putty.exe

PuTTY suite

Simon Tatham

This is a setup program which is used to install the application. The file has been seen being downloaded from putty.vi.softonic.com and multiple other hosts.
Publisher:
Simon Tatham

Product:
PuTTY suite

Description:
SSH, Telnet and Rlogin client

Version:
Release 0.66

MD5:
33c9d1e56152e212367e9c5b01671e45

SHA-1:
9ded3ce2ae09c37ca173bbd3dcb57258b72cdbd5

SHA-256:
b10922648f6ad71f3f20b9acdfacf9aeff706cad6c52737cdc426307ccfa51d9

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
2/21/2018 12:57:50 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Rozena-1123
0.98/21511

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.151213

Trend Micro House Call
HT_SWRORT_EK26000B.UVPM
7.2.349

File size:
512 KB (524,288 bytes)

Product version:
Release 0.66

Copyright:
Copyright © 1997-2015 Simon Tatham.

Original file name:
PuTTY

File type:
Executable application (Win32 EXE)

Language:
English (Wielka Brytania)

Common path:
C:\users\{user}\downloads\putty.exe

File PE Metadata
Compilation timestamp:
11/7/2015 11:17:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:ApoNd4D7aVwSn8nW+nGQZZcLYX4RXwWLJQ6LU:UoNde7aVT8WvQ3O+4NzLu6w

Entry address:
0x54EB0

Entry point:
6A, 60, 68, 70, 7B, 47, 00, E8, 08, 21, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, B8, FA, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, E0, D2, 45, 00, 8B, 4E, 10, 89, 0D, 48, E1, 47, 00, 8B, 46, 04, A3, 54, E1, 47, 00, 8B, 56, 08, 89, 15, 58, E1, 47, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 4C, E1, 47, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 4C, E1, 47, 00, C1, E0, 08, 03, C2, A3, 50, E1, 47, 00, 33, F6, 56, 8B, 3D, D8, D2, 45, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
368 KB (376,832 bytes)

The file putty.exe has been discovered within the following program.

www.unetlab.com
About 7% of users remove it
 
Powered by Should I Remove It?

The file putty.exe has been seen being distributed by the following 50 URLs.

https://putty.vi.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fnKKIo5-ilpQ=

https://putty.ro.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fnKGLp6Oil50=

http://putty.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6eMpqOimJk=

https://doc-0s-1g-docs.googleusercontent.com/docs/securesc/37cffipfujuirg3c9tfpca0u6o8jbos4/p75c6eqltgpvbi7q7uma12pc2kvo839d/1471881600000/13943705214177559638/.../0Bxm-19LdESA_WHZaSWxvNG9vR28?e=download

https://putty.it.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPemSpzydROONygDLMhXLMTlkesa85E2lr2EB4Yvr7k9U7hb30knJFkvy6FeVcQzHi0mMVSoQuvZcjWZ9TnPMybo7M8JXVELZ6KgbqSLktODZq4N4chzW/.../6AeA4=

http://putty.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmp-Mnp-imZg=

http://putty.ru.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6WPoaChlZw=

http://lb.cdn.m6web.fr/d/c/a/c0a4eccd9c6a67709e515e19ef570ac2/56a3b9a4/soft/.../putty_0-66_fr_10874.exe

ftp://10.231.34.106/.../putty.exe

http://putty.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6SKoKKnlJg=

http://putty.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6iKnqGllpo=

https://putty.softonic.com/.../trmsvRChbxdrflJq3ZIylWswuLEQ49FsUDAE5TMaBGzyH5CpHghDADZqEHluqVriSOmY6lMCYw7qrvh7vq5HiF6IJVMFgSdlrksMnUDeyYBLbAWA3g23 yLoSZfhNfS1qxzcAoHmEzDCqqF9tlN5CPA=

http://putty.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6WNoZ-hmJk=

http://putty.fr.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPemSpzydROONygDLMhXLMTlkesa85E2lr2EB4Yvr7k9U7hb30knJFkvy6FeVcQzHi0mMVSoQuvZcjWZ9TnPMybo7M8JXVELZ6KgbqSLktODZq4N4chzW/.../6AeA4=

http://zalacznik.wp.pl/0/.../putty.exe

http://putty.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaeIoZ-nk5k=

https://files.slack.com/files-pri/T0FLTT8LE-F335K2CRL/.../putty.exe

https://www.dropbox.com/sh/16emxkfq8xamdvk/.../putty.exe

http://putty.ko.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6eNpKOgkpw=

http://putty.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6WQnp6gmpU=

http://putty.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6eQpKCjkpQ=

http://putty.vi.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6iKpp-lmJc=

https://putty.softonic.pl/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPemSpzydROONygDLMhXLMTlkesa85E2lr2EB4Yvr7k9U7hb30knJFkvy6FeVcQzHi0mMVSoQuvZcjWZ9TnPMybo7M8JXVELZ6KgbqSLktODZq4N4chzW/.../6AeA4=

https://the.earth.li/~sgtatham/putty/latest/.../putty.exe

https://putty.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPemSpzydROONygDLMhXLMTlkesa85E2lr2EB4Yvr7k9U7hb30knJFkvy6FeVcQzHi0mMVSoQuvZcjWZ9TnPMybo7M8JXVELZ6KgbqSLktODZq4N4chzW/.../6AeA4=

http://putty.vi.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmqeHoaKlmJU=

https://putty.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPemSpzydROONygDLMhXLMTlkesa85E2lr2EB4Yvr7k9U7hb30knJFkvy6FeVcQzHi0mMVSoQuvZcjWZ9TnPMybo7M8JXVELZ6KgbqSLktODZq4N4chzW/.../6AeA4=

temp:putty (3).exe

http://203.34.37.37/.../putty.exe

http://putty.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm5-KoJyglpw=

Latest 30 of 82 download URLs

Scan putty.exe - Powered by Reason Core Security