download:

ygopro.exe

Full analysis: https://app.any.run/tasks/60a76ca4-c918-48c1-8762-ff9d70221aee
Verdict: No threats detected
Analysis date: November 22, 2019, 05:12:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

2A96A75A9AF4560B29F47184D3A2BACB

SHA1:

136F692343E5391FECCADB4198A533F97ADB5E55

SHA256:

5D819F66033DD8C5743C54C48C15E9BCB25E5C5A648AC341FDDFAE8CD556BBD3

SSDEEP:

98304:ew0yw7U5qpJMFrY/jCqi9PklghBZpze1E5vhXkqC0UA2:nxw7U5WJM9Y/3iV9zCGe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:11:07 14:32:42+01:00
PEType: PE32
LinkerVersion: 14.16
CodeSize: 4530688
InitializedDataSize: 1408000
UninitializedDataSize: -
EntryPoint: 0x403a8d
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.34.11
ProductVersionNumber: 1.0.34.11
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
FileDescription: KoishiPro
InternalName: KoishiPro
LegalCopyright: Copyright (C) 2019 Nanahira
OriginalFileName: ygopro.exe
ProductName: KoishiPro
FileVersion: Sakura
ProductVersion: Sakura

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 07-Nov-2019 13:32:42
Detected languages:
  • Chinese - PRC
  • English - United States
Debug artifacts:
  • C:\ygo\ygopro\bin\release\ygopro.pdb
FileDescription: KoishiPro
InternalName: KoishiPro
LegalCopyright: Copyright (C) 2019 Nanahira
OriginalFilename: ygopro.exe
ProductName: KoishiPro
FileVersion: Sakura
ProductVersion: Sakura

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000130

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 5
Time date stamp: 07-Nov-2019 13:32:42
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00452173
0x00452200
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.60952
.rdata
0x00454000
0x000958B6
0x00095A00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
6.27844
.data
0x004EA000
0x00074474
0x00009E00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.55204
.rsrc
0x0055F000
0x00028280
0x00028400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
7.99002
.reloc
0x00588000
0x00025628
0x00025800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
6.64212

Resources

Title
Entropy
Size
Codepage
Language
Type
1
4.91161
381
UNKNOWN
English - United States
RT_MANIFEST

Imports

ADVAPI32.dll
DINPUT8.dll
GDI32.dll
IMM32.dll
KERNEL32.dll
OPENGL32.dll
SHELL32.dll
USER32.dll
WINMM.dll
WS2_32.dll

Exports

Title
Ordinal
Address
create_duel
1
0x0008A1A0
end_duel
2
0x0008A590
get_log_message
3
0x0008A700
get_message
4
0x0008A720
ikpMP3Init
5
0x003BEA00
new_card
6
0x0008A7A0
new_tag_card
7
0x0008A870
preload_script
8
0x0008B070
process
9
0x0008A760
query_card
10
0x0008A980
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ygopro.exe

Process information

PID
CMD
Path
Indicators
Parent process
2728"C:\Users\admin\AppData\Local\Temp\ygopro.exe" C:\Users\admin\AppData\Local\Temp\ygopro.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
KoishiPro
Exit code:
0
Version:
Sakura
Modules
Images
c:\users\admin\appdata\local\temp\ygopro.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
Total events
6
Read events
0
Write events
6
Delete events
0

Modification events

(PID) Process:(2728) ygopro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\DirectInput\YGOPRO.EXE5DC41CFA0053FA00
Operation:writeName:Name
Value:
YGOPRO.EXE
(PID) Process:(2728) ygopro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\DirectInput\YGOPRO.EXE5DC41CFA0053FA00
Operation:writeName:UsesMapper
Value:
00000000
(PID) Process:(2728) ygopro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:Name
Value:
YGOPRO.EXE
(PID) Process:(2728) ygopro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:Id
Value:
YGOPRO.EXE5DC41CFA0053FA00
(PID) Process:(2728) ygopro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:Version
Value:
00080000
(PID) Process:(2728) ygopro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:MostRecentStart
Value:
90D8AE6DF3A0D501
Executable files
0
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2728ygopro.exeC:\Users\admin\AppData\Local\Temp\error.logtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
Process
Message
ygopro.exe
Microsoft Windows 7 Professional Edition Service Pack 1 (Build 7601)
ygopro.exe
Microsoft Windows 7 Professional Edition Service Pack 1 (Build 7601)
ygopro.exe
Using renderer: OpenGL 1.1.0
ygopro.exe
GDI Generic: Microsoft Corporation
ygopro.exe
OpenGL driver version is not 1.2 or better.
ygopro.exe
Failed to load OpenGL's multitexture extension, proceeding without.
ygopro.exe
Warning: OpenGL device only has one texture unit. Disabling multitexturing.
ygopro.exe
GLSL not available.
ygopro.exe
Resizing window (1024 640)
ygopro.exe
Could not open file of image: textures/cover.jpg
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ygopro.exe