× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4cd3a3780a0bf14f53019ea6140138010a53b75f27490dc820c3e0952de8c32
File name: tmt.exe
Detection ratio: 18 / 67
Analysis date: 2018-07-19 12:07:23 UTC ( 8 months ago ) View latest
Antivirus Result Update
ClamAV Win.Trojan.Ag-1 20180719
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180530
Cybereason malicious.2e15ff 20180225
Cylance Unsafe 20180719
Endgame malicious (moderate confidence) 20180711
ESET-NOD32 a variant of Win32/Injector.DXST 20180719
Fortinet W32/Injector.DXFC!tr 20180719
K7AntiVirus Trojan ( 7000000f1 ) 20180719
K7GW Trojan ( 7000000f1 ) 20180719
Kaspersky HEUR:Trojan.Win32.Agent.gen 20180719
McAfee Trojan-FNTX!4097A80B2D7D 20180719
McAfee-GW-Edition Trojan-FNTX!4097A80B2D7D 20180719
Qihoo-360 Win32/Trojan.74b 20180719
Rising Malware.Heuristic!ET#86% (RDM+:cmRtazp3cWyFpj6yg2Hc14/iWYgE) 20180719
Symantec Packed.Generic.526 20180719
TrendMicro TSPY_HPLOKI.SM1 20180719
TrendMicro-HouseCall TSPY_HPLOKI.SM1 20180719
ZoneAlarm by Check Point HEUR:Trojan.Win32.Agent.gen 20180719
Ad-Aware 20180719
AegisLab 20180719
AhnLab-V3 20180719
Alibaba 20180713
ALYac 20180719
Antiy-AVL 20180719
Arcabit 20180719
Avast 20180719
Avast-Mobile 20180719
AVG 20180719
Avira (no cloud) 20180719
AVware 20180719
Babable 20180406
Baidu 20180717
BitDefender 20180719
Bkav 20180719
CAT-QuickHeal 20180718
CMC 20180719
Comodo 20180719
Cyren 20180719
DrWeb 20180719
eGambit 20180719
Emsisoft 20180719
F-Prot 20180719
F-Secure 20180719
GData 20180719
Ikarus 20180719
Sophos ML 20180717
Jiangmin 20180719
Kingsoft 20180719
Malwarebytes 20180719
MAX 20180719
Microsoft 20180719
eScan 20180719
NANO-Antivirus 20180719
Palo Alto Networks (Known Signatures) 20180719
Panda 20180718
SentinelOne (Static ML) 20180701
Sophos AV 20180719
SUPERAntiSpyware 20180719
TACHYON 20180719
Tencent 20180719
TheHacker 20180719
Trustlook 20180719
VBA32 20180719
VIPRE 20180719
ViRobot 20180719
Webroot 20180719
Yandex 20180717
Zillya 20180718
Zoner 20180719
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2016 philandro Software GmbH

Product AnyDesk
File version 3.2.4.0
Description AnyDesk
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0012B3D0
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
URLDownloadToFileA
RegCloseKey
ImageList_Add
GetSaveFileNameA
VariantCopy
ShellExecuteA
SHGetFolderPathA
VerQueryValueA
Number of PE resources by type
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_ICON 2
RT_RCDATA 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 21
RUSSIAN 2
PE resources
ExifTool file metadata
UninitializedDataSize
753664

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.4.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
AnyDesk

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
16384

EntryPoint
0x12b3d0

MIMEType
application/octet-stream

LegalCopyright
(C) 2016 philandro Software GmbH

FileVersion
3.2.4.0

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
philandro Software GmbH

CodeSize
471040

ProductName
AnyDesk

ProductVersionNumber
0.0.0.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1d4f6bd21ae7a4cedcfef4da06397739
SHA1 5122b772e15ff01b09a97409ff33b5a77121f99b
SHA256 e4cd3a3780a0bf14f53019ea6140138010a53b75f27490dc820c3e0952de8c32
ssdeep
12288:EB7CoTX6TDiz5LbNyi764gKPG4wYmA7pZUba6KFV:gC6X6qRN7m4gKPTwYtpBdn

authentihash b592ac26d89bec469a2260ed6f2959317159b776ee575742a1753084915dd73f
imphash 9d0d140c3ee3ff629774e7e4d2b45bfd
File size 473.5 KB ( 484864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-07-19 12:07:23 UTC ( 8 months ago )
Last submission 2018-07-19 12:07:23 UTC ( 8 months ago )
File names tmt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Shell commands
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
TCP connections