File name:

GLP_installer_900223151_com.tencent.ig.exe

Full analysis: https://app.any.run/tasks/6b3a6dac-bdde-4fd8-a9a4-8acb03f59de0
Verdict: Malicious activity
Analysis date: March 06, 2024, 19:23:21
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

CCB2E7086AA1A0D4DA1AF43D3854FFDF

SHA1:

CF328E442C236134094CC27AB0A4550D1B5492F3

SHA256:

12A8179760F181F049EF3F729D1451001F2AC9F06620C5B9A4FCECA236A07A86

SSDEEP:

98304:6cSfQTi10+AVvro5MSdv9b6fZP0m6A16NJP2O752jGWMDmkQT479D8gPAO8yaDQT:Al/f

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • GLP_installer_900223151_com.tencent.ig.exe (PID: 3944)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • GLP_installer_900223151_com.tencent.ig.exe (PID: 3944)

    • Reads settings of System Certificates

      • GLP_installer_900223151_com.tencent.ig.exe (PID: 3944)

  • INFO

    • Checks supported languages

      • GLP_installer_900223151_com.tencent.ig.exe (PID: 3944)

    • Create files in a temporary directory

      • GLP_installer_900223151_com.tencent.ig.exe (PID: 3944)

    • Reads the computer name

      • GLP_installer_900223151_com.tencent.ig.exe (PID: 3944)

    • Creates files or folders in the user directory

      • GLP_installer_900223151_com.tencent.ig.exe (PID: 3944)

    • Reads the machine GUID from the registry

      • GLP_installer_900223151_com.tencent.ig.exe (PID: 3944)

    • Reads the software policy settings

      • GLP_installer_900223151_com.tencent.ig.exe (PID: 3944)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:17 05:53:21+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 2604544
InitializedDataSize: 1211392
UninitializedDataSize: -
EntryPoint: 0x220be4
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 1.0.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Tencent
FileDescription: Tencent Game Downloader
FileVersion: 1, 0, 0, 1
InternalName: TGBDownloader.exe
LegalCopyright: Copyright ? 2020 Tencent. All Rights Reserved.
OriginalFileName: TGBDownloader.exe
ProductName: Tencent Game Downloader
ProductVersion: 1, 0, 0, 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start glp_installer_900223151_com.tencent.ig.exe glp_installer_900223151_com.tencent.ig.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3536"C:\Users\admin\AppData\Local\Temp\GLP_installer_900223151_com.tencent.ig.exe" C:\Users\admin\AppData\Local\Temp\GLP_installer_900223151_com.tencent.ig.exeexplorer.exe
User:
admin
Company:
Tencent
Integrity Level:
MEDIUM
Description:
Tencent Game Downloader
Exit code:
3221226540
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\glp_installer_900223151_com.tencent.ig.exe
c:\windows\system32\ntdll.dll
3944"C:\Users\admin\AppData\Local\Temp\GLP_installer_900223151_com.tencent.ig.exe" C:\Users\admin\AppData\Local\Temp\GLP_installer_900223151_com.tencent.ig.exe
explorer.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
Tencent Game Downloader
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\glp_installer_900223151_com.tencent.ig.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
Total events
3 393
Read events
3 367
Write events
23
Delete events
3

Modification events

(PID) Process:(3944) GLP_installer_900223151_com.tencent.ig.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
GLP_installer_900223151_com.tencent.ig.exe
(PID) Process:(3944) GLP_installer_900223151_com.tencent.ig.exeKey:HKEY_CURRENT_USER\Software\Tencent\MobileGamePC\Beacon
Operation:writeName:Last_Sid_GLP_installer_900223151_com.tencent.ig.exe
Value:
2F8E16A7-12F7-404C-93F5-B54AA70BC342
(PID) Process:(3944) GLP_installer_900223151_com.tencent.ig.exeKey:HKEY_CURRENT_USER\Software\Tencent\MobileGamePC
Operation:writeName:TempPath
Value:
C:\Temp\TxGameDownload\Component\
(PID) Process:(3944) GLP_installer_900223151_com.tencent.ig.exeKey:HKEY_CURRENT_USER\Software\Tencent\MobileGamePC
Operation:writeName:UserLanguage
Value:
en
(PID) Process:(3944) GLP_installer_900223151_com.tencent.ig.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3944) GLP_installer_900223151_com.tencent.ig.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
Operation:delete valueName:9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Value:
(PID) Process:(3944) GLP_installer_900223151_com.tencent.ig.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(3944) GLP_installer_900223151_com.tencent.ig.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB60F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D8200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(3944) GLP_installer_900223151_com.tencent.ig.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
190000000100000010000000BCC80DAA2F98A4692805BFF4CBB372EB0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB61400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D7200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(3944) GLP_installer_900223151_com.tencent.ig.exeKey:HKEY_CURRENT_USER\Software\Tencent\MobileGamePC
Operation:writeName:abtestid
Value:
{"Component":"0"}
Executable files
2
Suspicious files
1
Text files
1
Unknown types
1

Dropped files

PID
Process
Filename
Type
3944GLP_installer_900223151_com.tencent.ig.exeC:\Users\admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dllexecutable
MD5:2814ACBD607BA47BDBCDF6AC3076EE95
SHA256:5904A7E4D97EEAC939662C3638A0E145F64FF3DD0198F895C4BF0337595C6A67
3944GLP_installer_900223151_com.tencent.ig.exeC:\test.tmpbinary
MD5:24DD65F32E3C6ED3FC3DCB4AA99C81A2
SHA256:F7C07A9EFA66E176F3B4A97699D77E332EBE4558A84C347B3328F95AAAAB9F62
3944GLP_installer_900223151_com.tencent.ig.exeC:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exeexecutable
MD5:6576D2C28D3C81D3BFA6C1C8020A0AA2
SHA256:7DFFE359071710221BCF3943FBF3737C64B98281A47AFF5A21BD7A39774EADCD
3944GLP_installer_900223151_com.tencent.ig.exeC:\Users\admin\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.dbtext
MD5:8CDD2558D98B4A8E924575F8C97B7475
SHA256:11C9004AEDA5FA30E4F03083546DEE226DB390CCBCEB7CC2D7F9F9B0CD8A1065
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
15
DNS requests
7
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3944
GLP_installer_900223151_com.tencent.ig.exe
101.33.47.68:8081
oth.eve.mdt.qq.com
Tencent Building, Kejizhongyi Avenue
SG
unknown
3944
GLP_installer_900223151_com.tencent.ig.exe
157.255.4.39:443
master.etl.desktop.qq.com
China Unicom Guangdong IP network
CN
unknown
3944
GLP_installer_900223151_com.tencent.ig.exe
49.51.131.79:443
unifiedaccess.gameloop.com
Tencent Building, Kejizhongyi Avenue
DE
unknown
3944
GLP_installer_900223151_com.tencent.ig.exe
43.152.26.142:443
down.gameloop.com
ACE
DE
unknown

DNS requests

Domain
IP
Reputation
master.etl.desktop.qq.com
  • 157.255.4.39
whitelisted
oth.eve.mdt.qq.com
  • 101.33.47.68
unknown
unifiedaccess.gameloop.com
  • 49.51.131.79
unknown
down.gameloop.com
  • 43.152.26.142
unknown

Threats

No threats detected
Process
Message
GLP_installer_900223151_com.tencent.ig.exe
Standard VGA Graphics Adapter
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GLP_installer_900223151_com.tencent.ig.exe