popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-23 18:29:27

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00003164 0x00003200 5.9971691756
.rsrc 0x00006000 0x00029e44 0x0002a000 4.29497124364
.reloc 0x00030000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0002f878 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0002f8fc 0x00000394 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0002fc90 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
9Ive
ja L8h
qf Do
e8$q
]]Ye )
f y*SXa
f Gl2
f Gl2
bf Ek0
ja L8h
qf Do
Da Qaj
ja L8h
8{g Yf
9Ive
ja L8h
ce `|\
R,Mf ;
f LU_ha
9Ive
e8$q
]]Ye fJ9
R,Mf ;
ja L8h
ebU#e ^^
v4.0.30319
#Strings
706012088801
706012088801.exe
<Module>
Settings
Eogbggkj.Properties
ApplicationSettingsBase
System.Configuration
System
Comparator
Eogbggkj.Shared
Object
mscorlib
ParamServiceRule
.Rules
Candidate
.Composer
<Module>{f39bfd4e-4da3-4869-a0c7-8fa74a7dd3d5}
.cctor
SettingsBase
Synchronized
ReflectDecorator
String
config
Convert
FromBase64String
PostDecorator
reference
Encoding
System.Text
get_UTF8
GetString
Replace
decorator
ConcatDecorator
Queue`1
System.Collections.Generic
Enqueue
get_Count
PushDecorator
Boolean
Thread
System.Threading
ForgotDecorator
ServicePointManager
System.Net
set_SecurityProtocol
SecurityProtocolType
WebClient
DownloadData
RateDecorator
Format
Dequeue
Console
ReadKey
ConsoleKeyInfo
WriteLine
FindDecorator
Assembly
System.Reflection
GetTypes
InvokeMember
BindingFlags
Binder
ResourceManager
System.Resources
_Message
CultureInfo
System.Globalization
AssetDecorator
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
CloneDecorator
VerifyDecorator
m_ee4a72ddec9a4aa1a8cd53606b7df23d
m_b381797d9737445397f5b910b634bfff
m_0201e951865a45d591afda6d1589486c
m_ed0c12db8df04d188a9e3fccf6165011
m_8105c957a0f843438112c401ecdad3a5
m_08403a04b9e94fb2b020fdae6fbd34fc
m_5b0fa8dad8c7482ea530ce28b74acce1
m_62e1fd15c858466d871349b4ab3733fe
m_3e11b681096d4ae9853a5cce99e3eeb4
m_95f4bf4e413d4140bfc3a2dda03a682e
m_ea1dd132f11146338b39e1eafa31c38b
m_f4aa7f0139eb452e8a6f248676ab8298
m_85dbbe88e0644da78edaf4d7d84da55f
m_4807dc833d664637bccb8f33d3ba6b2a
m_6f4c724d4799446392999699ee92b374
m_93466ac2889e4d2cb52646821b729733
m_e6b129eff0f140a697d7b8bf97771331
m_dfc44cb5c8c64e69bff7438fcfd17001
m_08bd3f5cb0fb404bb69daaa19faa694d
m_c0893a7d459946b581b42a212b4f58fd
m_6323e00e9fda418ca3f6a28f463fbdc6
m_c481f92db4664797a9906d1333f68810
m_0afb25ffb5a0413b9a53e25559e0b420
m_13e849867e954121b68b2caccc28722b
m_517e7e0408354ceb82e665d08cf952d7
m_e16762269f864a6f978d123246e3b340
m_ea5d1df020dc472f9d539ed18c61f0f8
m_21a614a1e07246f08533ba19c8631588
m_e8cd4517e4dc4d1c88bd54a16e5fb67a
m_e5bf72abf70f43328024ed6d27909577
m_0854b18ac91c4f118129056ec7c89656
m_4975d87360bf41b08ac63831e293b8e8
m_d2a4d8dafd01472bb27f53ea93824294
m_569d42e4127f4d77a18c1486cb9bce6c
m_fbd6d8968aad45f0b109d8a9c4108ad6
m_b3d5c9e85f46411a96620d36d49941cf
m_0b94edd05aef4615aad12cf9af3062d0
m_78d89819460f42efa0a7ba455fc06db5
m_0d33894f7a2a465b856208dfd330b7d9
m_b731852ebbe34c94886252bcb7f0db54
m_39a6022de30b4f6398a9d97e21380845
m_caa7b87b9d47428e824c21c28e09ae8f
m_80106d4b541f4885b7910afd02182690
m_7dacac8195914a9f808e59357813eb25
m_722f38b9a7cc49078af64359f02c623e
m_eb2555d75eb84d3c807fe2dfb31a7d98
m_20d25182e886480cbf32f4742e6aea47
m_497b7e3d4f234003905119942f6ac47a
m_184b547cc9bb42ed9d6f5d5c77cda8f4
m_3da3eca880cf47faad76934e9164c164
m_bef234dda687460282f9a04cba8ee76a
m_f904e22f949c4cb68065e9b4f7c724b9
m_e32197b5f13149fcbcc904d3d11e77f2
m_ccff7fd9bb3a46aba6d62e7dfd06eb35
m_6c4d4c4b884e4ba3a985204613a09bd3
m_da6548e1e514447e9bf00f459fb47b84
m_faf5ba6b44d54d8c97da2be28ec7f4f3
m_dc2cfe7f928447678e1e29b05ad685f0
m_d95cf2efee4348f78859b0f6624528a9
m_a1f20acc95ff409ba39bb3c633e6ae18
m_374a406ac5b14fefbb91f2e9d2f85e62
m_f2319524e7d349279d167660e429f204
