File name:

Zuoya GMK67 Keyboard Setup.exe

Full analysis: https://app.any.run/tasks/d153332d-7688-4747-a3ef-7d38518eeb7f
Verdict: Malicious activity
Analysis date: January 24, 2024, 17:07:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

6B1E5C7651C33030DA74DE2FF9190364

SHA1:

600DBAF2A899DC812F9C1A2465B99DB7D80C02AA

SHA256:

4C0DA3C450F93880ED7586617925DAE9B13DE1A8D62EBC738FF688DE06AB8178

SSDEEP:

98304:u+QqZ8frkK6xYSzEAOwrvHz3Ta2AJDv8UjY4KIaMSGaiPnbLNOguiRD5rkiR22nH:Df0MkjgBarmKxT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Zuoya GMK67 Keyboard Setup.exe (PID: 2568)
      • Zuoya GMK67 Keyboard Setup.exe (PID: 2484)
      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2780)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Zuoya GMK67 Keyboard Setup.exe (PID: 2484)
      • Zuoya GMK67 Keyboard Setup.exe (PID: 2568)
      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2780)

    • Uses TASKKILL.EXE to kill process

      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2780)

    • Reads the Internet Settings

      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2780)

    • Reads the Windows owner or organization settings

      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2780)

    • Process drops legitimate windows executable

      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2780)

    • The process drops C-runtime libraries

      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2780)

  • INFO

    • Create files in a temporary directory

      • Zuoya GMK67 Keyboard Setup.exe (PID: 2568)
      • Zuoya GMK67 Keyboard Setup.exe (PID: 2484)

    • Checks supported languages

      • Zuoya GMK67 Keyboard Setup.exe (PID: 2568)
      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2404)
      • Zuoya GMK67 Keyboard Setup.exe (PID: 2484)
      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2780)
      • wmpnscfg.exe (PID: 2316)
      • DeviceDriver.exe (PID: 1112)
      • DeviceDriver.exe (PID: 3984)

    • Reads the computer name

      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2404)
      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2780)
      • wmpnscfg.exe (PID: 2316)
      • DeviceDriver.exe (PID: 1112)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2316)
      • DeviceDriver.exe (PID: 3984)

    • Creates files in the program directory

      • Zuoya GMK67 Keyboard Setup.tmp (PID: 2780)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:06:03 10:09:11+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741376
InitializedDataSize: 100864
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: ZUOYO
FileDescription: ZUOYO GMK67 Driver Setup
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: ZUOYO GMK67 Driver
ProductVersion: V1.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
8
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start zuoya gmk67 keyboard setup.exe zuoya gmk67 keyboard setup.tmp no specs zuoya gmk67 keyboard setup.exe zuoya gmk67 keyboard setup.tmp wmpnscfg.exe no specs taskkill.exe no specs devicedriver.exe no specs devicedriver.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1112"C:\Program Files\ZUOYO GMK67 Driver\DeviceDriver.exe"C:\Program Files\ZUOYO GMK67 Driver\DeviceDriver.exeZuoya GMK67 Keyboard Setup.tmp
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.0.1.1
Modules
Images
c:\program files\zuoyo gmk67 driver\devicedriver.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2060"C:\Windows\System32\taskkill.exe" /f /im DeviceDriver.exeC:\Windows\System32\taskkill.exeZuoya GMK67 Keyboard Setup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
2316"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2404"C:\Users\admin\AppData\Local\Temp\is-8C86E.tmp\Zuoya GMK67 Keyboard Setup.tmp" /SL5="$8010A,5559508,843264,C:\Users\admin\AppData\Local\Temp\Zuoya GMK67 Keyboard Setup.exe" C:\Users\admin\AppData\Local\Temp\is-8C86E.tmp\Zuoya GMK67 Keyboard Setup.tmpZuoya GMK67 Keyboard Setup.exe
User:
admin
Company:
ZUOYO
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-8c86e.tmp\zuoya gmk67 keyboard setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2484"C:\Users\admin\AppData\Local\Temp\Zuoya GMK67 Keyboard Setup.exe" /SPAWNWND=$1800E6 /NOTIFYWND=$8010A C:\Users\admin\AppData\Local\Temp\Zuoya GMK67 Keyboard Setup.exe
Zuoya GMK67 Keyboard Setup.tmp
User:
admin
Company:
ZUOYO
Integrity Level:
HIGH
Description:
ZUOYO GMK67 Driver Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\zuoya gmk67 keyboard setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2568"C:\Users\admin\AppData\Local\Temp\Zuoya GMK67 Keyboard Setup.exe" C:\Users\admin\AppData\Local\Temp\Zuoya GMK67 Keyboard Setup.exe
explorer.exe
User:
admin
Company:
ZUOYO
Integrity Level:
MEDIUM
Description:
ZUOYO GMK67 Driver Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\zuoya gmk67 keyboard setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2780"C:\Users\admin\AppData\Local\Temp\is-89E1E.tmp\Zuoya GMK67 Keyboard Setup.tmp" /SL5="$120128,5559508,843264,C:\Users\admin\AppData\Local\Temp\Zuoya GMK67 Keyboard Setup.exe" /SPAWNWND=$1800E6 /NOTIFYWND=$8010A C:\Users\admin\AppData\Local\Temp\is-89E1E.tmp\Zuoya GMK67 Keyboard Setup.tmp
Zuoya GMK67 Keyboard Setup.exe
User:
admin
Company:
ZUOYO
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-89e1e.tmp\zuoya gmk67 keyboard setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3984"C:\Program Files\ZUOYO GMK67 Driver\DeviceDriver.exe" C:\Program Files\ZUOYO GMK67 Driver\DeviceDriver.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.0.1.1
Modules
Images
c:\program files\zuoyo gmk67 driver\devicedriver.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
1 223
Read events
1 208
Write events
9
Delete events
6

