Gridinsoft Logo
File Icon

Putty.exe Trojan Downloader Analysis

Updated 8 months ago
Checked by Malware Check
putty.exe

Technical Analysis

File Name putty.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.198.174
Database Version 2024-12-03 22:00:46 UTC

Trojan.Win32.Downloader.oa!s1

Malware family: Downloader

Downloader Trojans specialize in retrieving and installing additional malware payloads. Unlike comprehensive malware, they focus specifically on payload delivery rather than direct system damage.
N/A
Detection Rate
755,064
File Size (bytes)
2024-12-03
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
2edd1c2d868d3bbcdf50c95f443a0e68
SHA1
e91920b2206019d28bfdf23f1d6b9cbedced16ea
SHA256
0600c5831fa7539326a3d6d57c7ec1627f722dbf0eae3298ee53a81256194a44
SHA512
46c2f58f9bf3439aa9290ad8bf68beb2f27e56f1dbcf4beefe755cfd88116e232b3d42fe78c9e57b3617625f761e15b9a8ff42a60370a3747a28047495e794a7
ImpHash
6a738bd3fb72365abdafa45492244be2

PE Analysis

Basic Information

Icon
Hash: bcac48e087f1dc6c5a808a84205bfc75
Fuzzy: 8f9d5ea21bf06396dd364157254ed6fb
dHash: c49081903c52b2b6
Image Base 0x00400000
Entry Point 0x0045c478
Compilation Time 2017-02-18 17:12:37
Checksum 0x000afceb (Actual: 0x000c7707)
OS Version 5.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 11 libraries
Exports 0 functions
Resources 20 Resources
Sections 5 Sections

Version Information

CompanyName Simon Tatham
ProductName PuTTY suite
FileDescription SSH, Telnet and Rlogin client
InternalName PuTTY
OriginalFilename PuTTY
FileVersion Release 0.68
ProductVersion Release 0.68
LegalCopyright Copyright © 1997-2017 Simon Tatham.
Translation 0x0809 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 501,788 bytes 502,272 bytes 6.67 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7BA90A06ABE077293F753D68E070054D
.rdata 0x0007c000 154,440 bytes 154,624 bytes 5.91 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4C3AA52501C9EE8BF4F53E91978AC72C
.data 0x000a2000 19,376 bytes 4,608 bytes 2.26 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 09C9711423B42233FC9B456164E2E48B
.rsrc 0x000a7000 11,960 bytes 12,288 bytes 3.93 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5E2377EF3E8474F9A4D7AF50D0DE2CE7
.reloc 0x000aa000 24,320 bytes 24,576 bytes 6.75 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ B7B2697B61CE342EEFD7490938F73F2C
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 20 (10,819 bytes)
Resource Type Count Total Size Percentage
RT_ICON 12 7,952 bytes
73.5%
RT_DIALOG 4 692 bytes
6.4%
RT_GROUP_ICON 2 180 bytes
1.7%
RT_VERSION 1 764 bytes
7.1%
RT_MANIFEST 1 1,231 bytes
11.4%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win32.Downloader.oa!s1 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.Downloader.oa!s1 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware