Telеgram[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Telеgram.exe
Size

12.7MB
MD5

b281fac8dcf95026333661a790e97c1a
SHA1

329b32403336054a502244aa8aff851864bfa16d
SHA256

d00032cee26fab01037e6a5ac74e0c986ffeafb5cc98eac9470a1d8fab8daeb9
SHA512

ca68c90482bdd99d5a43dfe111da29721e210c0f5c228b0986aff36f3eab9d73b0c83193736e7ca6f1b510a1b1ef89acb99843f75aefd937e62dcebf5c2c4535
SSDEEP

196608:6hilYC4pDCWX0qr0zaMxcFVYY9YFpG2tu3ygdlgTbwbh3ws5bXsDNtiqpZrfTGm9:6hilijDMx6Hh5ygdlgT0fg5fww

Score

1^/10

Malware Config

Signatures

Files

Telеgram.exe
.exe windows:6 windows x64 arch:x64

9fe56856022b08a2254a9b2a8de7121b

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:50:ac:af:ed:b7:df:43:f1:ed:41:6a
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/12/2023, 10:11

Not After

13/12/2024, 10:11

Subject

SERIALNUMBER=323784700315658,CN=IP Hanin German Evgenevich,O=IP Hanin German Evgenevich,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c8:c5:e4:04:0c:17:7a:a2:de:36:ce:15:47:22:86:62:47:64:f7:fd:dc:37:4f:a5:8e:96:05:92:30:bd:94:8a
Signer

Actual PE Digest

c8:c5:e4:04:0c:17:7a:a2:de:36:ce:15:47:22:86:62:47:64:f7:fd:dc:37:4f:a5:8e:96:05:92:30:bd:94:8a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteProcessMemory
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

MessageBoxA

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

shlwapi

PathFileExistsW

ws2_32

getaddrinfo

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-runtime-l1-1-0

_initterm

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-convert-l1-1-0

mbstowcs

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WpO
Size: - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l0@
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.'cT
Size: 12.7MB - Virtual size: 12.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fe56856022b08a2254a9b2a8de7121b

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

3f:50:ac:af:ed:b7:df:43:f1:ed:41:6aCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

c8:c5:e4:04:0c:17:7a:a2:de:36:ce:15:47:22:86:62:47:64:f7:fd:dc:37:4f:a5:8e:96:05:92:30:bd:94:8aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

shlwapi

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 136KB

.rdata Size: - Virtual size: 32KB

.data Size: - Virtual size: 5KB

.pdata Size: - Virtual size: 13KB

.WpO Size: - Virtual size: 7.8MB

.l0@ Size: 3KB - Virtual size: 3KB

.'cT Size: 12.7MB - Virtual size: 12.7MB

.reloc Size: 512B - Virtual size: 300B

.rsrc Size: 512B - Virtual size: 480B

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

3f:50:ac:af:ed:b7:df:43:f1:ed:41:6a
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

c8:c5:e4:04:0c:17:7a:a2:de:36:ce:15:47:22:86:62:47:64:f7:fd:dc:37:4f:a5:8e:96:05:92:30:bd:94:8a
Signer

.text
Size: - Virtual size: 136KB

.rdata
Size: - Virtual size: 32KB

.data
Size: - Virtual size: 5KB

.pdata
Size: - Virtual size: 13KB

.WpO
Size: - Virtual size: 7.8MB

.l0@
Size: 3KB - Virtual size: 3KB

.'cT
Size: 12.7MB - Virtual size: 12.7MB

.reloc
Size: 512B - Virtual size: 300B

.rsrc
Size: 512B - Virtual size: 480B