| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2025-Nov-26 19:44:08
|
| Detected languages |
English - United States
|
| Debug artifacts |
C:\Users\worker\workspace\AD_windows32\release\win_9.6.6\5166\anydesk\release\app-32\win_loader\AnyDesk.pdb
|
| CompanyName |
AnyDesk Software GmbH
|
| FileDescription |
AnyDesk
|
| FileVersion |
9.6.6
|
| ProductName |
AnyDesk
|
| ProductVersion |
9.6
|
| LegalCopyright |
(C) 2025 AnyDesk Software GmbH
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .itext
The PE only has 0 import(s).
|
| Info |
The PE is digitally signed. |
Signer: AnyDesk Software GmbH
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
|
| MD5 |
26853b653f1819e8a54d4863302db3cc
|
| SHA1 |
cc16f3c73c4120950244d803560088b9d09b32c0
|
| SHA256 |
864e2c3675d05cd4816a42167b45ab66e3d5995fae7e1fd680223940061b9803
|
| SHA3 |
758fb95b29f91d7e059a1fd00a8d52b962e61c3a7529b61d9984050e0e83a371
|
| SSDeep |
196608:GvoSioJ2WyW8FZyiq+x1uxISrNiagAL+dXRNjkPx:UoSapFZyaxw1xIXRNjk5
|
| Imports Hash |
d41d8cd98f00b204e9800998ecf8427e
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0xc8
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
6
|
| TimeDateStamp |
2025-Nov-26 19:44:08
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32
|
| LinkerVersion |
10.0
|
| SizeOfCode |
0x2a00
|
| SizeOfInitializedData |
0x790800
|
| SizeOfUninitializedData |
0x1ba1200
|
| AddressOfEntryPoint |
0x00003653 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x4000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
5.1
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.1
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x2339000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x79d875
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
87be39c32037993f30ec861e3875f8b4
|
| SHA1 |
548e83d91fb6316bdee360e80559a18ff895cd1d
|
| SHA256 |
9121448394286afdde2a52c7770e4aaf63ca1ead496cd3b2373e79e66a854661
|
| SHA3 |
d35a84ea59f5b64ebfc5c9864b039bb2b4c53e7806c0d851034f02e1d1abf006
|
| VirtualSize |
0x2877
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x2a00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.55843
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x1ba1200
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
4170057655aec817166d6c8aea76e79c
|
| SHA1 |
9b430ef68d82af6d46d2e36c4e0e9c1c2449b329
|
| SHA256 |
f2fe3ed57c20c0091c9522834e380ef2cc9410fa293a3e55ed97ce5b8e4a56ba
|
| SHA3 |
761548994c391a2f4be459bc64e9cfe5b1b258f5a82188276d0b10b6637f7e8c
|
| VirtualSize |
0x320
|
| VirtualAddress |
0x1ba6000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x2e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.85143
|
| MD5 |
6ccc2419fe4811e2a70be24bffd60d41
|
| SHA1 |
fc2acac793bda4bb0de2ed02d6de46d165ab4aa3
|
| SHA256 |
ec8b5c58adf6ae876f3a7507191218ab07da34eace0301b8b75c6c797888e740
|
| SHA3 |
70cc1c905088eeca380190a8e39586d6a6d30492035f2429a11e30dc27beda47
|
| VirtualSize |
0x78b4fc
|
| VirtualAddress |
0x1ba7000
|
| SizeOfRawData |
0x78b200
|
| PointerToRawData |
0x3200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.99998
|
