Hacktool.TelegramHack.F
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 8,772 |
| Threat Level: | 50 % (Medium) |
| Infected Computers: | 79 |
| First Seen: | February 5, 2024 |
| Last Seen: | February 26, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Hacktool.TelegramHack.F |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
01f242cc6d7afee2ab2c57ec5f76c0af
SHA1:
ef048a1e16dd52b4deef567947452eb79a0c85a9
File Size:
3.07 MB, 3069952 bytes
|
|
MD5:
9eab8250479e8a0a13189c0b4f10c490
SHA1:
b8a2cb17cf326a63344605dae124b8fddcfc5ec1
SHA256:
310C21339D5694231738AB9ABEFCB6C52575C13E09500E223B14936CF48A7F38
File Size:
1.15 MB, 1147904 bytes
|
|
MD5:
26c63ee93cc740707de41eeaca7bb9a2
SHA1:
3a797938295ae7a2c1272856370f4b971feec5a6
SHA256:
8F7863DEDC571EFFF6AABF1029AE50279CF31886D70B8B107312ACB720BC33BD
File Size:
2.90 MB, 2898432 bytes
|
|
MD5:
f86c40686eaf08a0bba0d8423d3dd1d5
SHA1:
4972b5cdb0a1bd1af40bafcbb0e806a1cea3bb57
SHA256:
18FA44AC8EC31916DF5C8F88923EA270179390CAA5F678E0CBD68F1247A704C2
File Size:
2.81 MB, 2806272 bytes
|
|
MD5:
28888a3fa91a6c7940a2b9cdf6dd4017
SHA1:
3380c1d1ae258c0166b1b4f609c2745cae7ebd98
SHA256:
4D877CC2B9F8777C3D7650BEF84ADF496E4B7DAFE4C0F07B2F655F5E45107D5E
File Size:
3.03 MB, 3026944 bytes
|
Show More
|
MD5:
6c1180ddfee16f8984f3ac4734fc1cce
SHA1:
7ebaf59cbdb47b8c125088d2b07f59b9bfb2fdb1
SHA256:
18C776E1378469A5F7317EA038C3FFFBD3FB796128B059E1D549D12B0C9E1804
File Size:
5.85 MB, 5850112 bytes
|
|
MD5:
331f6c291d3fa62c4fccd20e3e5c117c
SHA1:
e3950f8b9b42596d297f70fecf983f8c62363e5b
SHA256:
EB5B8B62406DB210F0D99B746DFD519CEE0412BCF49EF8F5F1872384611581FA
File Size:
722.43 KB, 722432 bytes
|
|
MD5:
6d4035102aba26a79aea5a11dc95fb3f
SHA1:
4cc56eb58daff53b34bb68359970a8c261fb243b
SHA256:
A5A9AA550419E943ECEE5732E19ACAFD8635E4FFDF1A78F363426AAA270CEFFB
File Size:
911.36 KB, 911360 bytes
|
|
MD5:
7f70ecf89f7e9fc89b7f680913d8d9ba
SHA1:
eb83d410d19c6f8e23c027f8c8b7d4d4ad36b090
SHA256:
A3B0B0207B7E1BAA3B0D2D55335EBEAAC546D21C9C717AF75087A5F9D82526D1
File Size:
2.81 MB, 2814464 bytes
|
|
MD5:
a80f365b83b735927ffa8eb69fa83df5
SHA1:
8d74e2bcc697a9e7812ac7b8094f72c3aff553b4
SHA256:
1B07E447F8BC6DFB3BA61A1883572BABD72576C076737CF346EA7F2C245D6BE5
File Size:
2.50 MB, 2497024 bytes
|
|
MD5:
cf556adaff7c0348b60781870c50967d
SHA1:
dda2fb788a642e9ce525c31003a7ffdcb1029e26
SHA256:
EA55611321F67A7A0D40F26302D7A42B270A229B0791D6ED519A2B822073A65D
File Size:
3.51 MB, 3506176 bytes
|
|
MD5:
841c438ee18f4db7826d080b26d7cba1
SHA1:
03cefdd853ff29a2964d7a8f513e9d8a3a778225
SHA256:
A38B257A30B740A9AD866AC1D39619B39E20413700EE1D31E54BD6E81AC44254
File Size:
664.06 KB, 664064 bytes
|
|
MD5:
e6300f7fb44bb153f8a34603266583fa
SHA1:
da21784612d5ab1478288f58fea8380cb643438c
SHA256:
A68E93F714883C976997DA4226EBB885422F424F4C241EDB27F22B1EAFFC907E
File Size:
1.32 MB, 1317888 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | ermaccer |
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright | Copyright (C) 2024 |
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- dll
- HighEntropy
- imgui
- No Version Info
- ntdll
- VirtualQueryEx
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 4,214 |
|---|---|
| Potentially Malicious Blocks: | 66 |
| Whitelisted Blocks: | 3,311 |
| Unknown Blocks: | 837 |
Visual Map
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
?
