ScreenShot
| Created | 2025.01.22 17:19 | Machine | s1_win7_x6401 |
| Filename | Telegram.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (Unsafe, Save, malicious, confidence, 100%, GenericKD, Attribute, HighConfidence, high confidence, MalwareX, ShellCodeRunner, CLASSIC, Detected, GrayWare, Wacapew, ABTrojan, DGMV, Artemis, Lumma, LummaStealer, Chgt, PossibleThreat) | ||
| md5 | 8977c554e151a36aa2f53207eb822fb4 | ||
| sha256 | 9cf35e37a788902a1219ec2583a6025b05208ad48e6fda2fc52ba1e0f852b53e | ||
| ssdeep | 98304:OkdgMCaWH5Ly6VefRq1JS6YFGt2aXQwcVwM+2cG4/:OCCa+efRgJS6YFmdAVVrY/ | ||
| imphash | 0eec88a043331cc2262f3c1e5fe9d257 | ||
| impfuzzy | 48:wCU+y4mx90CmpyZBJtYcVzlc+pwNJ+owZD/gAke5rC7SYMEDUpfJenRH0Wl39:wr+y4mxYajtYcRlc+pwoxs | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0xa19000 PerfOpenQueryHandle
KERNEL32.dll
0xa19030 RtlCaptureContext
0xa19034 GetStdHandle
0xa19038 GetCommandLineW
0xa1903c GetEnvironmentVariableW
0xa19040 ExpandEnvironmentStringsW
0xa19044 CreateFileW
0xa19048 FindClose
0xa1904c FindFirstFileExW
0xa19050 FindNextFileW
0xa19054 FlushFileBuffers
0xa19058 GetFullPathNameW
0xa1905c GetLogicalDrives
0xa19060 ReadFile
0xa19064 WriteFile
0xa19068 GetLastError
0xa1906c QueryPerformanceCounter
0xa19070 GetProcessHeap
0xa19074 Sleep
0xa19078 GetCurrentProcess
0xa1907c GetCurrentProcessId
0xa19080 GetCurrentThread
0xa19084 GetCurrentThreadId
0xa19088 IsProcessorFeaturePresent
0xa1908c GetSystemInfo
0xa19090 GetLocalTime
0xa19094 GetNativeSystemInfo
0xa19098 VirtualProtect
0xa1909c MapViewOfFile
0xa190a0 CreateTimerQueue
0xa190a4 GetModuleFileNameW
0xa190a8 GetModuleHandleA
0xa190ac GetModuleHandleW
0xa190b0 FormatMessageW
0xa190b4 CopyFileW
0xa190b8 WriteConsoleW
0xa190bc CloseHandle
0xa190c0 ReadConsoleW
0xa190c4 SetFilePointerEx
0xa190c8 GetFileSizeEx
0xa190cc GetConsoleMode
0xa190d0 GetConsoleOutputCP
0xa190d4 HeapReAlloc
0xa190d8 HeapSize
0xa190dc SetConsoleCtrlHandler
0xa190e0 LCMapStringW
0xa190e4 CompareStringW
0xa190e8 GetTimeFormatW
0xa190ec GetDateFormatW
0xa190f0 InitializeCriticalSectionEx
0xa190f4 IsThreadAFiber
0xa190f8 FlsFree
0xa190fc FlsSetValue
0xa19100 FlsGetValue
0xa19104 FlsAlloc
0xa19108 GetTempPathW
0xa1910c EnumSystemLocalesW
0xa19110 GetUserDefaultLCID
0xa19114 IsValidLocale
0xa19118 GetLocaleInfoW
0xa1911c GetStringTypeW
0xa19120 GetFileType
0xa19124 SetStdHandle
0xa19128 SetEnvironmentVariableW
0xa1912c UnhandledExceptionFilter
0xa19130 SetUnhandledExceptionFilter
0xa19134 TerminateProcess
0xa19138 GetSystemTimeAsFileTime
0xa1913c InitializeSListHead
0xa19140 IsDebuggerPresent
0xa19144 GetStartupInfoW
0xa19148 RaiseException
0xa1914c MultiByteToWideChar
0xa19150 WideCharToMultiByte
0xa19154 HeapAlloc
0xa19158 HeapFree
0xa1915c VirtualQuery
0xa19160 FreeLibrary
0xa19164 GetProcAddress
0xa19168 InterlockedPushEntrySList
0xa1916c InterlockedFlushSList
0xa19170 LoadLibraryExW
0xa19174 RtlUnwind
0xa19178 SetLastError
0xa1917c EnterCriticalSection
0xa19180 LeaveCriticalSection
0xa19184 DeleteCriticalSection
0xa19188 InitializeCriticalSectionAndSpinCount
0xa1918c TlsAlloc
0xa19190 TlsGetValue
0xa19194 TlsSetValue
0xa19198 TlsFree
0xa1919c EncodePointer
0xa191a0 ExitProcess
0xa191a4 GetModuleHandleExW
0xa191a8 OutputDebugStringW
0xa191ac IsValidCodePage
0xa191b0 GetACP
0xa191b4 GetOEMCP
0xa191b8 GetCPInfo
0xa191bc GetCommandLineA
0xa191c0 GetEnvironmentStringsW
0xa191c4 FreeEnvironmentStringsW
0xa191c8 DecodePointer
USER32.dll
0xa19248 LoadCursorW
0xa1924c SetWindowLongW
0xa19250 FillRect
0xa19254 ClientToScreen
0xa19258 GetCursorPos
0xa1925c MessageBoxW
0xa19260 SetWindowTextW
0xa19264 GetUpdateRect
0xa19268 ReleaseDC
0xa1926c DrawTextW
0xa19270 SetMenuItemInfoW
