popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-23 08:15:22

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00003eb4 0x00004000 5.959430068
.rsrc 0x00006000 0x00029e54 0x0002a000 4.29558686639
.reloc 0x00030000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0002f878 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0002f8fc 0x000003a4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0002fca0 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
S a \8G
r-KVY
{*5:
96|e W
%Y!#a
r-KVY
q@ef R
ae EM{
96|e W
96|e W
{*5:
r-KVY
96|e W
v4.0.30319
#Strings
BRL_2451020032016
BRL_2451020032016.exe
<Module>
Settings
Vueyxlsxlnuxzymziwbwuh.Properties
ApplicationSettingsBase
System.Configuration
System
Message
BRL_2451020032016.Exceptions
Object
mscorlib
WriterValPool
BRL_2451020032016.Pools
WrapperValueRole
Vueyxlsxlnuxzymziwbwuh.Roles
<Module>{5118fbfa-91e1-4d66-8b19-f0443392d8c6}
TestPrototype
.cctor
SortPrototype
Boolean
ConcatPrototype
InstantiatePrototype
SettingsBase
Synchronized
QueryPrototype
PostMessage
String
Convert
FromBase64String
NewMessage
Encoding
System.Text
get_UTF8
Replace
ComputePrototype
SearchPrototype
MovePrototype
GetString
wrapper
CallPrototype
RegisterMessage
Queue`1
System.Collections.Generic
Enqueue
get_Count
ViewMessage
Thread
System.Threading
TestMessage
ServicePointManager
System.Net
set_SecurityProtocol
SecurityProtocolType
WebClient
DownloadData
CallMessage
Format
Dequeue
Console
ReadKey
ConsoleKeyInfo
WriteLine
SearchMessage
InvokeMember
BindingFlags
System.Reflection
Binder
Assembly
GetTypes
FindPrototype
InitPrototype
MapPrototype
DefinePrototype
StartPrototype
factory
ResourceManager
System.Resources
_Container
CultureInfo
System.Globalization
ResetPrototype
SetupMessage
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
AddMessage
RestartMessage
CancelPrototype
EnablePrototype
m_23d65afdf0fa4e4a9d4ab6fc1abded88
m_45b8ffa6e7294a028eccd701ed8dc873
m_d968b52d5ffd4c9db3735cbeec4e0b09
m_ad46abc5b3154d5fb3cc980fbbd0c2f7
m_f68967f9154948e7ab742767c7fc2a61
m_50a3c07e772449bea02e6129cfcaedb5
m_5927ef5347ea4c3e8398f4afef8d3db1
m_58c2a60e9c7e401896255442de4e91ed
m_5fbe343031b74bc189dbe43dba3839e1
m_0b57671bfec84ca6b516fd2826a0d036
m_7f7fce2843eb49a991baf1bcbac58e28
m_d47f8779d4ca4aecbd3a99af4063b336
m_a17c0085b3ff4530896b558318c77327
m_cc9f72a2dbdb4bb2a1a47ec599ba9b38
m_45bfb82cde49416fbfe4feb6b2a234d4
m_0fd840f2e5624a2092b7e7c4995e5c43
m_db1244e5b54b410990e83659dbb01559
m_1af036c618a44e0484f98aa84994b9ae
m_e9706ffed498404293ebad05f15bd5a5
m_b01b23532a9448108ae7418441a4ee5a
m_96fe817638df4d5984414f78dc1d2d42
m_8563f51634d94f178620a73cb812dc55
m_b0114a916c644fc38603e3429ce8a1f5
m_0f3c43fa3b154746a9753719cd639139
m_351a6c61c171452396c3f3bdd48fe702
m_2e9cba4cc30e499ebaff331197df005a
m_af40cdab50944915a1d34b2c945b6dbf
m_e037f56edfcf459c856bc3ab3c9051ef
m_228a66c0e7e6499ab8de1076734aaaaf
m_97d66ad6c9594c29b897f77c58c350ce
m_6c7443c55aa54cb6b86d3a1d44f8b6b6
m_ea5b88e1596840a289d8b8087d72f993
m_aac38920d14940fa93e8e1c2dd6b9837
m_0d1ae3f888a94731ad1d8a0a65f4661f
m_8b9235e4c08d49d9b39bb54f29010c9e
m_8a8500c07b7148ad93346a52696de69b
m_4e71a8ab8cb44aa1a32db01d34606346
m_c1c78d42f8b84f0090e2e86e3a8852c9
m_e87f13fa7d7743569c0c34c2e0b88e13
m_971c65861d4545cbb096168975d11823
m_77f90dd9794b4087911ab0a61d6350c8
m_3bd9da95647148a4b7aae8cf75de8b34
m_f400a0863c684f2788edb4ae98768f90
m_0034e4bdba86453daf9a174f2011e37d
m_286bbdb22ed94300ae26fd4dac9d9d61
m_1df546fc6b234a4489416b0bae31e54d
m_128efc0b2b374c5ea3203e59394047cb
m_ef9567246e364579aa0053c530f3fd0f
m_7bdacc6dd9184e46985948e1e86c885e
m_ff19723f7a2f435393c0126a2e3c1db4
m_4a03d43aedc2469cbb5d09a0765652b5
m_8c68dcefbf3c4699ab5635edb773c317
m_5502bb192e554019974c46c37f3672c9
m_6277e836cac34433a77f6f830e136c6f
m_397d896fc3ab4d4ebe53964061c4cd35
m_b80f925a1b9448179c58f38a815799bd
m_326650678a5c478e9c3d97a61f311917
m_336b9cb94df04a838a5f01c4e5490bfc
m_86eb7ad6b7634e1a94fa5e79a99d10f7
m_78d15974da6f43de921a66a88de29896
m_d65ef6183f7d4d75968fe9c84905709b
m_500828825033407ba98b4225f529df30
m_96d14dc2c6a64fa6862484c28052342e
