popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2050-08-28 12:53:26

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x000240e4 0x00024200 7.96619272308
.rsrc 0x00028000 0x0001ca74 0x0001cc00 5.79887878316
.reloc 0x00046000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00040270 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON 0x00044498 0x0000005a LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000444f4 0x00000394 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00044888 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
^,Pc m|
^,Pc m|
afcY c
;f]d
Fe e,J
Xe G(k
^,Pc m|
ef Gl0
v4.0.30319
#Strings
ConsoleApp13
ConsoleApp13.exe
<Module>
ConfigurationMapperEntry
Onynkqxsos.Database
Object
System
mscorlib
PagePolicyAdapter
ConsoleApp13.Adapter
InterpreterInterceptorImporter
ConsoleApp13.Importers
FilterDicDeSerializer
ConsoleApp13.Serialization
ManagerAuthenticationVisitor
MulticastDelegate
WorkerInterceptorImporter
ErrorBridgeID
Onynkqxsos.Identifiers
<PrivateImplementationDetails>
<Module>{ab9a1523-f7de-40d8-b16f-663b4ff4adb1}
RegisterTests
SetupTests
SetTests
CalculateTests
PushTests
CollectTests
UpdateTests
QueryTests
RateTests
CallTests
RestartTests
LoginTests
NewTests
ResetTests
RunTests
GetTests
Delegate
Combine
Interlocked
System.Threading
CompareExchange
ConnectTests
Remove
CreateTests
IntPtr
Invoke
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
CheckTests
Thread
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
SelectTests
Assembly
System.Reflection
ResolveEventArgs
visitor
Stream
System.IO
MemoryStream
GetExecutingAssembly
GetManifestResourceStream
String
CopyTo
ToArray
IDisposable
Dispose
SortTests
ClassLibrary
Bpoksyy
InitTests
RijndaelManaged
System.Security.Cryptography
Rfc2898DeriveBytes
CryptoStream
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
SymmetricAlgorithm
set_KeySize
set_BlockSize
Encoding
System.Text
get_UTF8
GetBytes
get_KeySize
DeriveBytes
set_Key
get_BlockSize
set_IV
set_Mode
CipherMode
CreateDecryptor
ICryptoTransform
CryptoStreamMode
66840DDA154E8A113C31DD0AD32F7F3A366A80E8136979D8F5A101D3D29D6F72
m_5dbd93a5daa7414bb68bbe056a41e17d
m_07af6ecb8e94465fb35360699ce90f0b
m_f961dfd58adb4b48a19f3f92e123acbd
m_05274309991e4aafa5862fa2a6eabdbb
m_8cb127d3d2be4ae89853bef0593d9029
m_c683fa60cf6340dbabcf58135f1e5c2d
m_09073e7e56df4228a59568f80139f5c2
m_e9ae6dacff314e55b726de7f45bec223
m_153429e756a645d3b55c60eb76ef6a10
m_5a38f019d0a04506a74c4ef74a9b9cd7
m_7bfabd59fc9b4f96aae9289f6dce4fc2
m_d511db46867e4697915ccb8a750c7dcd
m_c3e53d276b9340b19d184712b4ee9029
m_78ddd75c7da847f894f82e6bc5bb4080
m_be955f6f0a284f1b9bff6e80e2b1d24f
m_b16e8f5c2e51429f807b8106939cd468
m_11169d795f694869a051760f71e75e74
m_89a3750e8d714442b725d996d109754d
m_2cb738c8df584714839249e88cc2c531
m_da107b7cd30341b4bbf8b106613860fb
m_235ddfc389e14bc29dd81a89ab2657c9
m_1ccba214e0d54a289943c701926fb1b4
m_923c9599b3d249b78cab6dac2650d637
m_a0bfc27804c449aca242bdfc1e56e50f
m_69b68b20a40c496a8a4a3f1a00c78780
m_3c78963af3644932b3c578d7acf380e4
m_47751a640b714137bcced3db0c967abc
m_87bdd0ca653b43ff88b4eabd02687f5f
