| File name: | GLP_installer_900223151_com.tencent.ig.exe |
| Full analysis: | https://app.any.run/tasks/d3939f3a-a5c2-4e5b-b0f1-ad151c53f202 |
| Verdict: | Malicious activity |
| Analysis date: | November 21, 2023, 03:25:39 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5: | A9E6B92658982874FAF281AC2611957A |
| SHA1: | FD9CF7264001B06A52273078D94BDBEC7604D087 |
| SHA256: | 6B0A7F9E56F1086244EC0464C52839E925FF3E3333418F67EE3FB5D016B431E6 |
| SSDEEP: | 98304:7cSfQTi10+AVvro5MSdv9b6fZP0m6A16NJP2O752jGWMDmkQT479D8gPAO8yaDQO:dl/6 |
MALICIOUS
Drops the executable file immediately after the start
- GLP_installer_900223151_com.tencent.ig.exe (PID: 3124)
SUSPICIOUS
Reads settings of System Certificates
- GLP_installer_900223151_com.tencent.ig.exe (PID: 3124)
INFO
Creates files or folders in the user directory
- GLP_installer_900223151_com.tencent.ig.exe (PID: 3124)
Create files in a temporary directory
- GLP_installer_900223151_com.tencent.ig.exe (PID: 3124)
Checks supported languages
- GLP_installer_900223151_com.tencent.ig.exe (PID: 3124)
- wmpnscfg.exe (PID: 3576)
Reads the computer name
- GLP_installer_900223151_com.tencent.ig.exe (PID: 3124)
- wmpnscfg.exe (PID: 3576)
Reads the machine GUID from the registry
- GLP_installer_900223151_com.tencent.ig.exe (PID: 3124)
- wmpnscfg.exe (PID: 3576)
Manual execution by a user
- wmpnscfg.exe (PID: 3576)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable (generic) (3.6) |
|---|---|---|
| .exe | | | Generic Win/DOS Executable (1.6) |
| .exe | | | DOS Executable Generic (1.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2021:09:17 07:53:21+02:00 |
| ImageFileCharacteristics: | Executable, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 14 |
| CodeSize: | 2604544 |
| InitializedDataSize: | 1211392 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x220be4 |
| OSVersion: | 5.1 |
| ImageVersion: | - |
| SubsystemVersion: | 5.1 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.1 |
| ProductVersionNumber: | 1.0.0.1 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Windows, Latin1 |
| CompanyName: | Tencent |
| FileDescription: | Tencent Game Downloader |
| FileVersion: | 1, 0, 0, 1 |
| InternalName: | TGBDownloader.exe |
| LegalCopyright: | Copyright ? 2020 Tencent. All Rights Reserved. |
| OriginalFileName: | TGBDownloader.exe |
| ProductName: | Tencent Game Downloader |
| ProductVersion: | 1, 0, 0, 1 |
Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 3124 | "C:\Users\admin\AppData\Local\Temp\GLP_installer_900223151_com.tencent.ig.exe" | C:\Users\admin\AppData\Local\Temp\GLP_installer_900223151_com.tencent.ig.exe | explorer.exe | ||||||||||||
User: admin Company: Tencent Integrity Level: HIGH Description: Tencent Game Downloader Exit code: 0 Version: 1, 0, 0, 1 Modules
| |||||||||||||||
| 3428 | "C:\Users\admin\AppData\Local\Temp\GLP_installer_900223151_com.tencent.ig.exe" | C:\Users\admin\AppData\Local\Temp\GLP_installer_900223151_com.tencent.ig.exe | — | explorer.exe | |||||||||||
User: admin Company: Tencent Integrity Level: MEDIUM Description: Tencent Game Downloader Exit code: 3221226540 Version: 1, 0, 0, 1 Modules
| |||||||||||||||
| 3576 | "C:\Program Files\Windows Media Player\wmpnscfg.exe" | C:\Program Files\Windows Media Player\wmpnscfg.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Media Player Network Sharing Service Configuration Application Exit code: 0 Version: 12.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
Total events
3 006
Read events
2 990
Write events
13
Delete events
3
Modification events
| (PID) Process: | (3124) GLP_installer_900223151_com.tencent.ig.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication |
| Operation: | write | Name: | Name |
Value: Explorer.EXE | |||
| (PID) Process: | (3576) wmpnscfg.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{74281E5A-3B9F-4998-BB23-9B7432E97ACE}\{FC65D7E0-E60B-4A1E-A8C4-B000DF3E1EF1} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (3576) wmpnscfg.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{74281E5A-3B9F-4998-BB23-9B7432E97ACE} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (3576) wmpnscfg.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{D2E5E10F-86B5-49E1-81A9-9EC94B777101} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (3124) GLP_installer_900223151_com.tencent.ig.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
Executable files
1
Suspicious files
2
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3124 | GLP_installer_900223151_com.tencent.ig.exe | C:\Users\admin\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db | text | |
MD5:8CDD2558D98B4A8E924575F8C97B7475 | SHA256:11C9004AEDA5FA30E4F03083546DEE226DB390CCBCEB7CC2D7F9F9B0CD8A1065 | |||
| 3124 | GLP_installer_900223151_com.tencent.ig.exe | C:\test.tmp | binary | |
MD5:937B1A127A2845B857A5797F38664727 | SHA256:71950313E99FFA0B57993172AFB4C453592B5E0C4804010969B2339F4C8EF9C6 | |||
| 3124 | GLP_installer_900223151_com.tencent.ig.exe | C:\Users\admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dll | executable | |
MD5:2814ACBD607BA47BDBCDF6AC3076EE95 | SHA256:5904A7E4D97EEAC939662C3638A0E145F64FF3DD0198F895C4BF0337595C6A67 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
13
DNS requests
4
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
1080 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
2588 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
3124 | GLP_installer_900223151_com.tencent.ig.exe | 157.255.4.39:443 | master.etl.desktop.qq.com | China Unicom Guangdong IP network | CN | unknown |
3124 | GLP_installer_900223151_com.tencent.ig.exe | 101.33.47.68:8081 | oth.eve.mdt.qq.com | Tencent Building, Kejizhongyi Avenue | SG | unknown |
3124 | GLP_installer_900223151_com.tencent.ig.exe | 49.51.129.71:443 | unifiedaccess.gameloop.com | Tencent Building, Kejizhongyi Avenue | DE | unknown |
3124 | GLP_installer_900223151_com.tencent.ig.exe | 43.152.26.221:443 | down.gameloop.com | ACE | DE | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
master.etl.desktop.qq.com |
| whitelisted |
oth.eve.mdt.qq.com |
| unknown |
unifiedaccess.gameloop.com |
| unknown |
down.gameloop.com |
| unknown |
Threats
Process | Message |
|---|---|
GLP_installer_900223151_com.tencent.ig.exe | Standard VGA Graphics Adapter |