home

putty.exe

Windows Internet Explorer

SpectorSoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable putty.exe, “Win32 Cabinet Self-Extractor ” has been detected as malware by 1 anti-virus scanner.
Publisher:
Microsoft Corporation  (signed by SpectorSoft Corporation)

Product:
Windows® Internet Explorer

Description:
Win32 Cabinet Self-Extractor

Version:
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

MD5:
72f5d1940ebc4e9decbca3fe7f206b16

SHA-1:
816ee3cbb8f98178c2f935abebb1d2d0c7933571

SHA-256:
583d37e61a6aefcc0cdbe85e04dc24b7573a237a8396cb63f6fc8614e68a7f9f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/25/2024 6:14:38 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Keylogger.SpectorSoft.SpectorSoftCorporation.Meta (L)
16.1.5.8

File size:
1.1 MB (1,195,920 bytes)

Product version:
9.00.8112.16421

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE .MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\spectorsoft\spector 360\putty.exe

Digital Signature
Signed by:
SpectorSoft Corporation

Authority:
VeriSign, Inc.

Valid from:
4/23/2013 8:00:00 PM

Valid to:
5/24/2015 7:59:59 PM

Subject:
CN=SpectorSoft Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SpectorSoft Corporation, L=Vero Beach, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
098B8BC74886B43A02979EC31D4F15A2

File PE Metadata
Compilation timestamp:
3/8/2011 7:46:37 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Jyjyk2X5A3qmlkh5TTyqTIk9RaiQZK1YGUN5bjx7h4Bk4+zYnzp:8OS3qmM5f5kkSQ1Y1XJKzp

Entry address:
0x6B42

Entry point:
E8, 5D, 07, 00, 00, E9, 4D, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, C4, C2, 00, 01, 75, 03, C2, 00, 00, E9, D9, 07, 00, 00, CC, CC, CC, CC, CC, FF, 25, 7C, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 78, 12, 00, 01, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, D0, 02, 00, 00, A1, C4, C2, 00, 01, 33, C5, 89, 45, FC, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC, FD, FF, FF, 66, 8C, 95, F8, FD, FF, FF, 66, 8C, 8D, EC, FD...
 
[+]

Entropy:
7.9418  (probably packed)

Code size:
43.5 KB (44,544 bytes)

Remove putty.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.