PuTTY_Portable_0.60_Rev_3.paf.exe

PuTTY Portable

Rare Ideas, LLC

This is a portable setup version of the software. The portable version is a open source and free platform that has been modified so that a full setup/installation is not required. This is typically downloaded through the portableapps.com website. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from downloads.sourceforge.net and multiple other hosts.
Publisher:
PortableApps.com  (signed by Rare Ideas, LLC)

Product:
PuTTY Portable

Version:
0.60.0.2

MD5:
5b09e8a017a35dd9ed17557242f4d8f7

SHA-1:
cf092a40ddf8466ce386993d7b592c112ef4ff15

SHA-256:
d4d92fb1f38708e91bbd275baf79a490b5d25aaddc2e395f0767b946ea0fc065

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/25/2024 12:40:13 PM UTC  (today)

Scan engine
Detection
Engine version

Zillya! Antivirus
Backdoor.Bifrose.Win32.79639
2.0.0.1770

File size:
870.9 KB (891,760 bytes)

Product version:
0.60.0.2

Copyright:
PortableApps.com and contributors

Trademarks:
PortableApps.com is a Trademark of Rare Ideas, LLC.

Original file name:
PuTTY_Portable_0.60_Rev_3.paf.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\putty_portable_0.60_rev_3.paf.exe

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
9/26/2007 8:00:00 PM

Valid to:
9/26/2008 7:59:59 PM

Subject:
CN="Rare Ideas, LLC", O="Rare Ideas, LLC", STREET=PO Box 227, L=Astoria, S=NY, PostalCode=10009, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
18CACC0CAAEC5064AD4630D781603D8A

File PE Metadata
Compilation timestamp:
2/8/2008 4:25:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:xf3ByvOIS8W8TnsqyUU/DxW70kycUbRgLq:xJbXUbDyUUdWSaG

Entry address:
0x3225

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 28, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, F9, 2A, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 50, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B0, 91, 40, 00, 68, A0, 36, 42, 00, E8, B0, 27, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 9E, 27, 00, 00...
 
[+]

Entropy:
7.9563

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file PuTTY_Portable_0.60_Rev_3.paf.exe has been seen being distributed by the following 5 URLs.

Scan PuTTY_Portable_0.60_Rev_3.paf.exe - Powered by Reason Core Security