Static | ZeroBOX

PE Compile Time

2094-11-16 22:35:44

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00025784 0x00025800 7.92891298934
.rsrc 0x00028000 0x0001ca84 0x0001cc00 5.79936561514
.reloc 0x00046000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON 0x00044498 0x0000005a LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000444f4 0x000003a4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00044898 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
c Q~|za
:vae b
M {:F%X
ra -tq
a KZ+ a
ra {Foba
-1Y xE
|_ef :
v4.0.30319
#Strings
RFT_056_17_30_81
RFT_056_17_30_81.exe
<Module>
ListenerProducerMock
RFT_056_17_30_81.Mocks
Object
System
mscorlib
CollectionClassService
Fjuoacw.Services
ValueType
Global
Fjuoacw.Common
Fjuoacw.Candidates
Connection
FilterRegListener
RFT_056_17_30_81.Listeners
PrototypeIdentifierContainer
Fjuoacw.Containers
IndexerInitializerFilter
RFT_056_17_30_81.Filters
Initializer
MulticastDelegate
Decorator
RFT_056_17_30_81.Templates
ParameterValTemplate
<PrivateImplementationDetails>
<Module>{faca513e-2c17-4944-9097-e768136cf6e2}
PrintModel
MoveModel
PrepareModel
AddModel
ConnectModel
m_Model
_Identifier
RegisterManager
QueryModel
InstantiateModel
min_key
VerifyModel
PatchModel
res_length
SortModel
ExcludeManager
Boolean
DestroyManager
m_Template
VerifyManager
RateModel
TestModel
var1amount
CallModel
DestroyModel
version_param
CompareModel
QueryManager
ResolveManager
status
CalcManager
FindModel
CountModel
init_Z
PopModel
SelectModel
indexOfkey
CheckModel
UpdateManager
InstantiateManager
GetModel
ExcludeModel
WriteModel
SetupModel
MapModel
AwakeModel
tokenizer
CompareManager
AssetModel
Delegate
Combine
Interlocked
System.Threading
CompareExchange
ListModel
Remove
DeleteModel
ReadManager
FindManager
IntPtr
Invoke
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
StartManager
ValidateModel
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
Thread
RemoveModel
Assembly
System.Reflection
ResolveEventArgs
Stream
System.IO
MemoryStream
GetExecutingAssembly
GetManifestResourceStream
String
ToArray
SetModel
ClassLibrary
Znnddm
PatchManager
TestManager
ConnectManager
CopyTo
InterruptManager
OrderManager
AwakeManager
IDisposable
Dispose
ConcatManager
ManageModel
Rfc2898DeriveBytes
System.Security.Cryptography
CryptoStream
RijndaelManaged
ICryptoTransform
CryptoStreamMode
Encoding
System.Text
get_UTF8
SymmetricAlgorithm
set_Mode
CipherMode
get_KeySize
set_Key
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
InsertManager
set_KeySize
SelectManager
set_BlockSize
CalculateManager
GetBytes
RestartManager
DeriveBytes
MoveManager
get_BlockSize
ReflectManager
set_IV
PostManager
CreateDecryptor
NewManager
WriteManager
SortManager
CustomizeManager
