ssh-keyscan.exe

File Path: C:\WINDOWS\system32\OpenSSH\ssh-keyscan.exe

Hashes

Type	Hash
MD5	`5B511BD11B76AD1625D71FC29FD19DDC`
SHA1	`7252B25207D083812203C8B00AB4C623E37A6F63`
SHA256	`E1667A342DB1FC0DB44D6F85F4C51FF66F88ABCE3A284E2AB7E1192AD4BAD917`
SHA384	`E5450C9BBC8DB7871F4695D9869C17528BF316133B4FA8359127A258314A9FD8D6406276FB499C9589E86FDC48B99C5A`
SHA512	`2292513EE616404F098B1216BE01FBD9298C0C1790B6C2F46DA64390F5CC6363C14480A8E77422D8C841C525485180FB9766A2B9C757ACEBB6DE7531249F511F`
SSDEEP	`6144:pCQYoUvES8zncmaAKwtBWkla/f2bR2przpmaDb2O7fcCnDtmaTBF7z7jaH++:XXUcIdAFtEkY/mgFzRoaT37zL+`
IMP	`4A0F801AC222681F5D8400903EE8A39D`
PESHA1	`9C02EF9DE18E75379D28EE535D3B6B30F86428FE`
PE256	`1C74E7A67198CCAED15A9A806FB44AF241FC084342C87A8E2AC31D55AFBD24BC`

Runtime Data

Usage (stderr):

unknown option -- h
usage: ssh-keyscan [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]
		   [host | addrlist namelist]

Child Processes:

conhost.exe

Open Handles:

Path	Type
(RW-) C:\Windows\System32	File
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db	Section
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db	Section
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*cversions.2.ro	Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0	Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0	Section

Loaded Modules:

Path
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\system32\OpenSSH\ssh-keyscan.exe

Signature

Status: Signature verified.
Serial: 33000002ED2C45E4C145CF48440000000002ED
Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename:
Product Name: OpenSSH for Windows
Company Name:
File Version: 8.1.0.1
Product Version: OpenSSH_8.1p1 for Windows
Language: English (United States)
Legal Copyright:
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/71
VirusTotal Link: https://www.virustotal.com/gui/file/e1667a342db1fc0db44d6f85f4c51ff66f88abce3a284e2ab7e1192ad4bad917/detection

File Similarity (ssdeep match)

File	Score
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.3\resources\app\git\usr\bin\ssh-add.exe	32
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.3\resources\app\git\usr\bin\ssh-agent.exe	35
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.4\resources\app\git\usr\bin\ssh-add.exe	35
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.4\resources\app\git\usr\bin\ssh-agent.exe	32
C:\Windows\system32\OpenSSH\ssh-add.exe	33
C:\Windows\system32\OpenSSH\ssh-add.exe	30
C:\WINDOWS\system32\OpenSSH\ssh-add.exe	33
C:\Windows\system32\OpenSSH\ssh-agent.exe	36
C:\Windows\system32\OpenSSH\ssh-agent.exe	35
C:\WINDOWS\system32\OpenSSH\ssh-agent.exe	36
C:\Windows\system32\OpenSSH\ssh-keygen.exe	25
C:\Windows\system32\OpenSSH\ssh-keyscan.exe	36
C:\Windows\system32\OpenSSH\ssh-keyscan.exe	97

Possible Misuse

The following table contains possible examples of ssh-keyscan.exe being misused. While ssh-keyscan.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
malware-ioc	sshdoor	`\\|`c4070d1ad35070c8df2914bf56ad554e18af4961 `\\|ssh-keyscan \\|"/usr/share/man/man0/.cache" \\|176.9.47.34:28739 \\|N/A`	© ESET 2014-2018
malware-ioc	sshdoor.yar	`description = "Signature to match the clean (or not) OpenSSH keyscan (ssh-keyscan)"`	© ESET 2014-2018