File name:

Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe

Full analysis: https://app.any.run/tasks/0d0ac600-d9ef-4636-b797-9ef2fe3e15ba
Verdict: Malicious activity
Analysis date: January 09, 2024, 22:43:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A4AE1C1CC91971D50878C1A89BE063D1

SHA1:

44CE4ED596D5CBE8FC255BE3BC35D9AE26D136F8

SHA256:

71ADA8FD6C6C7887F10BC0A7A68E645D5332778955D859A2F8FDA3AD73B7B270

SSDEEP:

98304:yHSiVzrWM7Fqzj+j5udTEbli5x8/ShiBfK6wWkkxLzYxpbB0YTMBL4J4aV7O/7PA:b

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe (PID: 2268)

  • INFO

    • Drops the executable file immediately after the start

      • Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe (PID: 2268)

    • Checks supported languages

      • Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe (PID: 2268)

    • Reads the computer name

      • Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe (PID: 2268)

    • Reads the machine GUID from the registry

      • Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe (PID: 2268)

    • Creates files or folders in the user directory

      • Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe (PID: 2268)

    • Create files in a temporary directory

      • Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe (PID: 2268)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:03:06 02:42:17+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 2605568
InitializedDataSize: 968704
UninitializedDataSize: -
EntryPoint: 0x2210c6
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 1.0.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
FileDescription: Uptodown GameLoop Downloader
ProductName: Uptodown GameLoop Downloader
CompanyName: Tencent
FileVersion: 1, 0, 0, 1
InternalName: TGBDownloader.exe
LegalCopyright: Copyright ? 2020 Tencent. All Rights Reserved.
OriginalFileName: TGBDownloader.exe
ProductVersion: 1, 0, 0, 1
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start gameloop chinese 64-pc-androidemulator.com-1000224174.exe gameloop chinese 64-pc-androidemulator.com-1000224174.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2040"C:\Users\admin\AppData\Local\Temp\Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe" C:\Users\admin\AppData\Local\Temp\Gameloop Chinese 64-pc-androidemulator.com-1000224174.exeexplorer.exe
User:
admin
Company:
Tencent
Integrity Level:
MEDIUM
Description:
Uptodown GameLoop Downloader
Exit code:
3221226540
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\gameloop chinese 64-pc-androidemulator.com-1000224174.exe
c:\windows\system32\ntdll.dll
2268"C:\Users\admin\AppData\Local\Temp\Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe" C:\Users\admin\AppData\Local\Temp\Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe
explorer.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
Uptodown GameLoop Downloader
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\gameloop chinese 64-pc-androidemulator.com-1000224174.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
Total events
2 981
Read events
2 966
Write events
15
Delete events
0

Modification events

(PID) Process:(2268) Gameloop Chinese 64-pc-androidemulator.com-1000224174.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(2268) Gameloop Chinese 64-pc-androidemulator.com-1000224174.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
1
Suspicious files
2
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2268Gameloop Chinese 64-pc-androidemulator.com-1000224174.exeC:\Users\admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dllexecutable
MD5:2814ACBD607BA47BDBCDF6AC3076EE95
SHA256:5904A7E4D97EEAC939662C3638A0E145F64FF3DD0198F895C4BF0337595C6A67
2268Gameloop Chinese 64-pc-androidemulator.com-1000224174.exeC:\test.tmpbinary
MD5:726CBD7E9D7FB0581727A5B0B8CFD512
SHA256:BA416E17E1114635CAB171E05A72DFC90891332F04A9EA68E05E7BB6505FFBD0
2268Gameloop Chinese 64-pc-androidemulator.com-1000224174.exeC:\Users\admin\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.dbtext
MD5:8CDD2558D98B4A8E924575F8C97B7475
SHA256:11C9004AEDA5FA30E4F03083546DEE226DB390CCBCEB7CC2D7F9F9B0CD8A1065
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
15
DNS requests
6
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
4
System
192.168.100.255:138
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2268
Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe
101.33.47.206:8081
oth.eve.mdt.qq.com
Tencent Building, Kejizhongyi Avenue
SG
unknown
2268
Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe
157.255.4.39:443
master.etl.desktop.qq.com
China Unicom Guangdong IP network
CN
unknown
2268
Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe
121.14.76.247:443
yybadaccess.3g.qq.com
Chinanet
CN
unknown
2268
Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe
121.14.76.43:443
yybadaccess.3g.qq.com
Chinanet
CN
unknown
2268
Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe
113.1.0.204:80
dldir1.qq.com
CHINA UNICOM China169 Backbone
CN
unknown
2268
Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe
113.105.95.120:443
Chinanet
CN
unknown
2268
Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe
36.248.43.193:80
dldir1.qq.com
CHINA UNICOM China169 Backbone
CN
unknown

DNS requests

Domain
IP
Reputation
master.etl.desktop.qq.com
  • 157.255.4.39
unknown
oth.eve.mdt.qq.com
  • 101.33.47.206
  • 101.33.47.68
unknown
yybadaccess.3g.qq.com
  • 121.14.76.247
  • 121.14.76.43
  • 121.14.78.51
unknown
dns.msftncsi.com
  • 131.107.255.255
unknown
dldir1.qq.com
  • 113.1.0.204
  • 36.248.43.193
  • 42.7.60.125
  • 221.204.166.200
  • 119.36.218.8
  • 58.144.195.208
  • 1.58.245.77
  • 113.201.154.245
  • 115.56.90.245
  • 119.167.147.66
  • 123.6.2.138
  • 119.167.147.223
  • 36.248.43.191
  • 218.29.205.62
  • 202.97.231.11
unknown

Threats

No threats detected
Process
Message
Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe
Standard VGA Graphics Adapter
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Gameloop Chinese 64-pc-androidemulator.com-1000224174.exe