home

anydesk.exe

AnyDesk

philandro Software GmbH

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “AnyDesk”.
Publisher:
philandro Software GmbH  (signed and verified)

Product:
AnyDesk

Version:
1.1.5.0

MD5:
39e7b774aaf2073e516842a651580ac8

SHA-1:
f32008f505f7404678c112548dbfd8c0d292f40e

SHA-256:
17a4d7594f930eb6a0dbc9fbd6a8e941408d0281a2b0361f4021e8d91bfa664f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/16/2024 5:22:43 AM UTC  (today)

File size:
1.2 MB (1,261,152 bytes)

Product version:
1.1

Copyright:
(C) 2014 philandro Software GmbH

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Digital Signature
Signed by:
philandro Software GmbH

Authority:
GlobalSign nv-sa

Valid from:
9/23/2013 4:08:33 AM

Valid to:
9/24/2015 4:08:33 AM

Subject:
E=cert@philandro.com, CN=philandro Software GmbH, O=philandro Software GmbH, L=Stuttgart, S=BW, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112183F6AC0A7E594EA257BD986725A61ECF

File PE Metadata
Compilation timestamp:
10/6/2014 8:06:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:erWefaER0wXNymqe7fgwi9XExXpxrLTBNOgNDQbDsilWgodUzoupLlMxSOIH6OOj:deiG0w9ymqeLgTCX7RN+bD1SdUnDMhOO

Entry address:
0x1F40

Entry point:
55, 8D, 6C, 24, 88, 81, EC, 50, 02, 00, 00, 56, 8D, 4D, 38, E8, 0A, FA, FF, FF, 8D, 45, 38, 8B, C8, A3, C0, 4E, 8C, 00, E8, C8, F8, FF, FF, 84, C0, 75, 15, BE, E8, 03, 00, 00, 8D, 4D, 38, E8, B6, F8, FF, FF, 8B, C6, 5E, 83, C5, 78, C9, C3, 8D, 45, 38, 50, 8D, 4D, D8, E8, 45, F5, FF, FF, 8D, 45, D8, 8B, C8, A3, C4, 4E, 8C, 00, E8, AB, F4, FF, FF, 84, C0, 75, 0F, 8D, 4D, D8, E8, 90, F4, FF, FF, BE, E9, 03, 00, 00, EB, C2, 8D, 45, 38, 50, 8D, 4D, 6C, E8, 0D, F4, FF, FF, 33, F6, 39, 75, 6C, 0F, 84, A2, 00, 00...
 
[+]

Entropy:
7.9882  (probably packed)

Code size:
11 KB (11,264 bytes)

Service
Display name:
AnyDesk

Description:
AnyDesk support service.

Type:
Win32OwnProcess

Depends on:
RpcSs


Windows Firewall Allowed Program
Name:
C:\Tools\LoadE\AnyDesk.exe


The file anydesk.exe has been seen being distributed by the following 8 URLs.

ftp://ftp.mecsolucoes.com.br/www/.../AnyDesk.exe

https://api.asm.skype.com/v1/objects/0-ea-d4-91a4eb87fe94412cbe615f25a8490a6a/.../original

https://api.asm.skype.com/v1/objects/0-weu-d3-b2e79de7dd9c0fc36971c3ed9188863d/.../original

http://vi.softoware.net/get-anydesk.html?ir=1

http://files.downloadnow.com/s/software/13/82/51/.../AnyDesk.exe

http://files.downloadnow-5.com/s/software/13/82/51/.../AnyDesk.exe

http://software-files-a.cnet.com/s/software/13/82/51/.../AnyDesk.exe

http://download.anydesk.com/AnyDesk.exe

Scan anydesk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.