Anydesk_Installer[.]zip

Sharing

Copy URL Twitter E-mail

Reason

scan timeout

General

Target

Anydesk_Installer.zip
Size

2.0MB
MD5

fb06effed77e07b286d6cb96009291c0
SHA1

01695ff96e712b7c7219435ce59f2a9d9bc2272a
SHA256

5c5957dcca2b6b713e189afc568c2db3d1cebf005c6df2a1e27e7dafd6379b10
SHA512

9ecb507b3623ec9e6e5228116f70745216c4d665e47eea5fe97191d9806b15c92e5b8ad2dc083aafb22c7cd79e3d46f3bf745a108dd9dee6ef8da4fc7d8456c4
SSDEEP

24576:pGpgcONdszsuCQHvQyywmgKClQHZN8l0Uo7ZEdB2+3OwgFSVMRHFWCpn:p0gcsyPrywFxlQ5alpo7ZTmSvN

Score

N/A

Malware Config

Signatures

Files

Anydesk_Installer.zip
.zip
Anydesk Setup/A3DUtils.dll
.dll windows x64

40ada74578f0edba34217fe1529ba74c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/04/2022, 00:00

Not After

01/05/2024, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:30:4e:aa:33:0f:e7:da:d0:70:16:bd:39:11:73:c6:56:de:db:7f:5c:44:31:de:5c:14:03:04:dc:02:9f:32
Signer

Actual PE Digest

09:30:4e:aa:33:0f:e7:da:d0:70:16:bd:39:11:73:c6:56:de:db:7f:5c:44:31:de:5c:14:03:04:dc:02:9f:32

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

04/07/2022, 20:10
Valid: true

Chain 1

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bib

ord11
ord4
ord5

agm

ord3
ord4

cooltype

ord1
ord3

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
RtlCaptureContext
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

user32

GetDC

gdi32

SelectObject
GetTextMetricsW
DeleteObject
GetOutlineTextMetricsW
CreateFontIndirectW
AddFontResourceExW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memcpy
__C_specific_handler
__std_type_info_destroy_list
_CxxThrowException
__current_exception_context
__current_exception
wcsrchr
__std_exception_destroy
__std_terminate
wcsstr
__std_exception_copy
memset

api-ms-win-crt-filesystem-l1-1-0

_waccess

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcscat_s

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
free

api-ms-win-crt-runtime-l1-1-0

terminate
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vswprintf
__stdio_common_vfprintf

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

ceil
log10
sqrt

Exports

Exports

?GetAcrobatPathW@@YA_NPEA_W_K0@Z
?SetModuleHandleForDLL@@YAXPEAUHINSTANCE__@@@Z
AddFontDirectory
SetDefaultFont
ct_Construct
ct_Destroy
ct_EndInstance
ct_GetAdvance
ct_GetAscent
ct_GetAscentTxt
ct_GetBitmapFont
ct_GetContours
ct_GetDescent
ct_GetDescentTxt
ct_GetFontFamilies
ct_GetFontFamilyStructs
ct_GetReferenceHeight
ct_GetScalePixel
ct_GetVectorFont
ct_HasAllChar
ct_InitInstance
ct_LoadFont
ct_Render
ct_SetBoldSoftware
ct_SetItalicSoftware

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Anydesk Setup/AGMGPUOptIn.ini
Anydesk Setup/Resource/Font/AdobePIStd.otf
Anydesk Setup/Resource/Font/CourierStd-Bold.otf
Anydesk Setup/Resource/Font/CourierStd-BoldOblique.otf
Anydesk Setup/Resource/Font/CourierStd-Oblique.otf
Anydesk Setup/Resource/Font/CourierStd.otf
Anydesk Setup/Resource/Font/MinionPro-Bold.otf
Anydesk Setup/Resource/Font/MinionPro-BoldIt.otf
Anydesk Setup/Resource/Font/MinionPro-It.otf
Anydesk Setup/Resource/Font/MinionPro-Regular.otf
Anydesk Setup/Resource/Font/MyriadPro-Bold.otf
Anydesk Setup/Resource/Font/MyriadPro-BoldIt.otf
Anydesk Setup/Resource/Font/MyriadPro-It.otf
Anydesk Setup/Resource/Font/MyriadPro-Regular.otf
Anydesk Setup/Resource/Font/Pfm/SY______.PFM
Anydesk Setup/Resource/Font/Pfm/zx______.pfm
Anydesk Setup/Resource/Font/Pfm/zy______.pfm
Anydesk Setup/Resource/Font/SY______.PFB
Anydesk Setup/Resource/Font/ZX______.PFB
Anydesk Setup/Resource/Font/ZY______.PFB
Anydesk Setup/Setup.exe
.exe windows x64

4cea7ae85c87ddc7295d39ff9cda31d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
LoadLibraryExA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
WaitForSingleObject
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
ExpandEnvironmentStringsA
LocalAlloc
lstrcmpA
FindNextFileA
GetCurrentProcess
FindFirstFileA
GetModuleFileNameA
GetShortPathNameA
Sleep
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
GetDiskFreeSpaceA
MulDiv
FindClose

gdi32

GetDeviceCaps

user32

ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetSystemMetrics
CallWindowProcA
SetWindowTextA
MessageBoxA
SendDlgItemMessageA
SendMessageA
GetDlgItem
DialogBoxIndirectParamA
GetWindowLongPtrA
SetWindowLongPtrA
SetForegroundWindow
ReleaseDC
EnableWindow
CharNextA
LoadStringA
CharPrevA
EndDialog
MessageBeep
ExitWindowsEx
SetDlgItemTextA
CharUpperA
GetDesktopWindow
PeekMessageA
GetDlgItemTextA

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
memset
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
memcpy_s
_vsnprintf
_initterm
memcpy

comctl32

ord17

cabinet

ord20
ord21
ord23
ord22

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 537KB - Virtual size: 537KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

40ada74578f0edba34217fe1529ba74c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

09:30:4e:aa:33:0f:e7:da:d0:70:16:bd:39:11:73:c6:56:de:db:7f:5c:44:31:de:5c:14:03:04:dc:02:9f:32Signer

Signature Validations

Verification

04/07/2022, 20:10 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

bib

agm

cooltype

kernel32

user32

gdi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 133KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 5KB - Virtual size: 6.2MB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 680B

4cea7ae85c87ddc7295d39ff9cda31d1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

cabinet

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 7KB

.pdata Size: 1024B - Virtual size: 1020B

.rsrc Size: 537KB - Virtual size: 537KB

.reloc Size: 512B - Virtual size: 32B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

09:30:4e:aa:33:0f:e7:da:d0:70:16:bd:39:11:73:c6:56:de:db:7f:5c:44:31:de:5c:14:03:04:dc:02:9f:32
Signer

04/07/2022, 20:10
Valid: true

.text
Size: 134KB - Virtual size: 133KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 5KB - Virtual size: 6.2MB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 680B

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 7KB

.pdata
Size: 1024B - Virtual size: 1020B

.rsrc
Size: 537KB - Virtual size: 537KB

.reloc
Size: 512B - Virtual size: 32B