SetupManager
66840DDA154E8A113C31DD0AD32F7F3A366A80E8136979D8F5A101D3D29D6F72
m_f02a78026c3c4382b65f394a8b54986a
m_98d6c42779c04d48b58c174de8b1dc14
m_3dabbb769cec4e71b3e841d760474e9c
m_fc9292bf7d3147bf95c2cc6f2e85df19
m_d35914ae81af4224b0c27a11aec2ba87
m_e242572a509e48838059a358c3292d95
m_1321cdeacd6744158ec0ec351f5eae18
m_4d6b274052da4c609a40851cd6258c65
m_753e920586234922b7e8bd9bae93d26c
m_e0768595b65240a88288990fcf2d35e1
m_601976f5080340b09364b41a9fb7ca2a
m_ee88f7f35bf349678e657d548e22f5df
m_b4772793f1b34d30a37ae51465225698
m_4fde44cf83c1485db93341e079c45f83
m_374b4ac1a459409fa41c36d7283d44f9
m_acf4aef5bb18426b8a02f11bdc154af9
m_ad4a3abcdcb348ed9fab81446bdfe2e3
m_0f7aefcd9ec14b63855148471e4d3620
m_ede89a2107e24d5a9faf46b75f1f6553
m_1fce97a9260d47ac8847bb0e3ddee6cb
m_b6f792d7ecae421c9aa142ef8ceaac51
m_2dfddbb40f6b4446a2ebdb117df9e62c
m_e390cb2a5f464aedb525da9c363d79c5
m_3e0a9577419f4157a76cf26f319d124f
m_debedecf338b4add9b0509167e298857
m_de5e478bb42f4e0d911ff345a004f90f
m_8b78abfbf120419e99c4b6f158f8de29
m_769a883c902d4ca4827d8b4f19db03a1
m_52ae61141c37479c932c4b558adc25dd
m_7edd444f959647e5bece03ac16616bc5
m_8845d765e4574cbeafb5fc845b3097a0
m_1d87e41187d84362a29891e384912d34
m_32752beae3fb4c1599638463e74e5da0
m_cd5a4d711f0f4b80a46439e21d1842f6
m_a424715b65264a8483d59d7dadb382cf
m_4f5787bb66b44d078b939568289cadcc
m_ce1dd3b328ac41f2b4d564a0045b78d8
m_8eb7cf7406d541c79c2f686b6dc1e6ed
m_73338f5eb53447a0b0daae68fffbc884
m_677cc2df5e7844c391da7aa43b5583d5
m_c18b6b87eaf148209758dc54dc84b963
m_b589bd7806b24e4f8e8035f3e1db37ad
m_672f239f83f044b89fe101668f8eafb8
m_2342113c7ea1436d9fad713cb7a4499c
m_f8fba9916c674bb78028d83e727634ef
m_e4cac0ea7bf14cf185f87ff9713c49f4
m_09a094e4cf8047669f445c68c703146d
m_6d7a7cc4260b4a3a85d8518f945ed607
m_156f12a888c34afb868e261fe668340d
m_3d73b0e0c8c743629153b466b2a90fd3
m_a2fb9d03a5fb436da089b8ac9624dc83
m_f9cfea7448be4fd18bf5dbb2c4470187
m_07c15e8d167a4b029c7ad3542f5d0121
m_ddb94bea6e60412c813a3f4b2b678727
m_86653dd3b6b3403790e682a4ff42b278
m_5a335b5c3b5e454e8492c163f6650648
m_1e9d881389d340d2810b419d92f1195f
m_2167cfeb70d04d05919c1b4d7ecd21ae
m_725a70d63bcd48dcb1a448940c464770
m_5c6ffe742dcb49e886292cf3014fccec
m_b6502447ef9840909a9012a3026e3681
m_90f5464b3fba4816b1f5e1b3733d8b78
m_afa5f26cced54729aff405c4d8754f00
m_3dbf1f698c5b476c9a48f6ac2fd75f4e
m_8436bed66a0f4719b2e1c68ff4e3face
m_5f0a0e5397bc4945a89f4bfdbc28ef98
m_91313e984f944bf29d535ae4178641e9
m_1e3c07c0196d4382adc75fb21a1537cb
m_4ec77be1016343f684e813e9207280cd
m_4d6dda9cde754f879aa0b443fa6abb60
m_836de06b41c84a79b8003cd20cccdd43
m_1946bc3531884192977d1e57e67d1541
m_f4f0666d5143467aa5110199734a8ff4
m_8c668190c7c64ea6aa83361654b740d4
m_7201693e440c480cba49cd83f65cc14b
m_64a8c7824dc94424ae464155faf3acb1
