× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 793d7b2d776394fd79b21b9b196159056a36b5fbd88e04e3f099dc3a43cdb275
File name: 7eef6ece33adaf23422ff9573b15c17e
Detection ratio: 23 / 69
Analysis date: 2018-10-04 13:52:12 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Injector.gsigh 20181004
BitDefender Trojan.GenericKD.40561421 20181004
Cybereason malicious.890fe9 20180225
Cylance Unsafe 20181004
DrWeb Trojan.Siggen7.57425 20181004
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.EATS 20181004
Fortinet W32/Injector.DOUH!tr 20181004
GData Win32.Trojan-Stealer.LokiBot.JM34XM 20181004
Ikarus Trojan-Spy.Agent 20181004
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20181004
Malwarebytes Trojan.PasswordStealer.SMY 20181004
McAfee Artemis!7EEF6ECE33AD 20181004
McAfee-GW-Edition Trojan-FNTX!CD26E765ACE5 20181004
Microsoft Trojan:Win32/Fuery.B!cl 20181004
NANO-Antivirus Trojan.Win32.TrjGen.fiorne 20181004
Palo Alto Networks (Known Signatures) generic.ml 20181004
Panda Trj/GdSda.A 20181004
Rising Malware.Heuristic!ET#80% (RDM+:cmRtazr8w6timz1c/j3h1yPK5rpV) 20181004
Symantec ML.Attribute.HighConfidence 20181004
TrendMicro-HouseCall TROJ_GEN.R020H06J418 20181004
VBA32 Malware-Cryptor.Inject.gen 20181004
Ad-Aware 20181004
AegisLab 20181004
AhnLab-V3 20181004
Alibaba 20180921
ALYac 20181004
Antiy-AVL 20181004
Arcabit 20181004
Avast 20181004
Avast-Mobile 20181004
AVG 20181004
AVware 20180925
Babable 20180918
Baidu 20180930
Bkav 20181003
CAT-QuickHeal 20181004
ClamAV 20181004
CMC 20181004
Comodo 20181004
CrowdStrike Falcon (ML) 20180723
Cyren 20181004
eGambit 20181004
Emsisoft 20181004
F-Prot 20181004
F-Secure 20181004
Jiangmin 20181004
K7AntiVirus 20181003
K7GW 20181003
Kingsoft 20181004
MAX 20181004
eScan 20181004
Qihoo-360 20181004
SentinelOne (Static ML) 20180926
Sophos AV 20181004
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181004
Tencent 20181004
TheHacker 20181001
TotalDefense 20181004
TrendMicro 20181004
Trustlook 20181004
VIPRE 20181004
ViRobot 20181004
Webroot 20181004
Yandex 20180927
Zillya 20181003
ZoneAlarm by Check Point 20180925
Zoner 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2016 philandro Software GmbH

Product AnyDesk
File version 3.2.4.0
Description AnyDesk
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000C3690
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
VariantCopy
ShellExecuteA
SHGetFolderPathA
VerQueryValueA
Number of PE resources by type
RT_RCDATA 25
RT_STRING 17
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 45
RUSSIAN 22
ARABIC EGYPT 4
GERMAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
425984

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.4.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
AnyDesk

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
20480

EntryPoint
0xc3690

MIMEType
application/octet-stream

LegalCopyright
(C) 2016 philandro Software GmbH

FileVersion
3.2.4.0

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
philandro Software GmbH

CodeSize
372736

ProductName
AnyDesk

ProductVersionNumber
0.0.0.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7eef6ece33adaf23422ff9573b15c17e
SHA1 d1f4118890fe98fe4dd7c9bd56ddcacefca6e22c
SHA256 793d7b2d776394fd79b21b9b196159056a36b5fbd88e04e3f099dc3a43cdb275
ssdeep
6144:GWREJX3O4hQrnfdvIkKCZHy1B5mTRZzjc3JjuiCFpGGXQMRVFnfqAgz:GWH4e1vIklZH6m3myFpGG/znf0

authentihash 2046e78e9742568fe59c96e56334b415012feceb0887e6addd9b20c15346714a
imphash 1245b06d257260c54bf0d6f2cb4d6ac5
File size 381.0 KB ( 390144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-10-04 13:52:12 UTC ( 7 months, 2 weeks ago )
Last submission 2018-10-06 09:37:36 UTC ( 7 months, 2 weeks ago )
File names bros.exe
bros.exe
output.114089583.txt
7eef6ece33adaf23422ff9573b15c17e
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs