Static | ZeroBOX

PE Compile Time

2021-09-23 07:54:30

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00003e34 0x00004000 5.96295249868
.rsrc 0x00006000 0x00029eb4 0x0002a000 4.29820254901
.reloc 0x00030000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0002f410 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0002f878 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0002f8fc 0x00000404 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0002fd00 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
X \uySa
LX "f(Ha
bX "O%Ma
e ]jXXa
J'5ee
bX "O%Ma
&d+Y t
ef zz@
*Z]Y 60
J'5ee
v4.0.30319
#Strings
Product_Specifications_Details_723312_RFQ
Product_Specifications_Details_723312_RFQ.exe
<Module>
Settings
Bhnlononrldh.Properties
ApplicationSettingsBase
System.Configuration
System
CandidateInstanceException
Product_Specifications_Details_723312_RFQ.Exceptions
Object
mscorlib
ContainerSpecificationClass
Bhnlononrldh.Classes
Adapter
Configuration
Product_Specifications_Details_723312_RFQ.Objects
Specification
Bhnlononrldh.Connections
CollectionMockAttribute
Product_Specifications_Details_723312_RFQ.Attributes
<Module>{37faa10f-7ccb-427a-992f-42a374e42aee}
QueryObserver
.cctor
CollectObserver
Boolean
OrderObserver
ResetObserver
SettingsBase
Synchronized
VisitObserver
ExcludeAdvisor
String
reference
Convert
FromBase64String
CallAdvisor
Encoding
System.Text
get_UTF8
GetString
Replace
ExcludeObserver
VerifyObserver
_Advisor
CheckObserver
FlushAdvisor
Queue`1
System.Collections.Generic
Enqueue
get_Count
WriteAdvisor
Thread
System.Threading
FindAdvisor
WebClient
System.Net
DownloadData
ServicePointManager
set_SecurityProtocol
SecurityProtocolType
InvokeAdvisor
second
Format
Dequeue
Console
ReadKey
ConsoleKeyInfo
WriteLine
CreateAdvisor
InvokeMember
BindingFlags
System.Reflection
Binder
Assembly
GetTypes
SearchObserver
RestartObserver
PublishObserver
customer
ResourceManager
System.Resources
_Registry
CultureInfo
System.Globalization
PostObserver
ForgotAdvisor
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
ValidateAdvisor
PatchAdvisor
InsertObserver
ConnectObserver
m_Object
LogoutObserver
connection
DefineObserver
DeleteObserver
instance
ReadObserver
caller
UpdateObserver
MoveObserver
definition
m_Policy
RateObserver
AddObserver
AwakeObserver
m_b599e2d6a52743409ffdc0d607a035e4
m_6f09b9ef139042d4b8f1e8701bc24b5a
m_6f3b4236963949b5883fe44ff9c61953
m_245562f5eb524c7f96929478d412b581
m_657e549ebcca4e3da8c66e2f42437de5
m_9616c291c5ad49c786e6aeb7ada9776f
m_7462b356231e46fe9071f2e6bb4d9299
m_aa2d7ab719134b61a7d70caa3be1e39b
m_46543363e1044d58817ca76056a7d488
m_b13e159960474f7eb27e7330e302c957
m_ee02030aa2a44c54b93a000b5a9e103b
m_73635ef26e3140f6ab7cc258ec73f54e
m_0421fbc3f6c24fe9b1e86255f5a0f46a
m_63c501835b394ec0ab53bb1e5ce3b13b
m_9e3f43e0ced542649f23160dfe0c19c1
m_26fba3762a064adc8b5c5b6a9f74bcfa
m_b30cb4d605d841d4948d4f957e0b712f
m_144265b28fdd4881b6c95a8e4edad7dc
m_3770ca1b5bcc42688dc0ed470378d03d
m_814b643a771140bfae0475b367bd4096
m_bd240fd906a04fedb91275d1aa020522
m_60ccb68d52884916855831fbf0cfb4f8
m_f8c95da178c3432f9007ecde1931adeb
m_b19df8629ebf4af2821e322e7c1cb283
m_f71191938451426796eb05695925a8db
m_b6dbfe921f6746909dd08689cfe9e0cd
m_95e592ce5f3142d6888b6ada24add8d3
m_bd4d5afd4c314b6e9803ad46237aaa8f
m_8aba2c311285411f8e647800495b6cb2
m_c8ae9e9ffed14e3e83b1f1899d1d9e80
m_10c66d36757149d8bdc75c8e4d956843
m_88ab86894ff949ca955291c3b6ecb052
m_5397b2f11fa845fb86b9ea4ba44ec262
m_a6da0e53d37642d4b6dc0c8945d5466f
m_2882c1920a344bc7ad500bd1cce014c1
m_fd5c318d8e384d8e9a8c8526e8cfc8bd
m_24c4e6944e594542bf7f1ee484466ed4
m_816d6908c9dc42009cbc6816b0493b78
m_e45f970b01314e23887c44805e4ccd8b
m_402b48ad05724a208cfd0172e17de5eb
m_756499bb3aeb4a13baca1165ee7d948e
m_f8e36805c4164086b6dfba8d1b1fd3cc
m_d98e51bc6efe499cae9b627e6d6bc460
m_f89a9469656b4010b9a50c96a64b180f
m_affe1fb7c7464ec7b4cccfa148e4f0ff
m_b3505f8d9523458a8cc1e0a049c4dbc3
m_67f548b2d355485db621316493203b8e
m_42fdafbc62e24c3a9583972d0c8d00c6
m_cbf000e7a9b044f2b5f468141b91e3ce
m_b7d8b1a7e81e42fd9aa1134fa46ec74d
m_a278aa0c33a84b9d943e53f17fba4848
m_151fed49474843188e4df081010530d1
