Trojan.TelegramHack.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 9,179 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 19 |
| First Seen: | January 27, 2022 |
| Last Seen: | November 6, 2025 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.TelegramHack.A |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
f620e234dee2c8ad4f8b993e9ccc9e95
SHA1:
f4c0602d28840e8c5997a12bff38389418a77bfe
File Size:
2.40 MB, 2403840 bytes
|
|
MD5:
9d198fba674f7ad4385ef51ee241d79e
SHA1:
63f856cb2ff834b82782386b43858672c1f46037
SHA256:
128E13028F0F931D794F10374CBFDC1A550FC4590640E70763B941E09635C309
File Size:
4.35 MB, 4353536 bytes
|
|
MD5:
8de45797d636f8dc508a3f44eaf317b7
SHA1:
ddcba4e3663789658913c54c715934b4ee72d598
SHA256:
23E7586D353CFF865E7FA2414587BE2B5B5D4F028A69BAC12CE16316BABD91AA
File Size:
4.02 MB, 4015104 bytes
|
|
MD5:
8709d0c5ea777f1e52ea5757a47935b0
SHA1:
1f3c1c7e71373af8a4eca64e04ffa7b8956ce91d
SHA256:
4BF99FFB6C92BAF1AD9FAC90288EEE65B08F483D1AFF315EE95DCBC7EBECD141
File Size:
4.25 MB, 4252160 bytes
|
|
MD5:
eba2296d4e1151628c9b382779b1454f
SHA1:
2432d01e29cf14cb95ff0e21229ae8fdcaf83951
SHA256:
EC22A38E672E1574602693F5EDB19C7D5511CC1A88C03446C28EE17D0D045B6D
File Size:
4.01 MB, 4009472 bytes
|
Show More
|
MD5:
54c6f11df8cd02db23c6fc02711ec189
SHA1:
e435cda8258d348a71b02691e501adc7258f4459
SHA256:
D751FD3CFC1DF247ACD211BCC89F5D93C6FC0AC69B4198D646ED038C399AF8E1
File Size:
1.62 MB, 1615872 bytes
|
|
MD5:
18179ad0c0980ed4928bbded2d35777f
SHA1:
4eb6b98f2b454b042da5e98384f4631169e37e67
SHA256:
E59A1A0CBA2408D06E8AAEFB246E1C875846A1FE6718144036D1B4892E6149F9
File Size:
3.69 MB, 3688448 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| File Description | Unreal engine dumper with live inspect |
| File Version | 2.0.0.0 |
| Internal Name | UEDumper.exe |
| Legal Copyright | Copyright (C) 2023 Spuckwaffel |
| Original Filename | UEDumper.exe |
| Product Name | UEDumper |
| Product Version | 2.0.0.0 |
File Traits
- fptable
- GetConsoleWindow
- HighEntropy
- imgui
- No Version Info
- ntdll
- VirtualQueryEx
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,316 |
|---|---|
| Potentially Malicious Blocks: | 196 |
| Whitelisted Blocks: | 1,949 |
| Unknown Blocks: | 171 |
Visual Map
0
0
0
0
0
0
0
0
0
0
?
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
1
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
x
x
x
x
x
x
x
?
?
x
x
0
0
0
?
0
x
0
0
0
0
0
0
0
0
0
0
?
x
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
?
?
?
?
?
0
x
0
0
0
0
0
0
0
x
x
0
x
?
x
x
0
x
x
0
x
x
x
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
x
x
x
?
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
x
0
x
?
?
x
?
x
0
x
x
0
x
0
x
0
?
?
0
x
x
x
x
x
x
x
0
x
?
0
0
0
x
x
x
0
?
?
x
0
?
?
x
0
0
0
0
?
?
0
?
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
x
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
x
x
0
0
x
0
0
?
?
?
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
x
0
0
0
?
0
?
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
x
x
x
0
x
0
0
0
0
0
?
0
0
?
?
?
0
0
x
0
0
?
?
1
?
0
0
0
0
?
0
1
0
0
0
0
0
0
0
0
0
?
0
x
0
0
0
?
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
1
0
x
0
0
0
0
0
0
0
0
x
x
0
?
0
0
0
0
x
0
0
0
?
?
0
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
0
0
0
?
?
0
0
0
0
x
0
x
x
x
0
0
x
0
?
0
0
?
?
x
0
0
0
0
0
1
0
x
0
x
0
0
0
0
0
0
0
?
0
x
x
0
0
0
?
0
0
0
0
0
0
0
x
0
0
0
0
?
0
0
0
0
0
0
0
x
x
0
0
0
0
?
0
x
0
0
?
x
?
0
0
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
x
?
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
?
x
0
0
0
0
0
0
?
0
0
?
?
0
?
0
0
0
0
0
0
x
0
0
1
0
0
0
x
x
x
0
0
0
0
0
?
x
0
x
x
0
x
0
?
0
0
0
0
0
0
0
?
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
1
0
0
1
0
0
0
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
?
0
x
x
x
x
0
0
0
0
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
x
x
x
0
x
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
x
0
0
0
0
0
0
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
?
?
?
0
x
0
?
0
0
0
0
x
0
?
0
x
0
0
0
0
0
?
x
?
?
?
?
?
?
?
0
0
0
0
0
0
0
?
?
x
?
0
?
x
?
0
?
0
?
x
0
?
0
x
x
0
0
0
0
0
0
0
0
0
0
?
x
0
0
?
x
?
?
0
0
?
0
?
?
0
0
x
?
?
?
?
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
?
?
0
0
0
?
?
?
?
?
?
0
0
?
0
?
0
?
0
?
0
0
x
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
x
?
0
x
?
?
?
0
0
0
0
0
x
?
?
?
0
0
0
0
0
x
?
?
?
0
0
0
0
0
x
?
?
?
0
0
0
0
0
0
?
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
0
?
0
x
?
?
?
x
0
0
0
x
x
x
0
0
0
0
0
0
x
x
0
?
?
?
x
0
0
0
0
0
0
x
?
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
77 additional items are not displayed above. |
| Anti Debug |
|
