Manalyze report for bfc1675ee1e358db8356f515aaded7962923e426aa0a0a1c0eddfc4dab053f89

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-12 00:36:17
Detected languages	English - United States
Debug artifacts	C:\Users\worker\workspace\AD_windows32\release\win_9.6.11\6141\anydesk\release\app-32\win_loader\AnyDesk.pdb
CompanyName	AnyDesk Software GmbH
FileDescription	AnyDesk
FileVersion	`9.6.11`
ProductName	AnyDesk
ProductVersion	`9.6`
LegalCopyright	(C) 2026 AnyDesk Software GmbH

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: bQAym.fr`
Suspicious	The PE is possibly packed.	`Unusual section name found: .itext` `The PE only has 0 import(s).`
Info	The PE is digitally signed.	`Signer: AnyDesk Software GmbH` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/61 (Scanned on 2026-03-09 10:03:16)	`All the AVs think this file is safe.`

Hashes

MD5	`71c0e655a6c3455f106b130b0c191465`
SHA1	`835fb3b1e509f031a3028ddfc6e8222bcab26d8c`
SHA256	`bfc1675ee1e358db8356f515aaded7962923e426aa0a0a1c0eddfc4dab053f89`
SHA3	`5cee33b89546c36cb574b720fc0952788a19f28380fc783c3d3e435194c9bc05`
SSDeep	`196608:NphPuRByY5wlWTuGk4+x6OWudPHh+u+kw4mrmG57bWb:NneLRBnudPBB+HnmgS`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2026-Feb-12 00:36:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x2a00`
SizeOfInitializedData	`0x7a4400`
SizeOfUninitializedData	`0x1bee400`
AddressOfEntryPoint	`0x00003653 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x239a000`
SizeOfHeaders	`0x400`
Checksum	`0x7b1fc3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ebe59a758bc79d82ec24c02e81f434fd`
SHA1	`2db172aa3f96ed40fe7d3abeef72e0d24156633e`
SHA256	`12418d4f2fcfc84688d5c9b9cbe004e511aa6c8fd33cc005a7cb1ce00ccb472d`
SHA3	`7f10910a7fbdec079a674ece5ae7143b29eadf4a556d31333594f0bf7fc99107`
VirtualSize	`0x2877`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55374`

.itext

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1bee400`
VirtualAddress	`0x4000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`06506a0a5c0255b0097af876023e7dc9`
SHA1	`ae683d2f4a77c0826f5e4ba556ae849ddad40276`
SHA256	`73e7a1a74b7661e629e3887e7c665b8528c736ce889ecd970ebd006151a79362`
SHA3	`5b276a3e0bf3de0734f20e98cfb0e1edf339cdf91fb3d4e4c58a5f020e849c18`
VirtualSize	`0x321`
VirtualAddress	`0x1bf3000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.85141`

.data

MD5	`b0c290efbd4ed2f99fd0c04719414354`
SHA1	`3323b4a2cbce5ff08ffa3132f3baa7af3a693ed2`
SHA256	`cd3919494970c56b7a23c5e2cc1285e613d122ff5f861773550407956f6061f3`
SHA3	`3d0efa01e7e05d29ee76abfdef2b87acc4930106dd390f7d62387586df652c6b`
VirtualSize	`0x79f1dc`
VirtualAddress	`0x1bf4000`
SizeOfRawData	`0x79ee00`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99998`

.rsrc

MD5	`2b82ab3e3cdbaf4d77dc47569e3518bd`
SHA1	`67b159386888bb12c18d1843c8d785510accd677`
SHA256	`2b9d7a50b9eb817b509ae07d8eb0d720f0ce531116254e05d3d491b67faf91c1`
SHA3	`7a895c326fcf797aed79ccdeb87c71838f70a51e401b1dffdfe7197149c70614`
VirtualSize	`0x4878`
VirtualAddress	`0x2394000`
SizeOfRawData	`0x4a00`
PointerToRawData	`0x7a2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.03179`

.reloc

MD5	`df96faae07bd22a26d11da4a8c21cc48`
SHA1	`071262875d71f612a9905b2992a984db5fedd4b3`
SHA256	`9b74b639ee7a33108719ff6d6de8047caeb5100bffaef602ab7c140d58d40782`
SHA3	`0f1d46fe0fa2a4971ae0e8acb7af1c87a32a1a7cdeaa214bb7d7d0fe2f53d9dc`
VirtualSize	`0x300`
VirtualAddress	`0x2399000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7a6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.17006`