m_b7aa8e34a8c04e02ab423555ae340533
m_1a83ee1d584d4a949280c7cf0b7fa7c1
m_57d4de85dee441068674b70dfc30079d
m_78cb19b349174c288998a005a97dc6cf
m_9842d7ee223e47778b46144fb7f56de6
m_b2cfa0a9f64d4b86b1b55e3b9eecc726
m_0e749569caf94ee1b572f653c169ca98
m_f8267cc8d84a41d295237be12118aee7
m_56d2eecb217c4918bcbd3666cd5432aa
m_908bf35e0fb04731846e727ca62b04c9
m_bd833fdb2e2b4300a8cb0794ffd467d9
m_97fd357801354de4be0580522f9a0755
m_46bfae15124f4bc682553d70377b28d9
m_a726ebf162c84c08a6086cdbec9ac1c4
m_561d34c2d09e4a1eb92d12ea606b7711
m_5fac2780e0834b718b0f7a910a74d504
m_1e660872b07b47eeb37ea5ee8615b4cc
m_2eac1c42f1564ad6ae8763e72933cb02
m_45c6589518464cd3b5384b18f9cebd6b
m_cf09ac7d6cb14ae9a6bce1ca6a1ffd9a
m_6ab2fdf954bf412a9eb8b7b84564407f
m_dc5b3314a41e48e991afb8d5fbb880d6
m_bfcada0b929e4cbb9d3408c51a1a8cd2
m_729e270b1a23424baf58dace19a8b724
m_c952a8c24fb440d49c47f4b1487c80fe
m_d4923ec336c5430fbf764c4d5f3d3b99
m_5f42c98d0e344b9b81106fe8feead25b
m_14508791f5c4469982d32605ef0a95d6
m_6f95733e81454d299fa6c69c7df1c7ad
m_dd264e77fbfc406f83c18c00ba0bf0c7
m_1d074bfd81914123ba72a7dc33e6611e
m_2b708e7240964d14a1c75ef11c3c7fba
m_2218b49e8b704b7f945a7e740ad94b95
m_690160737585425eb864784eddfaa60f
m_3f6e6a1bafe74a85af42517542ac2d72
m_1af15d2745f540afbd2e0d6935756ec5
m_0104b9d121684e7f8c4aa9a2076053b7
m_d15af1ce54cd41d98e353ba8cb92a7ca
m_a234237495944f35b41dc82cccf968ab
m_7ff7127666e94f948e8f02deec6eca64
m_37f22a8b7fb54ecf95ce5b7a7f1e2d80
m_8ad12d55b82f4eceaeb73239ed938b93
m_a8cafb77b0ad4ad88c975dc1bfb14c9a
m_96c00b7d16cc4f8f89887ef0164a1920
m_35107394e20b460ebec83fd88b61e99c
m_baf7545ab90a4d1fadd829f144cfdb78
m_cf6403930b3946c99872f7001d754697
m_8f8b079bff4d47269785464280471998
m_efaed43c0b0141dfa83b3ac5390659bd
m_c38f1dd614f94c169523145e6b8af592
m_2abc7d02f3d948818ab71fffdc8449cb
m_d4d0bb5320064b1eb18efa94cce8ad00
m_66d1b7f434af402db4f067befb6ce022
m_8a7fb1b8d0a2404cb6f95ea7b52d1b9d
m_edd5b247caa94c32b910f68636b0d25b
m_9f0473013bc84f8e9243f2197f2942a1
m_dc0f3660794b4f86b94c5686f3a0c460
m_cf1329b8946a48acb5e45edabdaa666c
PopObserver
qb7653fee47d74e8988e45b0a38bf1057
ReflectObserver
SortObserver
IncludeObserver
AssemblyProductAttribute
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyFileVersionAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyCopyrightAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
STAThreadAttribute
DebuggerNonUserCodeAttribute
System.Diagnostics
Bhnlononrldh.Properties.Resources.resources
Telegram Desktop
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
Telegram FZ-LLC
3.1.0.0
$07b363bb-6bd2-4f4a-b6c8-0bd6748b0a59
Copyright (C) 2014-2021
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
_CorExeMain
mscoree.dll
z[]>!^
"^h#O;
Nwo]_:|
Ld`%N2
f{l7;E
n&5z9nv
`fr-.|
zKr]7h=%-!
al_MMP
B`3^Ka+
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>
https://cdn.discordapp.com/attachments/888490061170110496/890370492152836126/Zupdzrq.dll
: {0}
: {0}
IncludeManager
Bhnlononrldh.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Telegram Desktop
CompanyName
Telegram FZ-LLC
FileDescription
Telegram Desktop
FileVersion
3.1.0.0
InternalName
Product_Specifications_Details_723312_RFQ.exe
LegalCopyright
Copyright (C) 2014-2021
LegalTrademarks
OriginalFilename
Product_Specifications_Details_723312_RFQ.exe
ProductName
Telegram Desktop
ProductVersion
3.1.0.0
Assembly Version
3.1.0.0
Antivirus Signature
Bkav Clean
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.bbe72c8d0a9c597f
CAT-QuickHeal Clean
McAfee Artemis!BBE72C8D0A9C
Cylance Unsafe
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason Clean
Arcabit Clean
Baidu Clean
Cyren W32/MSIL_Agent.BCR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/GenKryptik.FLBG
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Emsisoft Clean
Ikarus Trojan.MSIL.Injector
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.34170.lm0@aSQJtzf
ALYac Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.Crypt.MSIL
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
AVG FileRepMalware
Avast FileRepMalware
CrowdStrike win/malicious_confidence_80% (W)
No IRMA results available.