m_b39294ea4d5d4406bbbc08a25190dc96
m_adb82c0e08eb4b4a879de964a32d4e31
m_f4d9c2e520464ed19c54c4e8bf6685cb
m_08541e126b4d44caaadbb555352e2dc7
m_f262d47554264d1fa131be212604f8cc
m_401a4c8777d34145ac68150ffa6d00a0
m_cae7f40247a84604bce4cd807c245782
m_4c31e37f3c8b442e94bc4d0f3fdb007d
m_30d1167705a34686a95f906b5a747a8f
m_6abacb6ba4214dd080c0e437b51d2827
m_416ac73035ff45459edebad39803fe3c
m_e4ac1ac2ad9e4c1fb416554176b0502a
m_5c041f4101c64ec285ecd06508316588
m_f89639cad6314d7bb73a1d8f90aaeca7
m_e582dd7308a4411e92761606e7161c3a
m_d8aa0890f86d4e2ea80f8a4d1cda0681
m_3174f07b431e4cf19d60f17bd4f65bda
m_c800a10df5e84ec79b93af1ac294a20e
m_db70144317604b00b3f39d916c85e840
m_df7e5dd12b364c7f8c74f56601015376
m_366d4c505f434c92b7a6fbff9d0ffaf8
m_ea2e4970fd7f46ecb413b0b5eb8ce6f1
m_31d81be47405445196e8f9a5da3de25e
m_12cb7863cf584f48ae11952cf14be3bf
m_df599ee5720c441c910d7b90e0d10868
m_577c1d5e0f294a138b90c1be8a80308d
m_22332ac5edf04dc287efa6aee4809fdc
m_fd4fdf8a9a654a499552f7ca9184cea8
m_99c2ff1197894d63a2089bd6ef421f49
m_311baae7e3564c95a5155130aa6c1f6c
m_3d05f8fb8d324c59918a08a38c01931b
m_30b2cd7b28f34a998b3796cbc647dc47
m_c65ef589a84848e79097f7655570b7f9
m_02d21aeb14b04e95aa97617c4f4f2dcd
m_1e16a4d37db3430dad44013cf9a6cee4
m_89070184832a4bbba8f206701e452631
m_a648f86507494562a2af625c892c7c8f
m_3ce908d7bdba4f2fa8e16392ab758805
m_69a07a62bbe04fe0951d34b6b6ae8cf1
m_f0df0345918545fb99c62dab6dc86a91
m_32ca1efdb5f049ca92ada06799fb0c03
m_857312b62d2a49bf8e65a79eb5cf843d
m_49f394e90d5344eebad7a524469ba31c
m_64977656d7e14b53bbe5420d7ae298a7
m_fb9ed1e63445410297c2bb03e86ab708
m_8fcac1a05bce4d479016723ec66dba64
m_6583ecd4435445ffadf7f2f86c0ea116
m_1afe643ee96f442e8c1de7f89613c875
m_1ecb096383a34abe9b28d579ac441caf
m_049503f498a14543822d05ffa6bb399a
m_6f778d0defa346d2b2614110e84e7479
m_de2d3e8063d942b88de1721635302169
m_7def7b2a98aa406f9828b13d81ede265
m_2473a5ffe37549329d35382a4d7a78f7
m_ec1c42cabdff4735a487ffc63fdd5135
m_0201a6af527f47bc9e327ca847693613
m_d9541d36edce40718e48d07c759f4c00
m_1bdd98d6489342bf994c4e0a57897f46
m_e0c6ba00f2284e6687cd4c30c6f4f573
m_3cd87b259327497f9c127ed8ade95f66
m_b492e06df936403e88d8ed9536e7d800
m_542033f490f7449d96ffc211cf686963
m_08f599ed58b844698f64ca8403d4cdeb
m_cc5897ebc64f42be9296d0c9d5cb75b9
m_a1c87687a4b740d1bf625e330a1d7050
m_1502b994603944149f0d3bf625c82258
m_14b223914ba54b21b51fb2c8451b8bf3
m_b3dfe0f7bd3d49379db3246d42878cba
m_99986ef58b7446e78da5d3595fa70831
m_c77d40a248a241c08f32fcb256fbb540
m_2da9fc33aebd4ff0b04874a3d66790ef
m_32ea5c1bc10342bc87e513eb4d5f26a3
m_749dbf37fd7f4bbdb7b0ebab17139559
m_bd1dfe18ac7348b0b0c13c8d0b723afb
.cctor
ga0feb61bc08b4eb2a660aacc0ff0dd11
CompilationRelaxationsAttribute
Boolean
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
STAThreadAttribute
Onynkqxsos.Bpoksyy.dll
WrapNonExceptionThrows
Telegram Desktop
Telegram FZ-LLC
Copyright (C) 2014-2021
$f261e520-79fd-4e4f-ad98-9f8d2d0d3236
2.7.4.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
pZa[\C&
TYQauq
P<a5s#%
glDSs!
w>vIH4
M&dU!X:UQ
ch>u"%
1'JJ8X
y+Y)>hW
oI%|/d
f6sgwP
4oF!*p
M;i>)F
yFa )~fg
ng9ruOf
%H4~"7F
mcZ0U{X
o%H"{?
