× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e855b502d86ad03e50376432abea8069fcb4936718028e7133a48c5cae003c5d
File name: 12026400
Detection ratio: 29 / 68
Analysis date: 2018-07-31 04:54:01 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.262650 20180731
Arcabit Trojan.Graftor.D7B73F 20180731
Avast FileRepMalware 20180730
AVG FileRepMalware 20180730
BitDefender Gen:Variant.Ursu.262650 20180731
Cybereason malicious.f2f443 20180225
DrWeb Trojan.PWS.Stealer.18836 20180731
Emsisoft Gen:Variant.Ursu.262650 (B) 20180731
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.DZMV 20180731
F-Secure Gen:Variant.Graftor.505663 20180731
Fortinet W32/Injector.DXPT!tr 20180731
GData Gen:Variant.Ursu.262650 20180731
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 7000000f1 ) 20180730
K7GW Trojan ( 7000000f1 ) 20180731
Kaspersky HEUR:Trojan.Win32.Agent.gen 20180731
Malwarebytes Trojan.MalPack.DLF 20180731
MAX malware (ai score=84) 20180731
McAfee Artemis!C54231C63873 20180731
McAfee-GW-Edition GenericRXEP-HN!A3B74EE78391 20180731
eScan Gen:Variant.Ursu.262650 20180731
Palo Alto Networks (Known Signatures) generic.ml 20180731
Qihoo-360 HEUR/QVM11.1.DD39.Malware.Gen 20180731
Rising Trojan.Azden!8.F0E3 (TFE:dGZlOgUgiJVjnKGQgg) 20180731
Symantec Packed.Generic.526 20180731
TrendMicro TSPY_HPLOKI.SM1 20180731
TrendMicro-HouseCall TSPY_HPLOKI.SM1 20180731
ZoneAlarm by Check Point HEUR:Trojan.Win32.Agent.gen 20180731
AegisLab 20180731
AhnLab-V3 20180731
Alibaba 20180713
ALYac 20180731
Antiy-AVL 20180731
Avast-Mobile 20180730
Avira (no cloud) 20180731
AVware 20180727
Babable 20180725
Baidu 20180730
Bkav 20180730
CAT-QuickHeal 20180728
ClamAV 20180731
CMC 20180730
Comodo 20180731
CrowdStrike Falcon (ML) 20180723
Cylance 20180731
Cyren 20180731
eGambit 20180731
F-Prot 20180731
Ikarus 20180730
Jiangmin 20180731
Kingsoft 20180731
Microsoft 20180731
NANO-Antivirus 20180731
Panda 20180730
SentinelOne (Static ML) 20180701
Sophos AV 20180731
SUPERAntiSpyware 20180731
Symantec Mobile Insight 20180728
TACHYON 20180731
Tencent 20180731
TheHacker 20180730
TotalDefense 20180730
Trustlook 20180731
VBA32 20180730
VIPRE 20180731
ViRobot 20180730
Webroot 20180731
Yandex 20180730
Zillya 20180730
Zoner 20180730
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2016 philandro Software GmbH

Product AnyDesk
File version 3.2.4.0
Description AnyDesk
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000D01A0
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
ImageList_Add
GetSaveFileNameA
SaveDC
HtmlHelpA
CoInitialize
VariantCopy
OleLoadPicture
ShellExecuteA
SHGetFolderPathA
VerQueryValueA
Number of PE resources by type
RT_STRING 19
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 5
RT_ICON 4
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 41
ARABIC EGYPT 4
PE resources
ExifTool file metadata
UninitializedDataSize
466944

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.4.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
AnyDesk

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
28672

EntryPoint
0xd01a0

MIMEType
application/octet-stream

LegalCopyright
(C) 2016 philandro Software GmbH

FileVersion
3.2.4.0

TimeStamp
1992:06:19 15:22:17-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
philandro Software GmbH

CodeSize
385024

ProductName
AnyDesk

ProductVersionNumber
0.0.0.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c54231c638730c3f71db491968283534
SHA1 a1cec44f2f44317cba554851ccb198421455eecd
SHA256 e855b502d86ad03e50376432abea8069fcb4936718028e7133a48c5cae003c5d
ssdeep
6144:rOLMuGg72EWgK7fbp3NztOukWRNF+9Ewo1oudOqdlB688sG4+jn/EYL:QJGg71abl3NxO0RG9Ed1oub6zsGHsw

authentihash 624fa1fad38efcc06200ffdfe9a172b4492bc1e2fda5d018b0882d11495d603d
imphash e53d67c5038cbfc5a0dd2b649f1971c7
File size 401.0 KB ( 410624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-07-31 04:54:01 UTC ( 9 months, 3 weeks ago )
Last submission 2018-07-31 04:54:01 UTC ( 9 months, 3 weeks ago )
File names 12026400
tmt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs