x3670

Entry point:
68, D4, 3E, 40, 00, E8, F0, FF, FF, FF, 00, 00, 40, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 91, 83, A8, 05, 80, 67, 13, 47, B1, 52, 93, 58, 73, 8B, 90, 04, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 40, 00, F4, A8, F6, 00, 57, 69, 6E, 00, 00, 00, 00, 00, 00, A5, F6, 00, 19, 00, 00, 00, 00, 00, 00, 00, 88, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 07, 00, 00, 00, 85, 4E, F1, 7E, B1, 9C, 9A, 4B, 98, C2, C9, F7, 1A, 70, A9, 38, 01, 00, 00, 00, 98, 00, 00, 00, A8, 00, 00, 00, 01, 00, 00, 00...
 
[+]

Entropy:
6.6198

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
172 KB (176,128 bytes)

The file putty.exe has been seen being distributed by the following URL.

Remove putty.exe - Powered by Reason Core Security