Gridinsoft Logo
File Icon

The 909b5c143938e95d2b52e9cd8c62cfe24e46bf447ba0eaa9c23572afd7a7cfef.exe (Telegram Desktop Setup) File Analysis

Updated 5 days ago
Checked by Malware Check
909b5c143938e95d2b52e9cd8c62cfe24e46bf447ba0eaa9c23572afd7a7cfef.exe

Technical Analysis

File Name 909b5c143938e95d2b52e9cd8c62cfe24e46bf447ba0eaa9c23572afd7a7cfef.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
1572864:FiN8cCZ1vSaL6mDoPbx1dDk3iVXG4xqsIXIXB:A81vSaL6eoPbx1VRdY4R
Scanner Version 1.0.220.174
Database Version 2025-07-11 00:00:17 UTC

Suspicious File Detected

Detected by 35 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

Shellcode is malicious code designed for execution on compromised systems, typically serving as an initial attack vector for malware deployment and system exploitation.
50%
Detection Rate
51,743,589
File Size (bytes)
35/70
Engines Detected
2025-07-11
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
bbb7ac6907311884662987f7d3509464
SHA1
28799de9e3fb0a0e560c57139214943a7cd3badb
SHA256
909b5c143938e95d2b52e9cd8c62cfe24e46bf447ba0eaa9c23572afd7a7cfef
SHA512
6d4735c52f2d8f60cec8f0d7ed083b95d9ebb5e9d69eb5ed69741c60722882f53cde8938d7b0422a35cfd9833a06e0b208652be84083348b82385359195416cc
ImpHash
40ab50289f7ef5fae60801f88d4541fc

Security Engines with Detections (35 of 70)

Bkav
W32.AIDetectMalware Malicious
Lionic
Trojan.Win32.Shellcode.4!c Malicious
MicroWorld-eScan
QD:Trojan.GenericKDQ.D6815FF136 Malicious
CTX
exe.trojan.shellcode Malicious
Skyhigh
Artemis Malicious
ALYac
QD:Trojan.GenericKDQ.D6815FF136 Malicious
Sangfor
Trojan.Win32.Shellcode.Vjiz Malicious
K7AntiVirus
Trojan ( 005c8be51 ) Malicious
Alibaba
Trojan:Win32/Shellcode.b6826004 Malicious
K7GW
Trojan ( 005c8be51 ) Malicious
VirIT
Trojan.Win32.DelphGen.ILO Malicious
Symantec
Trojan.Gen.2 Malicious
ESET-NOD32
multiple detections Malicious
Avast
Win64:MalwareX-gen [Misc] Malicious
Kaspersky
Trojan.Win32.Shellcode.cln Malicious
BitDefender
QD:Trojan.GenericKDQ.D6815FF136 Malicious
Rising
Trojan.Agent!8.B1E (CLOUD) Malicious
Emsisoft
QD:Trojan.GenericKDQ.D6815FF136 (B) Malicious
F-Secure
Trojan.TR/AVI.Agent.bvsvc Malicious
VIPRE
QD:Trojan.GenericKDQ.D6815FF136 Malicious
McAfeeD
ti!909B5C143938 Malicious
Sophos
Generic Reputation PUA (PUA) Malicious
Ikarus
Trojan.Win64.Agent Malicious
GData
QD:Trojan.GenericKDQ.D6815FF136 Malicious
Google
Detected Malicious
Avira
TR/AVI.Agent.bvsvc Malicious
Kingsoft
Win32.Trojan.Shellcode.cln Malicious
Arcabit
QD:Trojan.GenericQ.D6815FF136 Malicious
Microsoft
HackTool:Win32/Malgent!MSR Malicious
Varist
W32/ABTrojan.NPDF-7602 Malicious
Tencent
Win32.Trojan.Shellcode.Akjl Malicious
MaxSecure
Trojan.Malware.395308907.susgen Malicious
Fortinet
W32/NDAoF Malicious
AVG
Win64:MalwareX-gen [Misc] Malicious
DeepInstinct
MALICIOUS Malicious
35 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 5f2d1bd5b42f282ecb4b172189b56cd1
Fuzzy: 6b4176e4a99bd11b4a383199d676f595
dHash: 70d8e6e0e0a6c870
Image Base 0x00400000
Entry Point 0x004a83bc
Compilation Time 2024-07-12 07:26:53
Checksum 0x00000000 (Actual: 0x03167f3d)
OS Version 6.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 5 libraries
kernel32, comctl32, user32, oleaut32, advapi32
Exports 2 functions
Resources 18 Resources
Sections 11 Sections

Version Information

Comments This installation was built with Inno Setup.
CompanyName
FileDescription Telegram Desktop Setup
FileVersion 5.16.1
LegalCopyright Telegram FZ-LLC 2014-2024
OriginalFileName
ProductName Telegram Desktop
ProductVersion 5.16.1
Translation 0x0000 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 677,516 bytes 677,888 bytes 6.38 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ B889D302F6FC48A904DE33D8D947AE80
.itext 0x000a7000 7,012 bytes 7,168 bytes 6.11 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 588DD0A8AB499300D3701CBD11B017D9
.data 0x000a9000 14,392 bytes 14,848 bytes 4.96 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5C0C76E77AEF52EBC6702430837CCB6E
.bss 0x000ad000 29,272 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.idata 0x000b5000 4,076 bytes 4,096 bytes 5.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 627340DFF539EF99048969AA4824FB2D
.didata 0x000b6000 420 bytes 512 bytes 2.73 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE FD11C1109737963CC6CB7258063ABFD6
.edata 0x000b7000 113 bytes 512 bytes 1.31 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7DE8CA0C7A61668A728FD3A88DC0942D
.tls 0x000b8000 24 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rdata 0x000b9000 93 bytes 512 bytes 1.39 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D84006640084DC9F74A07C2FF9C7D656
.reloc 0x000ba000 69,544 bytes 69,632 bytes 6.71 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ A85FDA2741BD9417695DAA5FC5A9D7A5
.rsrc 0x000cb000 23,292 bytes 23,552 bytes 5.10 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2287DD6A8D9416ED27F038495F91F832
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 18 (22,212 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 9,640 bytes
43.4%
RT_STRING 11 8,336 bytes
37.5%
RT_RCDATA 3 844 bytes
3.8%
RT_GROUP_ICON 1 20 bytes
0.1%
RT_VERSION 1 1,412 bytes
6.4%
RT_MANIFEST 1 1,960 bytes
8.8%

Certificate Chain Analysis

Certificate Information
Product Telegram Desktop
Description Telegram Desktop Setup
File Version 5.16.1
Copyright Telegram FZ-LLC 2014-2024

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
35 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware