× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3b3dcd9da31a9c6a64fcbdcc8e5c865fac1c630ab55e7c926dfeb96f62f6d719
File name: Plink
Detection ratio: 0 / 57
Analysis date: 2016-12-06 11:19:15 UTC ( 3 měsíce, 2 týdny ago )
Antivirus Result Update
Ad-Aware 20161206
AegisLab 20161206
AhnLab-V3 20161206
Alibaba 20161206
ALYac 20161206
Antiy-AVL 20161206
Arcabit 20161206
Avast 20161206
AVG 20161206
Avira (no cloud) 20161206
AVware 20161206
Baidu 20161206
BitDefender 20161206
Bkav 20161206
CAT-QuickHeal 20161206
ClamAV 20161206
CMC 20161206
Comodo 20161205
CrowdStrike Falcon (ML) 20161024
Cyren 20161206
DrWeb 20161206
Emsisoft 20161206
ESET-NOD32 20161206
F-Prot 20161206
F-Secure 20161206
Fortinet 20161206
GData 20161206
Ikarus 20161206
Invincea 20161202
Jiangmin 20161206
K7AntiVirus 20161206
K7GW 20161206
Kaspersky 20161206
Kingsoft 20161206
Malwarebytes 20161206
McAfee 20161205
McAfee-GW-Edition 20161206
Microsoft 20161206
eScan 20161206
NANO-Antivirus 20161206
nProtect 20161206
Panda 20161206
Qihoo-360 20161206
Rising 20161206
Sophos 20161206
SUPERAntiSpyware 20161206
Symantec 20161206
Tencent 20161206
TheHacker 20161130
TotalDefense 20161206
TrendMicro 20161206
TrendMicro-HouseCall 20161206
Trustlook 20161206
VBA32 20161206
VIPRE 20161206
ViRobot 20161206
WhiteArmor 20161125
Yandex 20161206
Zillya 20161205
Zoner 20161206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2016 Simon Tatham.

Product PuTTY suite
Original name Plink
Internal name Plink
File version Release 0.67 (file config 0.10)
Description Command-line SSH, Telnet, and Rlogin client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-05 22:36:37
Entry Point 0x00094A20
Number of sections 6
PE sections
PE imports
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegOpenKeyA
RegCloseKey
RegSetValueExA
CopySid
RegQueryValueExA
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetUserNameA
RegDeleteKeyA
RegEnumKeyA
EqualSid
GetLengthSid
RegDeleteValueA
GetStdHandle
ReleaseMutex
GetOverlappedResult
WaitForSingleObject
HeapDestroy
EncodePointer
GetLocalTime
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetHandleCount
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
ConnectNamedPipe
GetEnvironmentVariableA
OutputDebugStringW
FindClose
InterlockedDecrement
FormatMessageA
OutputDebugStringA
IsBadReadPtr
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
CreateMutexA
CreateThread
DeleteCriticalSection
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
SetHandleInformation
SetEnvironmentVariableA
GlobalMemoryStatus
GetCommState
SetEndOfFile
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetCommBreak
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetDateFormatA
DecodePointer
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GetCPInfo
GetUserDefaultLCID
GetProcessHeap
CompareStringW
FreeEnvironmentStringsW
FindFirstFileA
WaitNamedPipeA
InterlockedIncrement
HeapValidate
GetTimeFormatA
CreateFileMappingA
FindNextFileA
IsValidLocale
HeapCreate
ExpandEnvironmentStringsA
SetCommTimeouts
GetTimeZoneInformation
SetCommState
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
UnmapViewOfFile
lstrlenA
GetConsoleCP
GetProcessTimes
GetEnvironmentStringsW
VirtualQuery
CreateNamedPipeA
GetCurrentProcessId
HeapQueryInformation
GetCurrentDirectoryA
ClearCommBreak
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetSystemTimeAdjustment
CreateProcessA
IsValidCodePage
SetConsoleMode
TerminateProcess
GetOEMCP
GetCursorPos
GetCapture
GetForegroundWindow
GetClipboardOwner
GetActiveWindow
GetLastActivePopup
SendMessageA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
GetQueueStatus
FindWindowA
PostThreadMessageA
Number of PE resources by type
RT_ICON 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH UK 8
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.67.0.0

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x000b

CharacterSet
Unicode

InitializedDataSize
268800

EntryPoint
0x94a20

OriginalFileName
Plink

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997-2016 Simon Tatham.

FileVersion
Release 0.67 (file config 0.10)

TimeStamp
2016:11:05 23:36:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Plink

ProductVersion
Release 0.67 (file config 0.10)

FileDescription
Command-line SSH, Telnet, and Rlogin client

OSVersion
5.1

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Simon Tatham

CodeSize
960000

ProductName
PuTTY suite

ProductVersionNumber
0.67.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7e098b75e9594ed19d2e79365ba17ab1
SHA1 88b05c0044a8932f2bacfbeb04820cf0cea234c5
SHA256 3b3dcd9da31a9c6a64fcbdcc8e5c865fac1c630ab55e7c926dfeb96f62f6d719
ssdeep
12288:XJW6QERbVid70ASSeTCE5DQO0nRObAgVPRQzQa54gH+zAGms7by25SkvWxUrsyZV:XSERu0ASSxE5DEn6GzNomSyUvyyZXSm

authentihash 601478572940129a96b29a67f0d09166383e2fce0f916e04c1d4ed8f381a2909
imphash 5ef80d867b8a79a94c18340b5cdf443c
File size 1.2 MB ( 1212928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID InstallShield setup (36.8%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-05 22:37:18 UTC ( 4 měsíce, 2 týdny ago )
Last submission 2016-11-05 22:37:18 UTC ( 4 měsíce, 2 týdny ago )
File names plink.exe
Plink
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
UDP communications