× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c8ce6b387b571c452df85496f8e40f691d8f86c995557d80df7f1065daeadfe
File name: zbetcheckin_tracker_oi.exe
Detection ratio: 10 / 68
Analysis date: 2018-11-07 04:19:53 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Bkav W32.AIDetectVM.malware 20181107
Cylance Unsafe 20181107
Endgame malicious (high confidence) 20180730
Kaspersky UDS:DangerousObject.Multi.Generic 20181107
Malwarebytes Trojan.MalPack.SMY.Generic 20181107
Microsoft Trojan:Win32/Fuerboos.D!cl 20181107
Palo Alto Networks (Known Signatures) generic.ml 20181107
Tencent Win32.Backdoor.Fareit.Auto 20181107
VBA32 Malware-Cryptor.Inject.gen 20181106
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181107
Ad-Aware 20181107
AegisLab 20181107
AhnLab-V3 20181106
Alibaba 20180921
ALYac 20181107
Antiy-AVL 20181106
Arcabit 20181107
Avast 20181107
Avast-Mobile 20181106
AVG 20181107
Avira (no cloud) 20181106
Babable 20180918
Baidu 20181106
BitDefender 20181107
CAT-QuickHeal 20181105
ClamAV 20181107
CMC 20181107
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cyren 20181107
DrWeb 20181107
eGambit 20181107
Emsisoft 20181107
ESET-NOD32 20181107
F-Prot 20181107
F-Secure 20181107
Fortinet 20181107
GData 20181107
Ikarus 20181106
Sophos ML 20180717
Jiangmin 20181106
K7AntiVirus 20181106
K7GW 20181106
Kingsoft 20181107
MAX 20181107
McAfee 20181107
McAfee-GW-Edition 20181107
eScan 20181107
NANO-Antivirus 20181107
Panda 20181106
Qihoo-360 20181107
Rising 20181107
SentinelOne (Static ML) 20181011
Sophos AV 20181107
SUPERAntiSpyware 20181107
Symantec 20181106
Symantec Mobile Insight 20181105
TACHYON 20181107
TheHacker 20181107
TotalDefense 20181106
TrendMicro 20181107
TrendMicro-HouseCall 20181107
Trustlook 20181107
VIPRE 20181106
ViRobot 20181106
Webroot 20181107
Yandex 20181106
Zillya 20181106
Zoner 20181107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2016 philandro Software GmbH

Product AnyDesk
File version 3.2.4.0
Description AnyDesk
Packers identified
F-PROT PE_Patch, Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
RegSetValueExA
RegQueryValueExA
ImageList_SetIconSize
GetOpenFileNameA
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
CoTaskMemAlloc
SysFreeString
SafeArrayPtrOfIndex
VariantChangeTypeEx
SHGetFolderPathA
URLDownloadToFileA
CreateWindowExA
GetKeyboardType
VerQueryValueA
sndPlaySoundA
Number of PE resources by type
RT_BITMAP 45
RT_RCDATA 24
RT_STRING 18
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 3
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 80
RUSSIAN 22
ARABIC EGYPT 4
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.4.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
AnyDesk

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
442880

EntryPoint
0x1000

MIMEType
application/octet-stream

LegalCopyright
(C) 2016 philandro Software GmbH

FileVersion
3.2.4.0

TimeStamp
1992:06:19 15:22:17-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
philandro Software GmbH

CodeSize
679424

ProductName
AnyDesk

ProductVersionNumber
0.0.0.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4eaa5ff991febed0858eda110f3b1fbe
SHA1 ffa5eca242e20ab33acd783ecf2b938d562d33be
SHA256 9c8ce6b387b571c452df85496f8e40f691d8f86c995557d80df7f1065daeadfe
ssdeep
12288:HUC1eB+9nl1X3JzHq/wLqWx0Jbl0O7+VIceTC+esTCmW7X:0C1eB+9nl53Bq/w+fUOyVIce32mW

authentihash df597e7c3fef09a370646929a078473f4a059e802e4c1de465154312a6eb2c62
imphash e4cf8ca8029cc9006cf0b476febfe943
File size 596.5 KB ( 610816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2018-11-07 04:19:53 UTC ( 6 months, 2 weeks ago )
Last submission 2018-11-15 10:38:32 UTC ( 6 months, 1 week ago )
File names oi.exe
zbetcheckin_tracker_oi.exe
4eaa5ff991febed0858eda110f3b1fbe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.