?
0
0
0
0
x
0
x
0
x
?
1
0
0
1
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
1
0
x
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
?
0
0
0
0
0
0
?
?
0
0
0
0
0
0
1
?
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
x
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
?
0
0
?
0
?
?
0
x
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
?
0
0
0
0
0
0
0
?
0
0
0
?
x
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
x
0
?
?
0
0
0
?
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
?
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
0
0
?
0
?
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
1
0
0
0
0
0
0
0
?
0
?
x
?
1
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
x
0
0
x
0
0
?
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
0
0
0
0
?
0
0
0
0
?
0
0
0
0
0
0
0
0
1
0
?
0
0
0
0
0
0
0
0
0
0
0
?
?
?
0
?
0
0
0
0
0
0
?
0
?
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
1
0
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
?
0
?
0
0
0
0
?
0
0
?
?
?
0
0
?
?
1
0
0
0
0
0
0
0
?
?
?
?
?
0
0
?
?
0
0
?
0
?
?
?
?
?
0
0
?
?
?
0
0
0
?
0
0
0
0
0
?
?
?
0
0
0
0
0
0
0
0
0
0
?
0
0
0
?
?
?
0
0
0
0
1
?
0
?
0
?
0
0
0
0
0
0
?
0
?
0
0
0
0
?
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
0
0
0
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
?
0
0
?
0
0
0
0
0
1
?
?
?
0
0
0
1
?
0
0
1
?
0
0
0
0
0
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
0
0
0
?
?
?
?
0
0
0
0
?
?
0
?
?
0
?
?
0
0
0
0
?
0
0
0
0
0
0
?
?
?
?
0
0
?
?
?
0
?
?
0
0
?
?
0
0
?
0
?
0
0
0
0
0
?
0
?
0
?
0
0
0
0
?
0
?
0
0
?
0
?
?
0
?
?
0
?
0
?
0
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
?
0
0
0
?
?
x
x
0
?
0
0
0
0
0
0
0
?
?
?
?
?
?
0
0
0
0
0
?
0
0
?
0
0
0
?
0
?
0
?
?
x
?
?
?
0
0
0
?
0
?
?
1
?
0
0
0
?
?
?
?
?
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
1
0
?
1
0
0
0
0
0
0
0
0
0
0
0
?
?
x
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
?
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
?
x
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
x
?
0
0
0
0
0
?
?
?
?
0
?
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
x
0
0
0
0
?
0
0
0
0
0
0
?
0
0
?
?
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
1
0
0
0
?
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
x
0
0
?
0
?
0
?
0
0
0
?
0
?
?
?
0
?
?
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
?
?
?
?
?
?
0
0
?
0
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
?
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
?
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
x
0
0
0
?
0
?
?
0
0
0
?
?
0
0
0
?
?
?
0
?
0
0
0
0
0
0
?
?
0
0
0
0
?
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- CsgoInjector.GH
- Downloader.Agent.BTZ
- Gamehack.EBB
- Gamehack.GDDG
- Gamehack.GDDH
Show More
- Injector.KFSC
- Kryptik.EFJ
- Kryptik.LDA
- TelegramHack.F
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
88 additional items are not displayed above. |
