× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b8d559618fa00d3402238df29109447c6137c222436db4a76b69f93c85e97ec2
File name: pageant.exe
Detection ratio: 0 / 57
Analysis date: 2017-01-11 21:12:22 UTC ( 5 měsíců, 1 týden ago )
Antivirus Result Update
Ad-Aware 20170111
AegisLab 20170111
AhnLab-V3 20170111
Alibaba 20170111
ALYac 20170111
Antiy-AVL 20170111
Arcabit 20170111
Avast 20170111
AVG 20170111
Avira (no cloud) 20170111
AVware 20170111
Baidu 20170111
BitDefender 20170111
Bkav 20170111
CAT-QuickHeal 20170111
ClamAV 20170111
CMC 20170111
Comodo 20170111
CrowdStrike Falcon (ML) 20161024
Cyren 20170111
DrWeb 20170111
Emsisoft 20170111
ESET-NOD32 20170111
F-Prot 20170111
F-Secure 20170111
Fortinet 20170111
GData 20170111
Ikarus 20170111
Invincea 20170111
Jiangmin 20170111
K7AntiVirus 20170111
K7GW 20170111
Kaspersky 20170111
Kingsoft 20170111
Malwarebytes 20170111
McAfee 20170108
McAfee-GW-Edition 20170111
Microsoft 20170111
eScan 20170111
NANO-Antivirus 20170111
nProtect 20170111
Panda 20170111
Qihoo-360 20170111
Rising 20170111
Sophos 20170111
SUPERAntiSpyware 20170111
Symantec 20170111
Tencent 20170111
TheHacker 20170111
TrendMicro 20170111
TrendMicro-HouseCall 20170111
Trustlook 20170111
VBA32 20170110
VIPRE 20170111
ViRobot 20170111
WhiteArmor 20170111
Yandex 20170111
Zillya 20170111
Zoner 20170111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2016 Simon Tatham.

Product PuTTY suite
Original name Pageant
Internal name Pageant
File version Release 0.67 (file config 0.10)
Description PuTTY SSH authentication agent
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-05 23:00:12
Entry Point 0x0003CF80
Number of sections 6
PE sections
PE imports
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegOpenKeyA
RegCloseKey
CopySid
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetUserNameA
RegEnumKeyA
EqualSid
GetLengthSid
GetOpenFileNameA
GetSaveFileNameA
GetStockObject
GetStdHandle
HeapDestroy
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
OpenFileMappingA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
OutputDebugStringW
FindClose
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetFileSize
OpenProcess
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
FindFirstFileA
InterlockedIncrement
HeapValidate
CreateFileMappingA
FindNextFileA
IsValidLocale
ExpandEnvironmentStringsA
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
HeapCreate
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
HeapQueryInformation
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
UnmapViewOfFile
IsBadReadPtr
ShellExecuteA
Shell_NotifyIconA
GetMessageA
MessageBoxIndirectA
EndDialog
PostQuitMessage
DestroyMenu
RegisterWindowMessageA
DefWindowProcA
FindWindowA
MessageBeep
SetWindowPos
RemoveMenu
SendDlgItemMessageA
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetMenuDefaultItem
SetActiveWindow
InsertMenuItemA
GetCursorPos
CreatePopupMenu
DestroyIcon
ShowWindow
GetLastActivePopup
SendMessageA
CreateMenu
GetDlgItem
CreateDialogParamA
SetMenuDefaultItem
WinHelpA
RegisterClassA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetActiveWindow
GetMenuItemInfoA
GetDesktopWindow
GetMenuItemCount
SetForegroundWindow
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_ICON 8
RT_DIALOG 4
RT_MANIFEST 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 16
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.67.0.0

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x000b

CharacterSet
Unicode

InitializedDataSize
170496

EntryPoint
0x3cf80

OriginalFileName
Pageant

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997-2016 Simon Tatham.

FileVersion
Release 0.67 (file config 0.10)

TimeStamp
2016:11:06 00:00:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Pageant

ProductVersion
Release 0.67 (file config 0.10)

FileDescription
PuTTY SSH authentication agent

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Simon Tatham

CodeSize
579072

ProductName
PuTTY suite

ProductVersionNumber
0.67.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 db3b80053fb92ea0924ea44556f8f7d2
SHA1 3329bd145ada9c5c2025bfbcbae5f98b14dc3393
SHA256 b8d559618fa00d3402238df29109447c6137c222436db4a76b69f93c85e97ec2
ssdeep
12288:TjfnWvAysE0sxb6zaeSX8gWv7eikyO6h81e0pcL184Lji7:TrnWvwEmOek6eiTOs8Y2wji

authentihash d08872d7f54b1db5f5052e790730152ecb107de054861d6a1b9b0b018f7c4d12
imphash 118b5b166c2c81dafa6dea10fbb51aa4
File size 722.5 KB ( 739840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.8%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-05 23:06:14 UTC ( 7 měsíců, 2 týdny ago )
Last submission 2017-01-11 21:12:22 UTC ( 5 měsíců, 1 týden ago )
File names Pageant
pageant.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Searched windows
Runtime DLLs
UDP communications