putty.exe

PuTTY suite

Simon Tatham

The executable putty.exe, “SSH, Telnet and Rlogin client” has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from the.earth.li.
Publisher:
Simon Tatham

Product:
PuTTY suite

Description:
SSH, Telnet and Rlogin client

Version:
Release 0.66

MD5:
0a375e6fde43edf3752a4180e908d74a

SHA-1:
2924f975f6fdc61caa1ed92b4b2544f08d21b3ac

SHA-256:
3e8f88d2ae570d3d31e965048f1b4d952f1e4d3cc2cbb3cb6a2257ceab1d5ea0

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
8/20/2018 11:51:35 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:RmnDrp
160518-2

AVG
Win32/Ramnit.A
2015.0.4604

Dr.Web
Win32.Rmnet
9.0.1.05190

Emsisoft Anti-Malware
Win32.Ramnit
16.07.07

ESET NOD32
Win32/Ramnit.A virus
8.0.319.0

F-Prot
W32/Ramnit.B!Generic
4.6.5.141

Kaspersky
Virus.Win32.Nimnul
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.595.0

Norman
Win32.Ramnit
22.05.2016 07:18:28

File size:
572 KB (585,728 bytes)

Product version:
Release 0.66

Copyright:
Copyright © 1997-2015 Simon Tatham.

Original file name:
PuTTY

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\putty.exe

File PE Metadata
Compilation timestamp:
11/7/2015 8:17:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:VpoNd4D7aVwSn8nW+nGQZZcLYX4RXwWLJQ6LUejk5G:HoNde7aVT8WvQ3O+4NzLu6wej

Entry address:
0x84000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 32, 6F, 01, 20, 2B, 85, 50, 72, 01, 20, 89, 85, 4C, 72, 01, 20, B0, 00, 86, 85, 9E, 74, 01, 20, 3C, 01, 0F, 85, DE, 02, 00, 00, 8B, 85, 4C, 72, 01, 20, 2B, 85, 58, 72, 01, 20, 8B, 00, 89, 85, EA, 73, 01, 20, 8B, 85, 4C, 72, 01, 20, 2B, 85, 5C, 72, 01, 20, 8B, 00, 89, 85, F2, 73, 01, 20, 83, BD, F2, 73, 01, 20, 00, 0F, 84, A9, 02, 00, 00, 83, BD, EA, 73, 01, 20, 00, 0F, 84, 9C, 02, 00, 00, 8D, 85, 8D, 74, 01, 20, 50, FF, 95, EA, 73, 01, 20, 83, F8, 00, 0F, 84, 86...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
368 KB (376,832 bytes)

The file putty.exe has been seen being distributed by the following URL.

Remove putty.exe - Powered by Reason Core Security