putty.exe
First submission 2024-10-15 08:56:02
File details
| File type: | PE32+ executable (GUI) x86-64, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 2644.0 KB (2707456 bytes) |
| Compile time: | 2024-10-12 21:09:16 |
| MD5: | 386322603effeba8006724a8a9ba668d |
| SHA1: | 6ba7d7cc00b4e6f8c08d72416abac7e1588cd4fe |
| SHA256: | 873430325366da525d998e545a83ca84d1575a8a0f532958250a3e4e9ea818f1 |
| Import Hash : | f05c6f552e83fb4297e0ce9920a199b3 |
| Sections 6 | .text��� .rdata�� .data��� .pdata�� .rsrc��� .reloc�� |
| Directories 5 | import resource debug tls relocation |
File features detected
Signed
XOR
OSINT Enrichments
| Virus Total: | 28/76 VT report date: 2024-10-15 06:34:58 |
| Malware Type 1 | trojan |
| Threat Type 2 | lazy gamehack |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://46.41.138.23/putty.exe  |
46.41.138.23 |
2024-10-15 08:56:02 |
PE Sections 1 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x802af | 525312 | a803db5c15fc9482ebe830eaf4c8e2ce9a3ac5b7 | 1cb358248c82d39bb82ae01c454bcf1b | |
| .rdata�� | 0x82000 | 0x202e90 | 2109440 | 31f37dc2555822fd6aa37cb07ed0017916f86cea | c51ce1d26c8501219e38e6fd4814d198 | |
| .data��� | 0x285000 | 0xd200 | 50176 | 95045e1c90f257e436e4fcc1f811da17e8c7d75a | b682e8479c26809cee953580b512a567 | |
| .pdata�� | 0x293000 | 0x4ab8 | 19456 | 798a9fbfa84ae0801596a6d5491fc7bb0f6b7715 | 476302e5896e505aa2c7230541ddeb2c | |
| .rsrc��� | 0x298000 | 0x1e8 | 512 | fb95dba78e4347c62667f3e655508aec1568c3c9 | a5e84752a98fc42cdfb9f06244df31c5 | |
| .reloc�� | 0x299000 | 0x450 | 1536 | 1e27546a2d99c7c2b3363badf481d93009879121 | 5990e10cdfc737a4ea9eb3074d1ca13f |
PE Resources 1
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x298060 | 392 |
Packers detected 1
| Microsoft Visual C++ 8.0 (DLL) |
Anti debug functions 7
| GetLastError |
| IsDebuggerPresent |
| IsProcessorFeaturePresent |
| Process32FirstW |
| Process32NextW |
| TerminateProcess |
| UnhandledExceptionFilter |
Anti debug functions 1
| VMCheck.dll |
Strings analysis - File found
| Library |
| ADVAPI32.dll |
| dwmapi.dll |
| VCRUNTIME140_1.dll |
| xinput1_2.dll |
| USER32.dll |
| api-ms-win-crt-convert-l1-1-0.dll |
| xinput1_3.dll |
| KERNEL32.dll |
| d3d11.dll |
| vcruntime140.dll |
| api-ms-win-crt-filesystem-l1-1-0.dll |
| api-ms-win-crt-math-l1-1-0.dll |
| ntdll.dll |
| d3dx11_43.dll |
| xinput1_1.dll |
| api-ms-win-crt-utility-l1-1-0.dll |
| WINHTTP.dll |
| api-ms-win-crt-string-l1-1-0.dll |
| xinput9_1_0.dll |
| api-ms-win-crt-heap-l1-1-0.dll |
| api-ms-win-crt-stdio-l1-1-0.dll |
| IMM32.dll |
| ixinput1_4.dll |
| D3DCompiler_43.dll |
| api-ms-win-crt-runtime-l1-1-0.dll |
| msvcp140.dll |
| api-ms-win-crt-locale-l1-1-0.dll |
Import functions
MSVCP140.dll 37
api-ms-win-crt-convert-l1-1-0.dll 4
KERNEL32.dll 48
dwmapi.dll 1
ntdll.dll 3
api-ms-win-crt-locale-l1-1-0.dll 3
api-ms-win-crt-filesystem-l1-1-0.dll 2
api-ms-win-crt-math-l1-1-0.dll 9
api-ms-win-crt-utility-l1-1-0.dll 1
VCRUNTIME140.dll 13
USER32.dll 31
IMM32.dll 4
D3DCOMPILER_43.dll 1
api-ms-win-crt-string-l1-1-0.dll 4
VCRUNTIME140_1.dll 1
api-ms-win-crt-runtime-l1-1-0.dll 20
d3d11.dll 1
api-ms-win-crt-stdio-l1-1-0.dll 21
api-ms-win-crt-heap-l1-1-0.dll 4
d3dx11_43.dll 1
ADVAPI32.dll 10
WINHTTP.dll 8