Imports

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b8e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83901`
Detected Filetype	PNG graphic file
MD5	`c88936dd1a7d59c4403d6babb04dd87e`
SHA1	`cc33904defad90d05ccec92b7fff7d5902941795`
SHA256	`ea057e896209478d8290a1b526cae84f2509678d866d08382614707f3b710d47`
SHA3	`28528f7316cb893a622c6611bbd967fcc40de2bf615e7332dee0fbd31997398e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.29968`
MD5	`092bef43014ecb8adbaf06131ce5e40b`
SHA1	`1b15bd67961afbecb0cbbd1183c2d0dc9ed9e7cf`
SHA256	`f50850ec3e997252b5533691868d04c15e923efe4f694c0ea8126f612e60404c`
SHA3	`cab0b87867861997a7a03b362811b9052b40dea25bcd54a88c60956b6f6e9968`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.6735`
MD5	`3a69266d6258e81e65a29138c95fe2a8`
SHA1	`606560abf36b292f238d7ad4aa6c09ec8a21f8a3`
SHA256	`bc1cb94bcc63c8541ff535da88ed153ff3346db3fb93fc27fe87d414b2038dc4`
SHA3	`4204359c479df05357b6bf705b0d2961c1a4317d43977784fcf2835e25209f54`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73746`
MD5	`75705b8eedfc400d14f7ae9c8f40935b`
SHA1	`ebecc73c1403107ce631cc21a6c4262a4c0ee1aa`
SHA256	`c433628ee32bb8698e81f2ebb23d615e4bcf34ba954055410c64c3638c95503c`
SHA3	`3b0525e50fdad680ebf6318fef60a34ffd36ae26a82fa7bb4675d27b0227a0e2`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69265`
MD5	`76b057741da4577549a4b9ef8f585bb3`
SHA1	`4d4f6f821507639f8214bae9aa2be1f480b7e844`
SHA256	`b008246dad106e522b98810ce6bc1212c8f12e78a6f77506283782438ea5b65d`
SHA3	`acce4c5df16010fce31dd43cfe4645d11a9aadc7ccd5da162bdbd154c1ac9b78`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82573`
MD5	`2610c05771e702a41ecb8da0b04d0ab5`
SHA1	`31364061514f28d5a1d705779e53813dac0b3a33`
SHA256	`b971ae520635a90d11feec73c6569c869fa253b30f2f5c48e5db9a53a3011a0c`
SHA3	`65e991a0af2d28102ed025ead37c462f1c771a67aec8a9daad72e7a5713c3104`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12201`
MD5	`24e8eca8ba394adf26140b977971f9a1`
SHA1	`880457cd2862996cb8048208345fd97572d414c4`
SHA256	`9756f73802f079675e55f855935060a2fa1a6760ff95a6da7d172637c31068a9`
SHA3	`7e11475c5b7b6c0ca005e766cefc783671f31a18bb33fae09b647e8e80dd51c5`

1000

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78538`
Detected Filetype	Icon file
MD5	`53975c41e7520296015f9db3f16a6c74`
SHA1	`03aad254664361f296e2c982968d4afb537a573e`
SHA256	`4041084c14f8f142bf7919feedf1437c9bdb5c3040db4a2bd2b0cf387f006fcf`
SHA3	`79879cd09c0a4a1d24967b53fe230d9ae0fc1613299a75561402de6ad65509c7`

1001

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.36486`
Detected Filetype	Icon file
MD5	`f450601c55ed21618c3f1a5ba1f27a4f`
SHA1	`06f1824063568ba0dd86aacd8159af2cf3a47f54`
SHA256	`bd48b5685ffe8ec4a32dc5da2aff7b279e3ad02a2671beb80d1b8f44cf7e416f`
SHA3	`45ca28fd4210bca3d6a7a16d8f069db4d8b04dd5c88b05ed882aa5f0f570c7a2`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x250`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37002`
MD5	`2be06bc5c4b64b43cc94ae39026984ed`
SHA1	`fb61ae711f1993a6018bdc19869e126d7300b48b`
SHA256	`0b4b2a2868c5e811d147494fe2a9dece72020073fd689ad84e4607bd903d001f`
SHA3	`b98c636c6c51da75f750c3b7369f5739e7cb37f8b9b5bde9e01413c7362d270d`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x62a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.43258`
MD5	`5602dac80aa34949fedf5a3adc519226`
SHA1	`8b3faeb38fb455f0837ff64cbd36d377c24f0ec2`
SHA256	`c748338ccde75e60a1be8654ec10e1c3da8020cc2bcd6a1861f786128c77c87b`
SHA3	`029464c3e5cfe6faa139e93ed2a71c40227d4f10afddacfc97ea93ed860da7d4`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	9.6.11.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_APP`
Language	English - United States
CompanyName	AnyDesk Software GmbH
FileDescription	AnyDesk
FileVersion (#2)	9.6.11
ProductName	AnyDesk
ProductVersion (#2)	9.6
LegalCopyright	(C) 2026 AnyDesk Software GmbH

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Feb-12 00:36:17
Version	`0.0`
SizeofData	`133`
AddressOfRawData	`0x1bf329c`
PointerToRawData	`0x309c`
Referenced File	C:\Users\worker\workspace\AD_windows32\release\win_9.6.11\6141\anydesk\release\app-32\win_loader\AnyDesk.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x3b893055`
Unmarked objects	`0`
C objects (VS2010 build 30319)	`3`
C++ objects (VS2010 build 30319)	`8`
Resource objects (VS2010 build 30319)	`1`
Linker (VS2010 build 30319)	`1`

Errors

[*] Warning: Section .itext has a size of 0!

Leave a comment

No comments yet.