| MD5 |
016225b192fe8d169e289d7fffb5f111
|
| SHA1 |
f86c04e3831906faa3ebe8cec625c964356b6e8d
|
| SHA256 |
2a8e2f94197ac8eec84bcf364e4d74ba7ec4769540cf2207652e7ea51e0c21d6
|
| SHA3 |
e92f59e38df20468a3d8a83a8d7962073e4cc761866d63a3eb08005dd0559057
|
| VirtualSize |
0x4878
|
| VirtualAddress |
0x2333000
|
| SizeOfRawData |
0x4a00
|
| PointerToRawData |
0x78e400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
6.03135
|
| MD5 |
df96faae07bd22a26d11da4a8c21cc48
|
| SHA1 |
071262875d71f612a9905b2992a984db5fedd4b3
|
| SHA256 |
9b74b639ee7a33108719ff6d6de8047caeb5100bffaef602ab7c140d58d40782
|
| SHA3 |
0f1d46fe0fa2a4971ae0e8acb7af1c87a32a1a7cdeaa214bb7d7d0fe2f53d9dc
|
| VirtualSize |
0x300
|
| VirtualAddress |
0x2338000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x792e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
1.17006
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x1b8e
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.83901
|
| MD5 |
c88936dd1a7d59c4403d6babb04dd87e
|
| SHA1 |
cc33904defad90d05ccec92b7fff7d5902941795
|
| SHA256 |
ea057e896209478d8290a1b526cae84f2509678d866d08382614707f3b710d47
|
| SHA3 |
28528f7316cb893a622c6611bbd967fcc40de2bf615e7332dee0fbd31997398e
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x668
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.29968
|
| MD5 |
092bef43014ecb8adbaf06131ce5e40b
|
| SHA1 |
1b15bd67961afbecb0cbbd1183c2d0dc9ed9e7cf
|
| SHA256 |
f50850ec3e997252b5533691868d04c15e923efe4f694c0ea8126f612e60404c
|
| SHA3 |
cab0b87867861997a7a03b362811b9052b40dea25bcd54a88c60956b6f6e9968
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x2e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.6735
|
| MD5 |
3a69266d6258e81e65a29138c95fe2a8
|
| SHA1 |
606560abf36b292f238d7ad4aa6c09ec8a21f8a3
|
| SHA256 |
bc1cb94bcc63c8541ff535da88ed153ff3346db3fb93fc27fe87d414b2038dc4
|
| SHA3 |
4204359c479df05357b6bf705b0d2961c1a4317d43977784fcf2835e25209f54
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x1e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.73746
|
| MD5 |
75705b8eedfc400d14f7ae9c8f40935b
|
| SHA1 |
ebecc73c1403107ce631cc21a6c4262a4c0ee1aa
|
| SHA256 |
c433628ee32bb8698e81f2ebb23d615e4bcf34ba954055410c64c3638c95503c
|
| SHA3 |
3b0525e50fdad680ebf6318fef60a34ffd36ae26a82fa7bb4675d27b0227a0e2
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x128
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.69265
|
| MD5 |
76b057741da4577549a4b9ef8f585bb3
|
| SHA1 |
4d4f6f821507639f8214bae9aa2be1f480b7e844
|
| SHA256 |
b008246dad106e522b98810ce6bc1212c8f12e78a6f77506283782438ea5b65d
|
| SHA3 |
acce4c5df16010fce31dd43cfe4645d11a9aadc7ccd5da162bdbd154c1ac9b78
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.82573
|
| MD5 |
2610c05771e702a41ecb8da0b04d0ab5
|
| SHA1 |
31364061514f28d5a1d705779e53813dac0b3a33
|
| SHA256 |
b971ae520635a90d11feec73c6569c869fa253b30f2f5c48e5db9a53a3011a0c
|
| SHA3 |
65e991a0af2d28102ed025ead37c462f1c771a67aec8a9daad72e7a5713c3104
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.12201
|
| MD5 |
24e8eca8ba394adf26140b977971f9a1
|
| SHA1 |