m_d56c17cc248c4e8fb361543ff9303653
m_972569fe11434c8b8f557d5b52b3bee5
m_2e2952f7df5849a892fdf66be5ed5b46
m_e224ec45457a4bf1929be801c1fd7158
m_bc6da5e4ffc9462ca6e771ed0196c5c4
m_3b6e465283d245af8d111dd8cbab849d
m_5976ac8804a54787a277d1ee12563e06
m_3a47a3309c0e4bbea31d23e1e32dc878
m_2af0fdc7748d4005b67b9f7bd5d08f75
m_fdca060db76b4113b7ba73e7bf05931d
m_8ec94c9869b14b61a69c3ce5e367be44
m_d2c51f19e8f848f0ab717a8831987108
m_87ed5badcfcd49c08dee2f950d731857
m_e6032ce8a6bf4c04a30b81f459f66612
m_d93a8d52d5214b74bfa6a735b2cdb278
m_250caa7dc01947118135d8b7d8ed0526
m_29954ea545bf4d0e9355c18554862d70
m_2f96821da22c495bbdee882a4cc031e6
m_fbb6d6cf4f4048cfa9f8c985c3ae0efa
m_8267ae408ef741f78f7e023c4a48988f
m_43d273e9adb64e31ac8fa14a9462e7a7
m_503b5af1b1764d58b31d8fd1c4bc03c5
m_774a6a80f2a548429c4d976df05c1e36
m_b1d7f8d769db4bbcac23366acfcfbfba
m_aa19c76ef89b4e5d9bd09f499e2d80f5
m_a74ed78b8ee8483b99953db0d3afb39c
m_c2f0461a74c74891b1f84f6a2172c6fe
m_4a742ff8d1144741b9bf7bbeb93535d4
m_3ab5bb24f6154617a1ff6c046398b42f
m_8227d0dcfe0f4ded82042e30c6fc0bf7
m_2bbf4536136a4f8d86eb4266aeeba7a2
m_b969b53142124621af12b39503e329ee
m_4ec8afaafca5454ea47fe06b471abeb6
m_1123e923526f433493177564e054be06
m_495a208785ef4a5ba29d453dc9611042
m_64021fc5631b499faa306b076baa0ea0
LoginManager
.cctor
f4cc3764b02bb498eac7b57e13f8b8cc1
GetManager
SetManager
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
STAThreadAttribute
Gwjqhdqjtbcwig.Znnddm.dll
WrapNonExceptionThrows
Telegram Desktop
Telegram FZ-LLC
Copyright (C) 2014-2021
$dc3d3f6e-72cb-40b0-bdcc-4b4b212ba32d
2.7.4.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_SoE;n
$kQ8bP%
9d,ebAB
w\%eef
,V:IiG
n;=` )j
(M\wtL
N/r2<\P
`U6;}->
YR^ s\
KiWB3w
*C#~4
A{*V5"
fCD 3D3
/SN<xOv
(o@\I_
#KRBN:
?zZ:#3
XkD9I4
8_Y0+4u`C
Euvg2<
Cn%s^'
lvv)s @
o4!vT9
_w+U1V
CJ[MlPK
l}R {ni
>OZ}0
LE1XwD
6;qH|2
Uag{dp
V1m9Kc
S(!Zq3;
8s*'zgRW
mWwhX9
l9uz5
|[3.4LG
_ZDTc@
!ZR2%
@k>w/lZ
-U;Q~<
R?H1H&^
!I eW-
{%[Nv%
,xH?yi
~@x{\5
=5Gj,62
tuz-[G
18K}0^
q;EdAu!
8%bZi{
ARKT"
+Ek+&w
'@I4&1
X0\BMX
?Kekhg
C&lxy*uZ
v53I_J
Wl9j,~y
0^FL8
?%Wd1nsh
{xk2u5
!0s"F`
F?S>]{
zB1oEp
"J$:`ajn
Qex1ZxCS
_*{0Di
Zx?Z*S
T'.#oZ[
w8c<O|
{+Nt%Yt"'A1-E/$
FlnPnd
5Ubh@V
B}KFMv?
//f)L\<
>-@&'Y
l'aZblq
J~+/9C
FoL>Ob
1/_Tw2z;
PYnY'W
Ed_[!'#Z
6@\'}3
IkK}f
}6^Zu*~
Ze<:KQ3
[p;D,X
<?atkcO$_
biO~2y
<2!jJP
zY&Bt_
,.CTP2
}"7Ua?
3)Vuk0
[lFxd&
"c11!H
.Y!{7K
dbyFq$
t}JZ#U(
wu\WuQ
vVS5Ev~
NLE9gG3
s]_>#u
PzY;+O
ptZX-2e
?mF[h-T
*!LWz
_fvPqja
{4H?Ek
OSY*[.'gu9
3l\kJM
4ic507
l%nj9
S^Aol&`
qc`jEO
a4aR.)
*\zq6yA
N.!n-]
u/.mE
^6Co{
irz=&s
PH(i\+|
L{0nmv5
]feqT::
pJHD~O
vas+A7Uz
!A6*c>RiKA
"-+?ru
+5 PL-SGi?j
o<sy~f^(
+4R0 K
`-pmY?
H/{.]:
?sXF.m
S3O9VSjxQ
|"xXNw
[;D`>"I
O7{t/+
{fa>b|
'gNk?I
CS#{ #(}Z
44pBOJ^
,nE@QY
K]F3b:
YtP;4"
M-Ui".
