Manalyze report for 64d3b02073aa813c69cf0ca52182fa37

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Mar-08 18:13:01
Detected languages	English - United States
Debug artifacts	C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb
CompanyName	philandro Software GmbH
FileDescription	AnyDesk
FileVersion	`6.2.3.0`
ProductName	AnyDesk
ProductVersion	`6.2`
LegalCopyright	(C) 2021 philandro Software GmbH

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: qeMU`
Suspicious	The PE is possibly packed.	`Unusual section name found: .itext` `The PE only has 0 import(s).`
Info	The PE is digitally signed.	`Signer: philandro Software GmbH` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Safe	VirusTotal score: 0/69 (Scanned on 2021-05-03 21:37:20)	`All the AVs think this file is safe.`

Hashes

MD5	`64d3b02073aa813c69cf0ca52182fa37`
SHA1	`f9aefd3d984cdb4866c110f08407f1989eff7fb6`
SHA256	`1c702e234542e2bb53e45211cc3ae4426a5088de9510dae58a9ff8b7a65e294f`
SHA3	`de82468b0bc544ab7be3cc2fda9b2d3a2e7974eab59fa5b7aac4554892649fdb`
SSDeep	`49152:/4zJlO9Tddc2cC6ohU+5Ja0EbMYp0PHJ3zgROYbhnUvOVhYoST8RQXoYz+lJI:8+dYaHUeJabdipTchUvEhZSiKpKI`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2021-Mar-08 18:13:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x2a00`
SizeOfInitializedData	`0x38c000`
SizeOfUninitializedData	`0xa42200`
AddressOfEntryPoint	`0x00001CE9 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xdd6000`
SizeOfHeaders	`0x400`
Checksum	`0x397821`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a0ceebb5fd42f8b86df86518cce19f16`
SHA1	`6ee3ef377e65ae5c50f83a4cabfda820e478e957`
SHA256	`8322ccbd6a595f0f76e491f85c2bf9a280c9a72adce903b70d89a47e3ac18113`
SHA3	`72305d24206867e2c92c4dff7581185e93da14c26a0f69efbfbb7f1c0d7d8628`
VirtualSize	`0x2835`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51207`

.itext

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa42200`
VirtualAddress	`0x4000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`b9354c5ed4a14ca38768bfe0135130eb`
SHA1	`8b7d9ae867f97810ffcce0bc12b8da2f1b2099a5`
SHA256	`3fcc76a52a09ae832745c618189081ccf1fe311177311c5a9d1b18c6a9c4a512`
SHA3	`fe1cf068be08070a2796525edd42a380d72fbfd0abede51171a7b1e60f1329a0`
VirtualSize	`0x2fa`
VirtualAddress	`0xa47000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.62601`

.data

MD5	`3caeb2a361fe91c222608caceb2f4cce`
SHA1	`d53fa69af8a73ca48ed4197eb88936efc22698cd`
SHA256	`8cc8642d41f312a3cadbf7bae7af8ea70ad60b1a380c8875b7f42070d1a46890`
SHA3	`55fe944588996f1dac5e5cba921b5b3b74a0ae67f515f5e92177ddde1a1d34b7`
VirtualSize	`0x38827c`
VirtualAddress	`0xa48000`
SizeOfRawData	`0x388000`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99995`

.rsrc

MD5	`701643fcdb723eaa3a269037fdd6b8f3`
SHA1	`323a00ee6dca50c76d872c8050640da97aa40978`
SHA256	`4612454117fc4b846f2700aa9092c4257d8d708eaf1c70cef6867262c548bdbb`
SHA3	`422c8aead9fe08607fc2c97d99bb335d44e048d6215474540fab12f6d261aba1`
VirtualSize	`0x3290`
VirtualAddress	`0xdd1000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x38b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.68372`

.reloc

MD5	`95aa79c39ba19e7065545a9504efb057`
SHA1	`0b146f6223287e78734c21d004fd6e2764080bdb`
SHA256	`d909b4b19ef8c89005170ccce336cef3c4390d831c9dd2480dd95cceeeba9382`
SHA3	`8a336fa1a4212c3f4a719a03b8b4136c86a4d57a1cf343ec42422a5f6b60c59b`
VirtualSize	`0x300`
VirtualAddress	`0xdd5000`
SizeOfRawData	`0x400`
PointerToRawData	`0x38e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.18127`