880457cd2862996cb8048208345fd97572d414c4
|
| SHA256 |
9756f73802f079675e55f855935060a2fa1a6760ff95a6da7d172637c31068a9
|
| SHA3 |
7e11475c5b7b6c0ca005e766cefc783671f31a18bb33fae09b647e8e80dd51c5
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.78538
|
| MD5 |
53975c41e7520296015f9db3f16a6c74
|
| SHA1 |
03aad254664361f296e2c982968d4afb537a573e
|
| SHA256 |
4041084c14f8f142bf7919feedf1437c9bdb5c3040db4a2bd2b0cf387f006fcf
|
| SHA3 |
79879cd09c0a4a1d24967b53fe230d9ae0fc1613299a75561402de6ad65509c7
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x22
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.36486
|
| MD5 |
f450601c55ed21618c3f1a5ba1f27a4f
|
| SHA1 |
06f1824063568ba0dd86aacd8159af2cf3a47f54
|
| SHA256 |
bd48b5685ffe8ec4a32dc5da2aff7b279e3ad02a2671beb80d1b8f44cf7e416f
|
| SHA3 |
45ca28fd4210bca3d6a7a16d8f069db4d8b04dd5c88b05ed882aa5f0f570c7a2
|
| Type |
RT_VERSION
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x24c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.36815
|
| MD5 |
6186def2146f416e5c05d8ca4afd6b53
|
| SHA1 |
21c56b8a40313d083d82ae4d2d97ad803fd38d11
|
| SHA256 |
749881ca3f13f3dfeafe4551dbe336fb155a897327cd2fc4e226e9f4a7c1c08d
|
| SHA3 |
1826619c877f011e536d223d0aea6f327a0712ced2575b6ef0d58af3a23c9e23
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x629
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.43213
|
| MD5 |
108698a80878860f8274e4278baf78ae
|
| SHA1 |
b4641969bcdc0743b3b776c78db66b98e2dd3389
|
| SHA256 |
d92fbf41655d5c4260ad68fc5efdb88a597891d85c5c4af09d43cb6ef60d9547
|
| SHA3 |
6006cc138f8b84b807d7304fe6f1e957788648e9bd61a33cf681a430406f45d4
|
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
9.6.6.0
|
| ProductVersion |
0.0.0.0
|
| FileFlags |
(EMPTY)
|
| FileOs |
(EMPTY)
|
| FileType |
VFT_APP
|
| Language |
English - United States
|
| CompanyName |
AnyDesk Software GmbH
|
| FileDescription |
AnyDesk
|
| FileVersion (#2) |
9.6.6
|
| ProductName |
AnyDesk
|
| ProductVersion (#2) |
9.6
|
| LegalCopyright |
(C) 2025 AnyDesk Software GmbH
|
| Resource LangID |
English - United States
|
| Characteristics |
0
|
| TimeDateStamp |
2025-Nov-26 19:44:08
|
| Version |
0.0
|
| SizeofData |
132
|
| AddressOfRawData |
0x1ba629c
|
| PointerToRawData |
0x309c
|
| Referenced File |
C:\Users\worker\workspace\AD_windows32\release\win_9.6.6\5166\anydesk\release\app-32\win_loader\AnyDesk.pdb
|
| XOR Key |
0x3b893055
|
| Unmarked objects |
0
|
| C objects (VS2010 build 30319) |
3
|
| C++ objects (VS2010 build 30319) |
8
|
| Resource objects (VS2010 build 30319) |
1
|
| Linker (VS2010 build 30319) |
1
|
[*] Warning: Section .itext has a size of 0!
[*] Warning: Please edit the configuration file with your VirusTotal API key.
[!] Error: Could not load yara_rules/bitcoin.yara!
[!] Error: Could not load yara_rules/monero.yara!
[!] Error: Could not load yara_rules/compilers.yara!
[!] Error: Could not load yara_rules/findcrypt.yara!
[!] Error: Could not load yara_rules/suspicious_strings.yara!
[!] Error: Could not load yara_rules/domains.yara!
[!] Error: Could not load yara_rules/peid.yara!
26853b653f1819e8a54d4863302db3cc