» kitty_nocompress.exe
Overview
Analysis
File Details
Downloads (1)

kitty_nocompress.exe

PuTTY suite

Simon Tatham

The executable kitty_nocompress.exe, “SSH, Telnet and Rlogin client” has been detected as malware by 35 anti-virus scanners. The file has been seen being downloaded from www.9bis.net.

File name:

Publisher:

Simon Tatham

Product:

PuTTY suite

Description:

SSH, Telnet and Rlogin client

Version:

Release 1.0

MD5:

dcda866cf3e56c89d1d5e9fabba666fc

SHA-1:

79ec09f00318264030e82a230f0e2d1ffa600aa1

SHA-256:

3c9b00256b5f4a8635e85603a7feb3a4e9919830d88c322a5b2c9a86292664cc

Scanner detections:

35 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 10:29:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Virtob.Gen.12

968

Agnitum Outpost

Win32.Virut.AB.Gen

7.1.1

AhnLab V3 Security

Win32/Virut.E

2014.06.13

Avira AntiVirus

W32/Virut.Gen

7.11.30.172

avast!

Win32:Scribble

140611-0

AVG

Win32/Virut

2014.0.3955

Baidu Antivirus

Virus.Win32.Virut.$ce

4.0.3.14612

Bitdefender

Win32.Virtob.Gen.12

1.0.20.815

Bkav FE

W32.Vetor.PE

1.3.0.4959

Comodo Security

Virus.Win32.Virut.CE

18523

Dr.Web

Win32.Virut.56

9.0.1.05190

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

8.14.06.12.08

ESET NOD32

Win32/Virut.NBP virus

7.0.302.0

Fortinet FortiGate

W32/Virut.CE

6/12/2014

F-Prot

W32/Virut.E.gen

4.6.5.141

F-Secure

Win32.Virtob.Gen.12

11.2014-12-06_5

G Data

Win32.Virtob.Gen.12

14.6.24

IKARUS anti.virus

Virus.Win32.Virut

t3scan.1.6.1.0

K7 AntiVirus

Virus

13.1712374

Kaspersky

Virus.Win32.Virut

15.0.0.463

McAfee

W32/Virut.n.gen

5600.7102

Microsoft Security Essentials

Threat.Undefined

1.175.1935.0

MicroWorld eScan

Win32.Virtob.Gen.12

15.0.0.489

NANO AntiVirus

Virus.Win32.Virut.hpeg

0.28.0.60253

Norman

Virut.HL

11.20140612

nProtect

Virus/W32.Virut.Gen

14.06.11.01

Panda Antivirus

W32/Sality.AO

14.06.12.08

Quick Heal

W32.Virut.G

6.14.14.00

Rising Antivirus

PE:Win32.Virut.ed!1609883

23.00.65.14610

Sophos

W32/Scribble-B

4.98

Total Defense

Win32/Virut.17408

37.0.10994

Vba32 AntiVirus

Virus.Virut.14

3.12.26.0

VIPRE Antivirus

Threat.410756

29708

ViRobot

Win32.Virut.AL

2011.4.7.4223

Zillya! Antivirus

Virus.Virut.Win32.1939

2.0.0.1821

File size:

1.2 MB (1,302,016 bytes)

Product version:

Release 1.0

Original file name:

PuTTY

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\downloads\kitty_nocompress.exe

File PE Metadata

Compilation timestamp:

11/25/2001 12:52:37 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

24576:qwgeEc4ZKI9QB2qqUul+OA6O82BGhSRQ3mXx6g1TlglFx2Q8PyZIZxr9TiUCXI6I:pEc4ZKwFqqUul+OA6O82BMOQ3mXx6OTD

Entry address:

0x1110

Entry point:

55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, FF, 15, A8, 0C, 52, 00, E8, F8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 83, EC, 18, C7, 04, 24, 01, 00, 00, 00, FF, 15, A8, 0C, 52, 00, E8, D8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 53, 83, EC, 14, 8B, 45, 08, 8B, 00, 8B, 00, 3D, 91, 00, 00, C0, 77, 3B, 3D, 8D, 00, 00, C0, 72, 4B, BB, 01, 00, 00, 00, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 08, 00, 00, 00, E8, 93, BB, 0B, 00, 83, F8, 01, 0F, 84, FF, 00, 00, 00, 85, C0... 
[+]

Entropy:

6.2421

Code size:

753 KB (771,072 bytes)

The file kitty_nocompress.exe has been seen being distributed by the following URL.

http://www.9bis.net/.../?file=kitty_nocompress.exe&PHPSESSID=75cc2737fb6f018e4b4969f7af1547cf

Remove kitty_nocompress.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.