screenpopup.exe

PuTTY suite

Simon Tatham

Publisher:
Simon Tatham

Product:
PuTTY suite

Description:
SSH, Telnet and Rlogin client

Version:
Release 0.66

MD5:
20fe51695c80b3c9dc5379d075a86c25

SHA-1:
444a11d34f34d89fb2c5f29fae3b99f8ef08174a

SHA-256:
1bd4e0e9844f22bebeb07585dd8b3a5eacd24b44eb1f22306871cb5a6cf1e325

Scanner detections:
6 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/28/2024 4:50:26 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
W32.W.Joleee
2.1.4+

Avira AntiVirus
ADWARE/NetFilter.A.199
8.3.3.2

Clam AntiVirus
Win.Trojan.Agent-962596
0.98/21511

K7 AntiVirus
Riskware
13.213.18719

Rising Antivirus
PE:Malware.RDM.03!5.9 [F]
23.00.65.16629

Zillya! Antivirus
Trojan.Agent.Win32.594871
2.0.0.2656

File size:
4.1 MB (4,259,840 bytes)

Product version:
Release 0.66

Copyright:
Copyright © 1997-2015 Simon Tatham.

Original file name:
PuTTY

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\screenpopup.exe

File PE Metadata
Compilation timestamp:
11/7/2015 5:17:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:46DOPAun/znsFOEXktV0ymrejmRIJnanmhfoDp8oe3FcR/3SUSmSpT:7OPjsFPktV0ymrIxDfoaoSG/3SUSxp

Entry address:
0x13A6

Entry point:
6A, 00, 6A, 01, 6A, 00, E8, 34, A5, 00, 00, 85, C0, 75, 08, 6A, FE, FF, 15, 00, 71, 21, 66, E8, B8, FC, FF, FF, 50, E8, 79, FC, FF, FF, CC, B8, 7B, 63, 21, 66, E8, 35, A9, 00, 00, 81, EC, B4, 00, 00, 00, 83, 65, F0, 00, 56, 57, 8B, F9, 8D, 8D, 40, FF, FF, FF, E8, 74, 19, 00, 00, FF, 75, 10, 33, F6, FF, 75, 0C, 46, 57, 8B, C8, 89, 75, FC, E8, B0, 21, 00, 00, 8B, 4D, 08, 50, E8, 07, 22, 00, 00, 8D, 8D, 40, FF, FF, FF, 89, 75, F0, C6, 45, FC, 00, E8, 45, 1E, 00, 00, 8B, 4D, F4, 8B, 45, 08, 5F, 5E, 64, 89, 0D...
 
[+]

Entropy:
6.9667

Code size:
87 KB (89,088 bytes)

The file screenpopup.exe has been seen being distributed by the following URL.

Scan screenpopup.exe - Powered by Reason Core Security