Modification events

(PID) Process:(2780) Zuoya GMK67 Keyboard Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2780) Zuoya GMK67 Keyboard Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2780) Zuoya GMK67 Keyboard Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2780) Zuoya GMK67 Keyboard Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2780) Zuoya GMK67 Keyboard Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
115
(PID) Process:(2780) Zuoya GMK67 Keyboard Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFilesHash
Value:
820A32B193D2F587E5AD2B80C8B496EFE6190D58020ED37E891477E9D7B4EC45
(PID) Process:(2780) Zuoya GMK67 Keyboard Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFiles0000
Value:
C:\Program Files\ZUOYO GMK67 Driver\DeviceDriver.exe
(PID) Process:(2780) Zuoya GMK67 Keyboard Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Sequence
Value:
1
(PID) Process:(2780) Zuoya GMK67 Keyboard Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:SessionHash
Value:
1DC10BF3E65ECA3FC4236F13287D4C6D20472A19DAF1FD6559C0FED7C323FDEA
(PID) Process:(2780) Zuoya GMK67 Keyboard Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Owner
Value:
DC0A0000820DFDC4E74EDA01
Executable files
18
Suspicious files
11
Text files
244
Unknown types
0

Dropped files

PID
Process
Filename
Type
2568Zuoya GMK67 Keyboard Setup.exeC:\Users\admin\AppData\Local\Temp\is-8C86E.tmp\Zuoya GMK67 Keyboard Setup.tmpexecutable
MD5:F9402729394A73F815D01B5E120EA173
SHA256:B94D85A374DE13106883540DCF26B90C120B75658BF8D3E105FD4841AFDAB806
2780Zuoya GMK67 Keyboard Setup.tmpC:\Program Files\ZUOYO GMK67 Driver\DeviceDriver.exeexecutable
MD5:DBFAF8DB386F8F6A15BFA7C6DD81552C
SHA256:4D67DE2D73508276425F077829AC05C78C77561EED732CB89A7E8311F179CF1E
2780Zuoya GMK67 Keyboard Setup.tmpC:\Program Files\ZUOYO GMK67 Driver\is-6FN5P.tmpexecutable
MD5:DBFAF8DB386F8F6A15BFA7C6DD81552C
SHA256:4D67DE2D73508276425F077829AC05C78C77561EED732CB89A7E8311F179CF1E
2780Zuoya GMK67 Keyboard Setup.tmpC:\Program Files\ZUOYO GMK67 Driver\unins000.exeexecutable
MD5:5E49D816D88C0BC7AE225266427DA30A
SHA256:89664F4395C912B24D4480D5E61F3B16428478542DC5E813C8A1809194687E2B
2780Zuoya GMK67 Keyboard Setup.tmpC:\Program Files\ZUOYO GMK67 Driver\is-62UF5.tmpexecutable
MD5:5E49D816D88C0BC7AE225266427DA30A
SHA256:89664F4395C912B24D4480D5E61F3B16428478542DC5E813C8A1809194687E2B
2484Zuoya GMK67 Keyboard Setup.exeC:\Users\admin\AppData\Local\Temp\is-89E1E.tmp\Zuoya GMK67 Keyboard Setup.tmpexecutable
MD5:F9402729394A73F815D01B5E120EA173
SHA256:B94D85A374DE13106883540DCF26B90C120B75658BF8D3E105FD4841AFDAB806
2780Zuoya GMK67 Keyboard Setup.tmpC:\Program Files\ZUOYO GMK67 Driver\is-QDIPI.tmpexecutable
MD5:A227186B5EA955C9BF85064CADD5456C
SHA256:A1B004D313665FA3835D762F1158DD048DCB831366FABE7AF9F1FD32D2255381
2780Zuoya GMK67 Keyboard Setup.tmpC:\Program Files\ZUOYO GMK67 Driver\is-L4LG6.tmpexecutable
MD5:433F3DC9846462820EBC2931E1D035DD
SHA256:16316E06E0DC822C93EB85BF2C382FA5F2F554B0E3BB2F22D524F6752EC2D754
2780Zuoya GMK67 Keyboard Setup.tmpC:\Program Files\ZUOYO GMK67 Driver\msvcp140.dllexecutable
MD5:A227186B5EA955C9BF85064CADD5456C
SHA256:A1B004D313665FA3835D762F1158DD048DCB831366FABE7AF9F1FD32D2255381
2780Zuoya GMK67 Keyboard Setup.tmpC:\Program Files\ZUOYO GMK67 Driver\mui.dllexecutable
MD5:31F3AE338E2147158D7769EDD7C449D3
SHA256:2F6C9939E2430D79EF8B8078409DD34D7F27ABC598662D28FAA62950E73AE799
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Zuoya GMK67 Keyboard Setup.exe