home

screenpopup.exe

PuTTY suite

Simon Tatham

Publisher:
Simon Tatham

Product:
PuTTY suite

Description:
SSH, Telnet and Rlogin client

Version:
Release 0.60

MD5:
dee17e434f1a200161cd1b5c0ca1c223

SHA-1:
3a33388a06ef7a2549e608d58fca62ea8587b93c

SHA-256:
e9c42af990b78dbc0d23eb9c89d4d8ed6853cc9343a519a5572d9101e17ba66e

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/15/2024 1:38:51 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Agent-840430
0.98/21511

Comodo Security
TrojWare.Win32.KadrBot.DZT
23536

File size:
2.9 MB (3,080,192 bytes)

Product version:
Release 0.60

Copyright:
Copyright © 1997-2007 Simon Tatham.

Original file name:
PuTTY

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\screenpopup.exe

File PE Metadata
Compilation timestamp:
4/29/2007 7:43:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:IQX2t99Ls2O91DBekP34yFIYIk8fzqRluAlg6FG9sns3hm9mg9uJBJpfG:92tHLsn9ZP42p87qFlg68mA0AwuJ7pu

Entry address:
0x13A6

Entry point:
6A, 00, 6A, 01, 6A, 00, E8, 14, A3, 00, 00, 85, C0, 75, 08, 6A, FE, FF, 15, 00, 71, 21, 66, E8, B8, FC, FF, FF, 50, E8, 79, FC, FF, FF, CC, B8, 5B, 61, 21, 66, E8, 15, A7, 00, 00, 81, EC, B4, 00, 00, 00, 83, 65, F0, 00, 56, 57, 8B, F9, 8D, 8D, 40, FF, FF, FF, E8, 74, 19, 00, 00, FF, 75, 10, 33, F6, FF, 75, 0C, 46, 57, 8B, C8, 89, 75, FC, E8, B0, 21, 00, 00, 8B, 4D, 08, 50, E8, 07, 22, 00, 00, 8D, 8D, 40, FF, FF, FF, 89, 75, F0, C6, 45, FC, 00, E8, 45, 1E, 00, 00, 8B, 4D, F4, 8B, 45, 08, 5F, 5E, 64, 89, 0D...
 
[+]

Entropy:
7.0300

Code size:
86 KB (88,064 bytes)

The file screenpopup.exe has been seen being distributed by the following URL.

http://gateway.myeasydialer.com/ScreenPopup.exe

Scan screenpopup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.