YXU16O
OH<]Wa
`rU&5s/xM
$a$i03@
i~%yXc
iO"9@f=]v
P;W?/\v
PC89@
6xn^f+G
+.`Mgd
l*Lnl\F
1G,6i$
%YG~0l
D=Kqw
HXZZ>+
chi-Ar
KXHJH
C9Sw>pItnU
xzDSva
*ntl"&
8]KVu&
N=6Ip=
]{*8o/
tP]22v!"zE
QHL_Dk#
XnEF\w?D=n
ECaI%)
8.vwT)B
[o$S!
Kll>JS
O2ED#t}
bJ-7Bxov
T"^\X:
o2YxL
V#RH_OOb
^) .c{
IwND^^z
i[-=k
b[.A<Uvb
:d7>;]j
C/5r3q
V}OR{`M-
v3Qqwj
A<D5QN
9(ta:/$q)
OT1j\9
s4FGIHvT
<S=&zN
`W3oat
Z+p&s+
:x2Tdf
y]5dOb
spAV@wOMB^
W&c<pG/
I2X-G>
6tZ!PA
n bs)O4
K}JBf'
L@z3C0i
g\nsMH
AOSdF
;fClb }
Q-D*y5
3^=d7s|
3|u4\G
E<V]CG
7AVT'mK
7NwC-o_
V}dEs$
FGA4j0U
VpZ2# E
.,.103D
8@9`LIk
xkPU|n
|>dVcO
2`hUr.
UyLD9x2
1w?U7@
LMGl$I}|
dzt(Y1
#YcHP\
-.!0Pv
A4By<x
"Q,]l
]R0]c+
)G;X'f
<>~mku7
N}I?+za
&2{akd
b^`f(e
N!.bA*
F)H=h7
9+Y[AWv2]
pJ#m98
3|CN}nE
>'$OlM
yL5^9Ik
_bE|s;
RT/^ZBg@
zR6^Nh
8gBf@ ,H
.w/K[*E
UC)Utc
/NsVM3
F}SCSd
+pSu&A
T?Z2jpq
^quy9R
;<|s.BR
(TITP"
>{FFnpW
OwGI >P
sjfQR47
m[Dxwc
bZt5Qq
#[]df\%
'O:i;@
(QF{)wI
kD\Yms
4Z3.#.X
owC>jB
pj:J2P
c7r}SK=
CKG)hG
$i4oBW
Ij32c;"
W/X,A0
e5\]O4
kJ]i7O
MgfbL/
f~46Ys
@9CGRy/Q
&|_]C
<XGyR
5:LI*[p
J))B'r;v
xmnDnF
%-@*Y.2
b6~"y!\
qG&jwIO
KJfFsF
hE/yGF
p&4HI+N
Zs[1Of
cJ6 Wrz
6a(S xo
jv).{W
7D}\no
`sdl'\\
0{@~jZ#&
cn[5B9c
HWGESC
*G/t*,
E!*uIIk
IJ^/cC
g_Rc\|
Rih=_L
AULPiT
5)3"R#q
U*Z."P.+4
&[]UD+
9Gn4Wp
C*z,p1
4oU,@I
|7q8RL
JcPB:,`
tgfg5
bB*3=^
!L&!`4
.K}q7Y^
=Q&SM[
lZ^k~i
\bhnpp
,Ym-HU
(%npS>*
0&)~Ov
MtO".,
f|P:n3
hjS`6@i?
./`mT
'pJ0?g_
iPP1j<Q
(Kx5)A
}xp,%`]
EwVk(
0}@YhjT
{ P,2p
/lm!{1
&Ln4Hej
UzC4(H
p!Vtp{
7k:OHB
?5KL"T
7Z HjJ`
^MLx_{l
fUxO:q
3'~YCG"
B66Is
mv@VNE
(;2E'1Y
y0jD^fj
O.=w+O=Z
[(wvkU
S%\s2*
NZc~`.
,][UQZ
?6f{*b
c4>5K{8*
*gwSVw
K_. YI
_CyW4v
-k jnp
I|F'98Rt*pGr
c^{%K\
~+RPt!
NnFE<}
6:?'aw^
igcp+\
l7Z[Gdi
d/T?J1=
4^5t]Di
xZ7.mi
|'(3$gUP.
