anydesk (1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

anydesk (1).exe
Size

6.0MB
MD5

26db329d3f997b7549847ff590ed2696
SHA1

4c772166d2ce932b3fb713b36ee6b4fcd223138f
SHA256

06cd8adcd2b4071649db4db57b1c31069bcd8b4120fde0c3314d8ddd80c24a5e
SHA512

7e9bfb849530ce0020ce17ae881f3a65cab3cdd9e9233d9a0597e8d30d70300748f8ac8c65c4fb6262f12f4dd2f0fb701c8e06147d044c8a4229655f24dd9b89
SSDEEP

196608:0PQRDNCIjlF6Ezwocipddyi94zdPrDf5:0PcIIxFXzwXipddkZrDf5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
anydesk (1).exe

Files

anydesk (1).exe
.exe windows x64

0a6e07ffc4f9a668600a99ff99c34e16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

connect

wldap32

ord22

crypt32

CryptQueryObject

advapi32

CryptEnumProvidersW

kernel32

CreateThread
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA

shell32

ShellExecuteA

rpcrt4

RpcStringFreeA

ntdll

RtlCaptureContext

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.skyvg)
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.skyzpj
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.skyDh5
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a6e07ffc4f9a668600a99ff99c34e16

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

advapi32

kernel32

user32

shell32

rpcrt4

ntdll

bcrypt

Sections

.text Size: - Virtual size: 2.4MB

.rdata Size: - Virtual size: 781KB

.data Size: - Virtual size: 63KB

.pdata Size: - Virtual size: 104KB

_RDATA Size: - Virtual size: 348B

.skyvg) Size: - Virtual size: 2.9MB

.skyzpj Size: 4KB - Virtual size: 3KB

.skyDh5 Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 2.4MB

.rdata
Size: - Virtual size: 781KB

.data
Size: - Virtual size: 63KB

.pdata
Size: - Virtual size: 104KB

_RDATA
Size: - Virtual size: 348B

.skyvg)
Size: - Virtual size: 2.9MB

.skyzpj
Size: 4KB - Virtual size: 3KB

.skyDh5
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B