Imports

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b8e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83901`
Detected Filetype	PNG graphic file
MD5	`c88936dd1a7d59c4403d6babb04dd87e`
SHA1	`cc33904defad90d05ccec92b7fff7d5902941795`
SHA256	`ea057e896209478d8290a1b526cae84f2509678d866d08382614707f3b710d47`
SHA3	`28528f7316cb893a622c6611bbd967fcc40de2bf615e7332dee0fbd31997398e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.29968`
MD5	`092bef43014ecb8adbaf06131ce5e40b`
SHA1	`1b15bd67961afbecb0cbbd1183c2d0dc9ed9e7cf`
SHA256	`f50850ec3e997252b5533691868d04c15e923efe4f694c0ea8126f612e60404c`
SHA3	`cab0b87867861997a7a03b362811b9052b40dea25bcd54a88c60956b6f6e9968`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.6735`
MD5	`3a69266d6258e81e65a29138c95fe2a8`
SHA1	`606560abf36b292f238d7ad4aa6c09ec8a21f8a3`
SHA256	`bc1cb94bcc63c8541ff535da88ed153ff3346db3fb93fc27fe87d414b2038dc4`
SHA3	`4204359c479df05357b6bf705b0d2961c1a4317d43977784fcf2835e25209f54`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73746`
MD5	`75705b8eedfc400d14f7ae9c8f40935b`
SHA1	`ebecc73c1403107ce631cc21a6c4262a4c0ee1aa`
SHA256	`c433628ee32bb8698e81f2ebb23d615e4bcf34ba954055410c64c3638c95503c`
SHA3	`3b0525e50fdad680ebf6318fef60a34ffd36ae26a82fa7bb4675d27b0227a0e2`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69265`
MD5	`76b057741da4577549a4b9ef8f585bb3`
SHA1	`4d4f6f821507639f8214bae9aa2be1f480b7e844`
SHA256	`b008246dad106e522b98810ce6bc1212c8f12e78a6f77506283782438ea5b65d`
SHA3	`acce4c5df16010fce31dd43cfe4645d11a9aadc7ccd5da162bdbd154c1ac9b78`

1000

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78538`
Detected Filetype	Icon file
MD5	`53975c41e7520296015f9db3f16a6c74`
SHA1	`03aad254664361f296e2c982968d4afb537a573e`
SHA256	`4041084c14f8f142bf7919feedf1437c9bdb5c3040db4a2bd2b0cf387f006fcf`
SHA3	`79879cd09c0a4a1d24967b53fe230d9ae0fc1613299a75561402de6ad65509c7`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x258`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37473`
MD5	`b34a737049361b470aa18a9f3a0b051d`
SHA1	`591a1310eca44be4f3d1f50cd074095c252dc30f`
SHA256	`a9363009a16353034253510d14cd242a441168ab3799569b32d5d8e2c9605f68`
SHA3	`f1a79c077d95d0f5ece14af525910e9420ecc7b82d2355ea155e1ccf985c3a09`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x607`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39342`
MD5	`b0e3070dd9b8b8fcfc94357620c55977`
SHA1	`df3fb3c63a2af18f2cd1ad1b5393fe23a9d02d99`
SHA256	`7f4d763eebe47170014c00a7cf443b401591973e056211f89df1e984e49c0463`
SHA3	`e6540a65c47dfe6637be941660618ea9496ad01237be454c42e23b191461af65`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.2.3.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_APP`
Language	English - United States
CompanyName	philandro Software GmbH
FileDescription	AnyDesk
FileVersion (#2)	6.2.3.0
ProductName	AnyDesk
ProductVersion (#2)	6.2
LegalCopyright	(C) 2021 philandro Software GmbH

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Mar-08 18:13:01
Version	`0.0`
SizeofData	`94`
AddressOfRawData	`0xa4729c`
PointerToRawData	`0x309c`
Referenced File	C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x3b897dad`
Unmarked objects	`0`
C++ objects (VS2010 build 30319)	`8`
C objects (VS2010 build 30319)	`3`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 build 30319)	`1`

Errors

[*] Warning: Section .itext has a size of 0!