P?Kh-q
3A>'Ca2(I
0M:_RG
?n?~cw
a^JcL2
["[veu
_CorExeMain
mscoree.dll
=4IDATx
#G)E4A
8E\QAi
'$]9J)b*
MrBZBB
<G&dV8
)PQiUX:
msG&@i
&DpnXR^
|&j*B!
=k=L2&6
|<Y-Et
lJ-~xQ#
@}^+{*
ys?_?9
UJ]$l:
;t?M0;
H?)g-8R
=g*n=wZ
t$Bl{C
'O*\P~`
="vH)p&
fxh}'b&
=F?H$$
Ah+iG^9BW
x,ok`W
al(%@"
[LT22f
22GXUS
n|xVy8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Greater Manchester1
Salford1
Comodo CA Limited1!0
AAA Certificate Services0
040101000000Z
281231235959Z0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
HCgNr*
2http://crl.comodoca.com/AAACertificateServices.crl04
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1705
.COMODO RSA Extended Validation Code Signing CA0
191007000000Z
221006235959Z0
943491
Private Organization1
Dubai1
Dubai1;09
2Business Central Towers, Tower A, Office 2301 23031
Telegram FZ-LLC1
Telegram FZ-LLC0
https://sectigo.com/CPS0U
Dhttp://crl.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crl0
Dhttp://crt.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crt0$
http://ocsp.comodoca.com0#
AE-943490
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
141203000000Z
291202235959Z0
Greater Manchester1
Salford1
COMODO CA Limited1705
.COMODO RSA Extended Validation Code Signing CA0
=U5W5H
https://secure.comodo.com/CPS0L
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1705
.COMODO RSA Extended Validation Code Signing CA
20210428095006Z
Greater Manchester1
Salford1
Sectigo Limited1,0*
#Sectigo RSA Time Stamping Signer #2
Greater Manchester1
Salford1
Sectigo Limited1%0#
Sectigo RSA Time Stamping CA0
201023000000Z
320122235959Z0
Greater Manchester1
Salford1
Sectigo Limited1,0*
#Sectigo RSA Time Stamping Signer #20
https://sectigo.com/CPS0D
3http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
3http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://ocsp.sectigo.com0
New Jersey1
Jersey City1
The USERTRUST Network1.0,
%USERTrust RSA Certification Authority0
190502000000Z
380118235959Z0}1
Greater Manchester1
Salford1
Sectigo Limited1%0#
Sectigo RSA Time Stamping CA0
?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://ocsp.usertrust.com0
rRj;B7|
[C]e=P
Greater Manchester1
Salford1
Sectigo Limited1%0#
Sectigo RSA Time Stamping CA
210428095006Z0?
New Jersey1
Jersey City1
The USERTRUST Network1.0,
%USERTrust RSA Certification Authority
Onynkqxsos.Bpoksyy.dll
Lzyohnvue
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Telegram Desktop
CompanyName
Telegram FZ-LLC
FileDescription
Telegram Desktop
FileVersion
2.7.4.0
InternalName
ConsoleApp13.exe
LegalCopyright
Copyright (C) 2014-2021
LegalTrademarks
OriginalFilename
ConsoleApp13.exe
ProductName
Telegram Desktop
ProductVersion
2.7.4.0
Assembly Version
2.7.4.0
Antivirus Signature
Bkav Clean
Elastic Clean
MicroWorld-eScan Trojan.GenericKD.37056065
FireEye Generic.mg.ea5b036e25672815
CAT-QuickHeal Clean
McAfee RDN/Generic.grp
Cylance Unsafe
Zillya Clean
AegisLab Trojan.Win32.Malicious.4!c
Sangfor Riskware.Win32.Agent.ky
K7AntiVirus Clean
BitDefender Trojan.GenericKD.37056065
K7GW Trojan ( 0057db4f1 )
Cybereason malicious.606ea8
Baidu Clean
Cyren W32/MSIL_Agent.BCR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ABHY
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.MSIL.Seraph.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Trojan.GenericKD.37056065
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Trojan.PackedNET.821
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Emsisoft Trojan.GenericKD.37056065 (B)
Ikarus Win32.SuspectCrc
GData Trojan.GenericKD.37056065
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira Clean
MAX malware (ai score=84)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Agent.oa
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:MSIL/AgentTesla.KF!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34722.qm2@aGbUdRb
ALYac Clean
TACHYON Clean
VBA32 Clean
Malwarebytes MachineLearning/Anomalous.95%
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.F0D1C00F721
Rising Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Kryptik.ABHY!tr
AVG Win32:Trojan-gen
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Clean
No IRMA results available.