popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Telegram.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 22, 2025, 5:16 p.m. Jan. 22, 2025, 5:19 p.m.
Size 4.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8977c554e151a36aa2f53207eb822fb4
SHA256 9cf35e37a788902a1219ec2583a6025b05208ad48e6fda2fc52ba1e0f852b53e
CRC32 5AF75C80
ssdeep 98304:OkdgMCaWH5Ly6VefRq1JS6YFGt2aXQwcVwM+2cG4/:OCCa+efRgJS6YFmdAVVrY/
PDB Path C:\AdminC4\Workspace\1238929923\Project\Debug\Project.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\AdminC4\Workspace\1238929923\Project\Debug\Project.pdb
section .textbss
section .msvcjmc
section .fptable
packer Microsoft Visual C++ V8.0 (Debug)
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01235000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01236000
process_handle: 0xffffffff
1 0 0
Lionic Trojan.Win32.Generic.4!c
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.75474017
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
APEX Malicious
Avast MalwareX-gen [Trj]
MicroWorld-eScan Trojan.GenericKD.75474017
Rising Trojan.ShellCodeRunner!1.1275A (CLASSIC)
Emsisoft Trojan.GenericKD.75474017 (B)
McAfeeD ti!9CF35E37A788
CTX exe.trojan.generic
FireEye Trojan.GenericKD.75474017
Google Detected
Antiy-AVL GrayWare/Win32.Wacapew
GData Trojan.GenericKD.75474017
Varist W32/ABTrojan.DGMV-6211
AhnLab-V3 Malware/Win.Generic.C5720139
McAfee Artemis!8977C554E151
DeepInstinct MALICIOUS
Malwarebytes Spyware.Lumma
Ikarus Trojan-Spy.Win32.LummaStealer
Panda Trj/Chgt.AD
Fortinet W32/PossibleThreat
AVG MalwareX-gen [Trj]
Paloalto generic.ml