home

anydesk.exe

AnyDesk

philandro Software GmbH

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “AnyDesk Service”. The file has been seen being downloaded from www.dmschweiz.ch and multiple other hosts.
Publisher:
philandro Software GmbH  (signed and verified)

Product:
AnyDesk

Version:
1.2.2.0

MD5:
96db38f7e44ea1e4c994024f4f165c0b

SHA-1:
2493748a5d223643656b83be3b3e66786d796768

SHA-256:
c4cca9996d88213376c217a4c9787bba2c19b8f7d44a9964df308fb4c6afc3e7

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/29/2024 2:05:23 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.3.0

Trend Micro House Call
Suspicious_GEN.F47V0126
7.2.28

VIPRE Antivirus
Trojan.Win32.Generic
35326

File size:
1.3 MB (1,315,936 bytes)

Product version:
1.2

Copyright:
(C) 2015 philandro Software GmbH

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\anydesk.exe

Digital Signature
Signed by:
philandro Software GmbH

Authority:
GlobalSign nv-sa

Valid from:
9/23/2013 11:08:33 AM

Valid to:
9/24/2015 11:08:33 AM

Subject:
E=cert@philandro.com, CN=philandro Software GmbH, O=philandro Software GmbH, L=Stuttgart, S=BW, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112183F6AC0A7E594EA257BD986725A61ECF

File PE Metadata
Compilation timestamp:
1/26/2015 2:38:41 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:YGJsRAB4bzGuAbcZC9fc/eMMpA96hIFzk80rOVEb2mAVRMiO:FsCo6csF3IChC9kiO

Entry address:
0x2028

Entry point:
55, 8D, 6C, 24, 88, 81, EC, 58, 11, 00, 00, 56, 8D, 4D, 38, E8, 22, F9, FF, FF, 8D, 45, 38, 8B, C8, A3, 20, E2, 8F, 00, E8, E0, F7, FF, FF, 84, C0, 75, 15, BE, E8, 03, 00, 00, 8D, 4D, 38, E8, CE, F7, FF, FF, 8B, C6, 5E, 83, C5, 78, C9, C3, 8D, 45, 38, 50, 8D, 4D, D8, E8, 5D, F4, FF, FF, 8D, 45, D8, 8B, C8, A3, 24, E2, 8F, 00, E8, C3, F3, FF, FF, 84, C0, 75, 0F, 8D, 4D, D8, E8, A8, F3, FF, FF, BE, E9, 03, 00, 00, EB, C2, 8D, 45, 38, 50, 8D, 4D, 6C, E8, 25, F3, FF, FF, 33, F6, 39, 75, 6C, 0F, 84, A8, 00, 00...
 
[+]

Entropy:
7.9886  (probably packed)

Code size:
11.5 KB (11,776 bytes)

Service
Display name:
AnyDesk Service

Service name:
AnyDesk

Description:
AnyDesk support service.

Type:
Win32OwnProcess

Depends on:
RpcSs


The file anydesk.exe has been seen being distributed by the following 9 URLs.

http://www.dmschweiz.ch/DM-Remotesupport.exe

http://download.cosmosnepal.net/AnyDesk.exe

http://www.arminet.net/escritorio.exe

http://lb.cdn.m6web.fr/d/c/a/d300756fcf6bc25ecfa19aac6e1ed01d/54cfed7e/soft/.../anydesk_1-2-2_fr_431427.exe

http://download.silenus.com.br/AnyDesk.exe

http://fs41.filehippo.com/1952/.../AnyDesk.exe

http://filehippo.com/es/download/file/.../

http://dj-software.com.au/.../anydesk.exe

http://download.anydesk.com/AnyDesk.exe

Scan anydesk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.