m_326e510abc4f4147b5dc1e960eecdea5
m_3d84004a4556456891b89bfd72032c87
m_4ae52d4cc4074df791b1036e41ad0094
m_c761d444e6d642c380a8c6364e075151
m_d1aa90154b454a1184c8464671c6a9ba
m_62654f9ffd4043ea8072505bf6625739
m_bc6015b2adc34284a13a0ddadb2fb269
m_1d85c062f5e8417f880a813e0f442d6d
m_59930aefc9bc406391cf85c3c724da91
m_5429ce1792aa4864b5a51ea0c9505e74
m_9003a32698924e0b84037adc97a86249
m_8e936f624231424a9e0b88cf3d3273c3
m_7b4519f554c94bb6a038e415ed215267
m_d3e58984ba224fc59c45e75f8d083a31
m_02663114d23e4e73b252cae65ce1cb7b
m_9ee8cc177e6d45a3b50ead91e0d39644
m_4c61b9aa1c2641f5ab0e423ddefd8e65
m_88e44e01cd254a66a36aaac803040aaa
m_e487c075bc9b471fa2b800f1ec586b01
m_ae8d73012d6b4e37b475e3a622591ba2
m_c0498b9bcc07403e9121d6c67deafbe8
m_df98f0631f3f43f5b2a766333660eed0
m_9ddb7f18a8e34d89abf9ab9c2a965dd3
m_bb6e2a25530d42aaa4d096fee9ff5c62
m_26d8682b2d9e427ba49b542042eeae09
m_b60de9c62be14ffcb2e8b37e65ee7686
m_3a0db8fa298947329ee1392d71431f9b
m_70dd3edb27c14bbf9bbc54253f26ad79
m_94f906e1d8564b31902442df67964548
m_6e003847659949178e824b03257a5280
m_96d6264f952c48f7a35892af289e8937
m_c53ed15fd3404e45b9894b5b97c2baf6
m_ff32a06af266490fa58ab536ab095680
m_c0ca38d816294ded8ab9fdb9610ddc3f
m_4a432c6b165d47f2a9fa3dd00d5efe48
m_b5cd874d28e74dc798a560b0b5fb35b3
m_5df2cc325dd54bfea8fac425c8c90a18
m_38380e87550d4036886984a6a077b62d
m_77b2b221e2f34ecebaf6fdbc73d6c812
m_031f4763588240cc9e530b021a4c5b87
m_8dd7018501ee468ca4dca314262f3981
m_4ed91f3cbb1e43a78f76bb104c5018da
m_aba304a77e904018bcadd6ab5e9f0b48
m_19c788a4ddc54f178af8ad500c86c814
m_6f6342cb08df458981576522e5f9afdf
m_cbfa43cf6c08459bb30d0f5e3080fe4e
m_ff0160b75de644a09310eaf302a3513a
m_83a913e315c04037b0f3e02805329d3f
d216730235baa4cf18920af87b36e09d2
AssemblyProductAttribute
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyFileVersionAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyCopyrightAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
STAThreadAttribute
DebuggerNonUserCodeAttribute
System.Diagnostics
Eogbggkj.Properties.Resources.resources
Telegram Desktop
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
Telegram FZ-LLC
3.1.0.0
$38af450b-666e-4f01-95df-16a51d3f1848
Copyright (C) 2014-2021
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
_CorExeMain
mscoree.dll
z[]>!^
"^h#O;
Nwo]_:|
Ld`%N2
f{l7;E
n&5z9nv
`fr-.|
zKr]7h=%-!
al_MMP
B`3^Ka+
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>
https://cdn.discordapp.com/attachments/888490061170110496/890530283374403594/Xtwlmzor.dll
: {0}
: {0}
RateAttribute
Eogbggkj.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Telegram Desktop
CompanyName
Telegram FZ-LLC
FileDescription
Telegram Desktop
FileVersion
3.1.0.0
InternalName
706012088801.exe
LegalCopyright
Copyright (C) 2014-2021
LegalTrademarks
OriginalFilename
706012088801.exe
ProductName
Telegram Desktop
ProductVersion
3.1.0.0
Assembly Version
3.1.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Malicious.4!c
Elastic malicious (high confidence)
DrWeb Clean
Cynet Malicious (score: 100)
FireEye Generic.mg.ff77d7b1fa1099ec
CAT-QuickHeal Clean
McAfee Artemis!FF77D7B1FA10
Cylance Unsafe
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason Clean
BitDefenderTheta Gen:NN.ZemsilF.34170.lm0@aKHj2Gm
Cyren W32/MSIL_Kryptik.UZ.gen!Eldorado
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.IVO
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R06CH0DIN21
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
CMC Clean
Sophos Clean
Ikarus Clean
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
TACHYON Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
MAX Clean
Malwarebytes Trojan.Crypt.MSIL
Panda Clean
APEX Malicious
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Agent.IVO!tr.dldr
Avast Clean
CrowdStrike win/malicious_confidence_90% (W)
No IRMA results available.