m_b510055fd737481eba9ce1ed087d32a3
m_bfa28dfe8fcf4ad5bda088331875fef0
m_e4f3f66949734f8d898d5190ab7cf8f4
m_51737ba601c44eb28d105e16ae6d49f2
m_adbf68effb4e4b5b81244d11180d1e0d
m_31102e0132ed44ffbc2d6e60098845b8
m_f317c93a0dc24794a54c193ee4044901
m_2afdab2899b5498ba0dc851417a42b61
m_5a50c1ca27d94115a42085760c3896fc
m_1898c4454ae24f009bf4e1be4f465edf
m_9a6596d00ebe4e54bc4389be8b5f3613
m_77308b2f7f1d4a3499de88af2ad88d89
m_d64b1e40143449169bab525bfb953a01
m_58a271d78f924a0fb41f6701308dcfb5
m_3268ab4e34cd443bab4b63aaed933b42
m_36d5e844d64a45718a5ed39765aa494f
m_851d662a696a43fc87e03c41e95e11c9
m_00356c9f813d4d2187b776a50bcf0c86
m_89387d9fba094552aef26bdc9a35edae
m_c081417ddeee4e469e7b3919e795d007
m_3d1b2d2ae1684ac2875e599c8f82fdf9
m_886412f5b69d4d30903cd9250da4707a
m_ad96fe26b4d74776bd0130ff30920ca2
m_89c44ad1ca2b4a01b27805ca5e1f1909
m_51de23dde0de4dea84fc9946bd34d4a2
m_5c066d1aa50b4af4847f72a40c76d810
m_a891ec2bb7364ff5b4ceaa256cddfafb
m_3915b2d6daa6417e95dd7d5a9f937c8a
m_be259965af944782877a95a0e6c6d9b2
m_53cf0c131d224e1bb71da8e79b1222e7
m_d49126fbba0f4a0fb1b32a8adc099fdf
m_dc8fa4d2f6fc4d8a8390d71479439008
m_75385507416749318856fa854cc4efbf
m_d0f13c6f970042aebeee5a18c6abe725
m_2c6b474539d74792855164873c95a52c
m_0cc36d80b07c4ec2aebee13e448675e0
m_9a8329e74fbf4b83934b3f56ad3a5e48
m_92254511cda849d391ff7979fbf5e137
m_4e93905478854b44b41094e9b816d2fb
m_ba6ac3fdf1d14816a1be64505177d124
m_de4848f8088943e9add56033bbc9e91f
m_62ff4206883a40a29130cae102d45062
m_7f863085454643a39a933c34fe7516f4
m_115a2ee97d2641bfbdb33bdb5063da50
m_0e52a60ed7534dbfa04166c946451f68
m_e8af76657e264ca281d9685d6b5c3f50
m_c942181385ab4042b85240c5ca246498
m_0d427e32086a4807835d31008307090e
m_83395a3b800442d881e7d2c88410add2
m_d9b48bcb261449b995ef72108d0e9fac
m_25c64253ca154370b5c419468a7aa714
m_a9709b4af24a4e2ab58dae988a8d8c39
m_3830801bc5b3459a8082a83e7da595c2
CheckPrototype
wa4fe934e45ee44cc883214f0353db54f
WritePrototype
ExcludePrototype
AssemblyProductAttribute
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyFileVersionAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyCopyrightAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
STAThreadAttribute
DebuggerNonUserCodeAttribute
System.Diagnostics
Vueyxlsxlnuxzymziwbwuh.Properties.Resources.resources
Telegram Desktop
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
Telegram FZ-LLC
3.1.0.0
$8900a746-6fc7-4192-b266-b912eb493862
Copyright (C) 2014-2021
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
_CorExeMain
mscoree.dll
z[]>!^
"^h#O;
Nwo]_:|
Ld`%N2
f{l7;E
n&5z9nv
`fr-.|
zKr]7h=%-!
al_MMP
B`3^Ka+
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>
https://cdn.discordapp.com/attachments/888490061170110496/890375742800674867/Jaaawwddhyyacoivresx.dll
: {0}
: {0}
GetStruct
Vueyxlsxlnuxzymziwbwuh.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Telegram Desktop
CompanyName
Telegram FZ-LLC
FileDescription
Telegram Desktop
FileVersion
3.1.0.0
InternalName
BRL_2451020032016.exe
LegalCopyright
Copyright (C) 2014-2021
LegalTrademarks
OriginalFilename
BRL_2451020032016.exe
ProductName
Telegram Desktop
ProductVersion
3.1.0.0
Assembly Version
3.1.0.0
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.4660dca1c3905ea9
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
VIPRE Clean
Sangfor Clean
CrowdStrike win/malicious_confidence_80% (W)
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
Arcabit Clean
BitDefenderTheta Gen:NN.ZemsilF.34170.lm0@a4hvL6m
Cyren W32/MSIL_Agent.BCR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.ACWY
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Sophos Clean
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1144292
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!4660DCA1C390
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.Crypt.MSIL
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R06CH0CIN21
Rising Clean
Yandex Clean
Ikarus Win32.Outbreak
eGambit Clean
Fortinet MSIL/GenKryptik.FLBG!tr
AVG Win32:MalwareX-gen [Trj]
Cybereason Clean
Avast Win32:MalwareX-gen [Trj]
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.