Multi-License Discount Quote

Change Region

English
Threat Database Hacktool Hacktool.TelegramHack.C

Hacktool.TelegramHack.C

By CagedTech in Hacktool

Threat Scorecard

Popularity Rank: 15,596
Threat Level: 50 % (Medium)
Infected Computers: 17
First Seen: March 2, 2023
Last Seen: February 25, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Hacktool.TelegramHack.C
Signature status: No Signature

Known Samples

MD5: c7c9ff34b56993d53357bcbb206a33fe
SHA1: 68059c3fdb1490acbd7fb2c36b0f82a634305303
SHA256: 7C4500D27A2B1364B78CC609825A0B3916C15BCA02F3AD44E4C8EF24A26CC1C7
File Size: 388.10 KB, 388096 bytes
MD5: c5c50c2b67c8f9a07ba5f02d79a4c18e
SHA1: 401b3b76d1e22aea02d3c434211c41bba6f620a7
SHA256: EF0D276104CF78FCB9B79A34AF29C67A90B6E8CC7402A8EC321B4F934025E1D6
File Size: 3.51 MB, 3508736 bytes
MD5: eeb787536c2820ef55bae05cf23a3384
SHA1: add8d9ffc78ee59c1bde5e1edb0c065f219cb0b9
SHA256: 298CE70F9FB97A76790820721D9452BA07C4A4236D0EB368112E68DB7BFB6B5B
File Size: 3.27 MB, 3270672 bytes
MD5: 9e204acd3ef7bac0ac5f3dd8ec4cbb7c
SHA1: 53f9c024f03c007ce1db49a02b2db39d35e340b2
SHA256: EBD5D2BDC7DCD3671A59737C856356828E911822FC171C96F9E3CE91329C07A5
File Size: 2.81 MB, 2814464 bytes
MD5: 043033eb6cb9b319cb95bf3fb0065efb
SHA1: ce461280c076565d48acfaca5b88f0c4abad9494
SHA256: 654FDE3946C7FB2187051E63F8E163A41028F3C1BA6D3DECCB15B1885A9816C2
File Size: 421.89 KB, 421888 bytes
Show More
MD5: f864c8dcabb299b734140e324abaefe3
SHA1: e3585a7d70e0d51e93be511a775dac3ca70a520d
SHA256: 8FFA6B09184B463191558BD8D3FD1130D291339F2134E759E20DD6AC8F05C91D
File Size: 3.51 MB, 3508736 bytes
MD5: c1b9d9b529f1f3fdfd17bd242f312e1d
SHA1: d8aa34210d91e04832cabafd9e757a62e5ead415
SHA256: 8E75808A372A1F08D6188353C5FFC255445CC4936535D02C3F93BC9B7DF100F0
File Size: 350.21 KB, 350208 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • 2+ executable sections
  • GetConsoleWindow
  • HighEntropy
  • imgui
  • No Version Info
  • ntdll
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 1,236
Potentially Malicious Blocks: 161
Whitelisted Blocks: 995
Unknown Blocks: 80

Visual Map

0 0 0 0 0 0 0 0 ? 0 x x ? 0 0 0 0 0 0 0 x 0 x x x ? x x x 0 ? ? x ? ? x ? x ? ? x x x ? ? ? ? ? x ? ? ? ? x ? 0 x x 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? x ? ? x ? x ? ? ? x ? ? ? ? x x x ? x ? x x x 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 x ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 0 x 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 x x 0 0 0 0 0 x x 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 x 0 0 1 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x 0 x 0 0 x 0 0 0 0 1 0 0 0 x 0 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x ? 0 x ? 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? x x 0 0 x x 0 0 0 x x 0 0 0 0 0 0 0 x ? x ? 0 0 x 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 x ? ? ? x ? ? 0 x x 0 x x 0 0 x ? x x x x x x x x 0 x 0 0 0 0 ? x ? x x x x x x x x 0 x 0 0 0 0 ? x ? x x x x x x x x 0 x 0 0 0 0 ? x ? x x x x x x x x 0 x 0 0 0 0 ? ? x ? x 0 x x 0 0 ? x ? ? x 0 x x 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Gamehack.EBB
  • Injector.KFSC
  • Kryptik.LDA
  • TelegramHack.C
  • TelegramHack.EE

Files Modified

File Attributes
c:\users\user\appdata\local\temp\dwm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鐸灅ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
Show More
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateUserProcess
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPrivilegeCheck
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationToken
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserCallNoParam
  • win32u.dll!NtUserGetGUIThreadInfo
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetObjectInformation
  • win32u.dll!NtUserGetProcessWindowStation
  • win32u.dll!NtUserGetThreadState
  • win32u.dll!NtUserMoveWindow
  • win32u.dll!NtUserSetLayeredWindowAttributes
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess

Shell Command Execution

C:\Users\Mrumgmmk\AppData\Local\Temp\dwm.exe (NULL)

Trending

Most Viewed

Loading...