AnyDesk[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AnyDesk.exe
Size

1.2MB
MD5

1c6e08b5f03c0c7d1455f082b1b02c64
SHA1

b4fc0daad1f2ba571257eac3756f5b149ac6c81c
SHA256

4d275403b2993bb1dcf4d3262a5a70b32c0caa04e3cdb8c236420a3b1b1855b6
SHA512

47f1cde5bddb54a7a75f4e303aa13898ba65bb2a9e65c7476852060840e067c9c7e4d4c198467776093cd4b2b3303ed9b8062951e2351abc82231767dccaac59
SSDEEP

12288:li+DvjGVRiiguuorYGFutn252EulJ5u75Xeo1jf3mGKJi7Xja/q52iFb:l76VyuuB252EulJ5OtVf3mJY7Xjrsix

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AnyDesk.exe

Files

AnyDesk.exe
.exe windows x86

c01bacedafd6685527cc7a798a4d9a8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualProtect
Sleep
FreeConsole
HeapSize
RaiseException
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteConsoleW
HeapQueryInformation
HeapReAlloc
HeapFree
SetConsoleCtrlHandler
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
CreateThread
WaitForSingleObjectEx
CloseHandle
OutputDebugStringW
OutputDebugStringA
GetCurrentThread
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetSystemInfo
HeapValidate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
GetACP
HeapAlloc
DecodePointer

user32

EnumChildWindows
GetSystemMetrics
GetDC
ReleaseDC
DrawTextW
RegisterClassExW
SetWindowPlacement
SetForegroundWindow
GetMessageW
TranslateAcceleratorW
GetMessageExtraInfo
TranslateMessage
DispatchMessageW
GetFocus
PostQuitMessage
InvalidateRect
DefWindowProcW
IsClipboardFormatAvailable
GetMenuState
SetPropW
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
CharNextA
PostMessageW
IsWindowEnabled
SetWindowLongW
InsertMenuItemW
GetWindowLongW
GetSubMenu
RemoveMenu
AppendMenuW
SetMenuItemInfoW
DrawMenuBar
GetClassLongW
SetClassLongW
GetSysColor
MessageBoxA
OpenClipboard

Sections

.text
Size: 589KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 521KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c01bacedafd6685527cc7a798a4d9a8b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 589KB - Virtual size: 588KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 521KB - Virtual size: 526KB

.idata Size: 4KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 589KB - Virtual size: 588KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 521KB - Virtual size: 526KB

.idata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 21KB - Virtual size: 21KB