0xa19274 TrackPopupMenu
0xa19278 LoadIconW
0xa1927c DestroyMenu
0xa19280 CreatePopupMenu
0xa19284 GetActiveWindow
0xa19288 CharUpperA
0xa1928c SendDlgItemMessageW
0xa19290 IsDlgButtonChecked
0xa19294 CheckDlgButton
0xa19298 GetDlgItemTextW
0xa1929c GetDlgItem
0xa192a0 IsWindow
0xa192a4 RegisterClassW
0xa192a8 SendMessageW
0xa192ac wsprintfW
0xa192b0 AppendMenuW
EAT(Export Address Table) is none
ADVAPI32.dll
0xa19000 PerfOpenQueryHandle
KERNEL32.dll
0xa19030 RtlCaptureContext
0xa19034 GetStdHandle
0xa19038 GetCommandLineW
0xa1903c GetEnvironmentVariableW
0xa19040 ExpandEnvironmentStringsW
0xa19044 CreateFileW
0xa19048 FindClose
0xa1904c FindFirstFileExW
0xa19050 FindNextFileW
0xa19054 FlushFileBuffers
0xa19058 GetFullPathNameW
0xa1905c GetLogicalDrives
0xa19060 ReadFile
0xa19064 WriteFile
0xa19068 GetLastError
0xa1906c QueryPerformanceCounter
0xa19070 GetProcessHeap
0xa19074 Sleep
0xa19078 GetCurrentProcess
0xa1907c GetCurrentProcessId
0xa19080 GetCurrentThread
0xa19084 GetCurrentThreadId
0xa19088 IsProcessorFeaturePresent
0xa1908c GetSystemInfo
0xa19090 GetLocalTime
0xa19094 GetNativeSystemInfo
0xa19098 VirtualProtect
0xa1909c MapViewOfFile
0xa190a0 CreateTimerQueue
0xa190a4 GetModuleFileNameW
0xa190a8 GetModuleHandleA
0xa190ac GetModuleHandleW
0xa190b0 FormatMessageW
0xa190b4 CopyFileW
0xa190b8 WriteConsoleW
0xa190bc CloseHandle
0xa190c0 ReadConsoleW
0xa190c4 SetFilePointerEx
0xa190c8 GetFileSizeEx
0xa190cc GetConsoleMode
0xa190d0 GetConsoleOutputCP
0xa190d4 HeapReAlloc
0xa190d8 HeapSize
0xa190dc SetConsoleCtrlHandler
0xa190e0 LCMapStringW
0xa190e4 CompareStringW
0xa190e8 GetTimeFormatW
0xa190ec GetDateFormatW
0xa190f0 InitializeCriticalSectionEx
0xa190f4 IsThreadAFiber
0xa190f8 FlsFree
0xa190fc FlsSetValue
0xa19100 FlsGetValue
0xa19104 FlsAlloc
0xa19108 GetTempPathW
0xa1910c EnumSystemLocalesW
0xa19110 GetUserDefaultLCID
0xa19114 IsValidLocale
0xa19118 GetLocaleInfoW
0xa1911c GetStringTypeW
0xa19120 GetFileType
0xa19124 SetStdHandle
0xa19128 SetEnvironmentVariableW
0xa1912c UnhandledExceptionFilter
0xa19130 SetUnhandledExceptionFilter
0xa19134 TerminateProcess
0xa19138 GetSystemTimeAsFileTime
0xa1913c InitializeSListHead
0xa19140 IsDebuggerPresent
0xa19144 GetStartupInfoW
0xa19148 RaiseException
0xa1914c MultiByteToWideChar
0xa19150 WideCharToMultiByte
0xa19154 HeapAlloc
0xa19158 HeapFree
0xa1915c VirtualQuery
0xa19160 FreeLibrary
0xa19164 GetProcAddress
0xa19168 InterlockedPushEntrySList
0xa1916c InterlockedFlushSList
0xa19170 LoadLibraryExW
0xa19174 RtlUnwind
0xa19178 SetLastError
0xa1917c EnterCriticalSection
0xa19180 LeaveCriticalSection
0xa19184 DeleteCriticalSection
0xa19188 InitializeCriticalSectionAndSpinCount
0xa1918c TlsAlloc
0xa19190 TlsGetValue
0xa19194 TlsSetValue
0xa19198 TlsFree
0xa1919c EncodePointer
0xa191a0 ExitProcess
0xa191a4 GetModuleHandleExW
0xa191a8 OutputDebugStringW
0xa191ac IsValidCodePage
0xa191b0 GetACP
0xa191b4 GetOEMCP
0xa191b8 GetCPInfo
0xa191bc GetCommandLineA
0xa191c0 GetEnvironmentStringsW
0xa191c4 FreeEnvironmentStringsW
0xa191c8 DecodePointer
USER32.dll
0xa19248 LoadCursorW
0xa1924c SetWindowLongW
0xa19250 FillRect
0xa19254 ClientToScreen
0xa19258 GetCursorPos
0xa1925c MessageBoxW
0xa19260 SetWindowTextW
0xa19264 GetUpdateRect
0xa19268 ReleaseDC
0xa1926c DrawTextW
0xa19270 SetMenuItemInfoW
0xa19274 TrackPopupMenu
0xa19278 LoadIconW
0xa1927c DestroyMenu
0xa19280 CreatePopupMenu
0xa19284 GetActiveWindow
0xa19288 CharUpperA
0xa1928c SendDlgItemMessageW
0xa19290 IsDlgButtonChecked
0xa19294 CheckDlgButton
0xa19298 GetDlgItemTextW
0xa1929c GetDlgItem
0xa192a0 IsWindow
0xa192a4 RegisterClassW
0xa192a8 SendMessageW
0xa192ac wsprintfW
0xa192b0 AppendMenuW
EAT(Export Address Table) is none