HW.s<$
-FtIT[
j%u Y@
v&qA!a
%'gHmgp
*]a+YKJ,
2B.si*
o5Bf}i
c;U=xUZ
xgYuAK$
^b!3eoKe?
A<`s~~'
A[ZI&M
_@5T(JGf
*4=-<;
kn7UQFxzv
Yg9DEn
]%j?a:U]
C:mPCA/
!"9wsPj
BE>X]
jDwk\6
\a2C!j
n<]yl@
Z'8mqT
=Zg,;1
B@#11S
~R2K.#c
fUZ&Abr
CP3CS*
rOl-RI
%Ly~%:
iS*}Q7_
-Z=eR*:
78A"KY
o_F- *+
jGN%u[
j]kSbl
eN'a,P
RF+*a(6
C5Nvej
mnZ0T)
VRt!,/
R~2FS1d
x6TzYUuj
r.TP8e
)Jv`F0
'qUMYe
0oA309b
CP:Dt0.
u-<^fCe
0*foI
|"N2a2
.,jO^J
Eedh}"
NiZ>]_W
sN?KRcqK
V=*'O<Z
+R9`SD
WPSbG^
[t{tn9L
P".qM4 l
X$hTsC
N?ppx9h~o
u5d#DN
l7~HfZ
{U|p@+F
J%uG!9
{ks7a8
kOG&UO
X+rflXG
AHn{'V+q
Mx_;~)
H828,4
.vc]V;&
E@foA
o+PlG8
pT7=jo
ly^}c
butE'j
dO7HJ2Xq
t;NORQfW*
c6R*>>
<w1|!o
e|T6RuM!V
?3p>5+
uE]+3_
h\KFn1u
vx"Tt-
HQFP-C
eC?V-l?
<oM]?m
)H"#&Fn
6k7`;l{
W;?lj@
_CorExeMain
mscoree.dll
=4IDATx
#G)E4A
8E\QAi
'$]9J)b*
MrBZBB
<G&dV8
)PQiUX:
msG&@i
&DpnXR^
|&j*B!
=k=L2&6
|<Y-Et
lJ-~xQ#
@}^+{*
ys?_?9
UJ]$l:
;t?M0;
H?)g-8R
=g*n=wZ
t$Bl{C
'O*\P~`
="vH)p&
fxh}'b&
=F?H$$
Ah+iG^9BW
x,ok`W
al(%@"
[LT22f
22GXUS
n|xVy8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Gwjqhdqjtbcwig.Znnddm.dll
Gwdsma
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Telegram Desktop
CompanyName
Telegram FZ-LLC
FileDescription
Telegram Desktop
FileVersion
2.7.4.0
InternalName
RFT_056_17_30_81.exe
LegalCopyright
Copyright (C) 2014-2021
LegalTrademarks
OriginalFilename
RFT_056_17_30_81.exe
ProductName
Telegram Desktop
ProductVersion
2.7.4.0
Assembly Version
2.7.4.0
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.46442939
FireEye Generic.mg.c1f2b32fc6c1f691
CAT-QuickHeal Clean
McAfee RDN/Generic.grp
Malwarebytes MachineLearning/Anomalous.94%
VIPRE Clean
Sangfor Trojan.MSIL.Seraph.gen
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.46442939
K7GW Trojan ( 00577e181 )
K7AntiVirus Trojan ( 00577e181 )
Arcabit Clean
BitDefenderTheta Gen:NN.ZemsilF.34722.qm0@a06kDmo
Cyren W32/MSIL_Agent.BCR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ABHY
Baidu Clean
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
ClamAV Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
AegisLab Trojan.MSIL.Seraph.a!c
Tencent Clean
Ad-Aware Trojan.GenericKD.46442939
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
CMC Clean
Emsisoft Trojan.GenericKD.46442939 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Clean
MaxSecure Trojan.Malware.300983.susgen
Avira Clean
MAX malware (ai score=85)
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Agent.oa
Microsoft Trojan:Win32/AgentTesla!ml
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Trojan.GenericKD.46442939
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
TACHYON Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0DF721
Rising Clean
Yandex Clean
Ikarus Trojan.MSIL.Crypt
eGambit Clean
Fortinet MSIL/Kryptik.ABHY!tr
Webroot W32.Trojan.GenKD
AVG Win32:CrypterX-gen [Trj]
Cybereason malicious.7d45d3
Paloalto generic.ml
Qihoo-360 Clean
No IRMA results available.