Gridinsoft Logo
File Icon

Putty.exe Trojan Heuristic Analysis

Updated 1 year ago
Checked by Malware Check
putty.exe

Technical Analysis

File Name putty.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.165.174
Database Version 2024-02-21 16:00:24 UTC

Trojan.Heur!.00012033

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
1,647,914
File Size (bytes)
2024-02-21
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
8713948f6a5d69c47b9d9e3d4f97514e
SHA1
96daedbbfa5a2f61ee09209f4b2570110f6ca0bd
SHA256
82879e3dd0c0958f2450d166e58164d6ca1dccfc25af755bd41773197f9aa152
SHA512
26e62653248dd1edecf70bcb323c9663d6073484d40c2edc9fa6815cba7d37a7683d4df055e1154fa2b3f03c6949735369c696b88c17e07ca6341c798365e5eb
ImpHash
69573714e11441683ea863c40a1c0d54

PE Analysis

Basic Information

Icon
Hash: bcac48e087f1dc6c5a808a84205bfc75
Fuzzy: 8f9d5ea21bf06396dd364157254ed6fb
dHash: c49081903c52b2b6
Image Base 0x140000000
Entry Point 0x1400b8814
Compilation Time 2022-10-28 17:25:37
Checksum 0x0019a844 (Actual: 0x0019aa46)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 8 libraries
GDI32, IMM32, ole32, USER32, KERNEL32, SHELL32, COMDLG32, ADVAPI32
Exports 0 functions
Resources 24 Resources
Sections 10 Sections

Version Information

CompanyName Simon Tatham
ProductName PuTTY suite
FileDescription SSH, Telnet, Rlogin, and SUPDUP client
InternalName PuTTY
OriginalFilename PuTTY
FileVersion Release 0.78 (with embedded help)
ProductVersion Release 0.78
LegalCopyright Copyright © 1997-2022 Simon Tatham.
Translation 0x0809 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 940,390 bytes 940,544 bytes 6.45 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 860F1DFCF6CD1B8B4554C720E9DABC33
.rdata 0x000e7000 262,076 bytes 262,144 bytes 5.49 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 228A69366BB3B0CA24B9BB33E23F209D
.data 0x00127000 21,916 bytes 4,096 bytes 2.10 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4552ECC4335E4E6C837F618D7665B75C
.pdata 0x0012d000 27,768 bytes 28,160 bytes 5.81 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ C26D83979F377EF59900BFE49426A79B
.00cfg 0x00134000 56 bytes 512 bytes 0.51 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 40F36A6B3AF5D5530C69BFDECF864B10
.gxfg 0x00135000 10,848 bytes 11,264 bytes 5.10 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ BA6AA0A7BDC8ED78DB6DEE460F93C19C
.tls 0x00138000 17 bytes 512 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE BF619EAC0CDF3F68D496EA9344137E8B
_RDATA 0x00139000 348 bytes 512 bytes 3.32 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 753E5628BF2DCB4275789C2FC7E2E79E
.rsrc 0x0013a000 368,472 bytes 368,640 bytes 7.82 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ DFBD22FCA67F9611B87DDDDD71534DF4
.reloc 0x00194000 7,848 bytes 8,192 bytes 5.39 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 88EAC11A0A4C1E5B663C8D97C226E5B9
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 24 (367,116 bytes)
Resource Type Count Total Size Percentage
RT_ICON 12 7,952 bytes
2.2%
RT_DIALOG 7 1,512 bytes
0.4%
RT_GROUP_ICON 2 180 bytes
0%
RT_VERSION 1 824 bytes
0.2%
RT_MANIFEST 1 1,369 bytes
0.4%
None 1 355,279 bytes
96.8%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.00012033 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.00012033 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware