popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

putty.exe

Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Feb. 20, 2025, 5:05 a.m. Feb. 20, 2025, 5:07 a.m.
Size 1.6MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 765bdc0f8bc0d77f7414e7a36ae45fd9
SHA256 aa8f8a3e268493157e62d93ab9cafb94573606fe43a80e63e3e4f2e5c9b22a5b
CRC32 FBE00836
ssdeep 49152:rKha/+cyVQ15lPzJkSnQOYnwOiYlBA7KVO3QTmdQQ:rPJNoBUKkemdJ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .00cfg
section .gxfg
section _RDATA
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2540
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
Zillya Trojan.Metla.Win32.1234
MaxSecure Trojan.Malware.73412758.susgen
section {u'size_of_data': u'0x0005ca00', u'virtual_address': u'0x0013e000', u'entropy': 7.84397686869606, u'name': u'.rsrc', u'virtual_size': u'0x0005c9c0'} entropy 7.8439768687 description A section with a high entropy has been found
entropy 0.229057187017 description Overall entropy of this PE file is high
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions