× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eddb62efdaeb806a8835953ebb301ac03864aa816c9accc6f10a59e82c907ab5
File name: eddb62efdaeb806a8835953ebb301ac03864aa816c9accc6f10a59e82c907ab5
Detection ratio: 9 / 69
Analysis date: 2018-10-03 01:37:09 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cybereason malicious.61e3f2 20180225
Cylance Unsafe 20181003
Fortinet W32/Injector.DOUH!tr 20181003
McAfee Trojan-FNTX!9580F0C651AD 20181002
McAfee-GW-Edition Trojan-FNTX!9580F0C651AD 20181002
Qihoo-360 HEUR/QVM11.1.4481.Malware.Gen 20181003
Rising Malware.Undefined!8.C (TFE:5:azUCEWJuWbT) 20181002
VBA32 Malware-Cryptor.Inject.gen 20181002
Ad-Aware 20181003
AegisLab 20181003
AhnLab-V3 20181002
Alibaba 20180921
ALYac 20181003
Antiy-AVL 20181003
Arcabit 20181003
Avast 20181003
Avast-Mobile 20181002
AVG 20181003
Avira (no cloud) 20181003
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181003
Bkav 20181002
CAT-QuickHeal 20181001
ClamAV 20181002
CMC 20181002
Comodo 20181003
Cyren 20181003
DrWeb 20181003
eGambit 20181003
Emsisoft 20181003
Endgame 20180730
ESET-NOD32 20181002
F-Prot 20181003
F-Secure 20181002
GData 20181003
Ikarus 20181002
Sophos ML 20180717
Jiangmin 20181003
K7AntiVirus 20181002
K7GW 20181001
Kaspersky 20181003
Kingsoft 20181003
Malwarebytes 20181003
MAX 20181003
Microsoft 20181002
eScan 20181003
NANO-Antivirus 20181002
Palo Alto Networks (Known Signatures) 20181003
Panda 20181002
SentinelOne (Static ML) 20180926
Sophos AV 20181003
SUPERAntiSpyware 20180907
Symantec 20181002
Symantec Mobile Insight 20181001
TACHYON 20181003
Tencent 20181003
TheHacker 20181001
TotalDefense 20181002
TrendMicro 20181002
TrendMicro-HouseCall 20181003
Trustlook 20181003
VIPRE 20181003
ViRobot 20181002
Webroot 20181003
Yandex 20180927
Zillya 20181002
ZoneAlarm by Check Point 20180925
Zoner 20181002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2016 philandro Software GmbH

Product AnyDesk
File version 3.2.4.0
Description AnyDesk
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000C5AD0
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
VariantCopy
ShellExecuteA
SHGetFolderPathA
VerQueryValueA
Number of PE resources by type
RT_RCDATA 25
RT_STRING 17
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 4
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 47
RUSSIAN 22
ARABIC EGYPT 4
GERMAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
434176

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.4.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
AnyDesk

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
32768

EntryPoint
0xc5ad0

MIMEType
application/octet-stream

LegalCopyright
(C) 2016 philandro Software GmbH

FileVersion
3.2.4.0

TimeStamp
1992:06:19 15:22:17-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
philandro Software GmbH

CodeSize
372736

ProductName
AnyDesk

ProductVersionNumber
0.0.0.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8c80b6c25871451b52396c3c4d78cffd
SHA1 f6bccbb61e3f282858caf5245c77abcb9aa0e0ad
SHA256 eddb62efdaeb806a8835953ebb301ac03864aa816c9accc6f10a59e82c907ab5
ssdeep
6144:+WREJX3O4hQrnfdvIkKCZHy1B5mUqZUANg/Cl72KKFuXI4ufs8H5M:+WH4e1vIklZH6mUqZU8QKGSDF8

authentihash 272ae340e9c743c101daad7a21c162d89800951a81de053e39d810b04bc11923
imphash 1245b06d257260c54bf0d6f2cb4d6ac5
File size 393.0 KB ( 402432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-10-03 01:37:09 UTC ( 7 months, 3 weeks ago )
Last submission 2018-10-03 08:07:33 UTC ( 7 months, 3 weeks ago )
File names 8c80b6c2.gxe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs