File name:

syzs_installer_1000207169_market.exe

Full analysis: https://app.any.run/tasks/31ad6b86-5b43-4e0e-9063-79d1bab07d3b
Verdict: Malicious activity
Analysis date: January 09, 2024, 22:47:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

45A4A52F7DAFDFCF502D2F64A49002D9

SHA1:

8461A02F6DABF9EAF91D347BA2B9D15C35237E2D

SHA256:

A5FB41674012E600D3B0D3AFE75CFFF0ED44A77FB560BD90052ABA28BF7CD67D

SSDEEP:

98304:GSocx/N/I4Hu2nLq5oK4a0JFknpMRRSKmP+a8dj24+djCYqvhzVu9YWsbnonCaWE:Q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • syzs_installer_1000207169_market.exe (PID: 2208)

  • INFO

    • Checks supported languages

      • syzs_installer_1000207169_market.exe (PID: 2208)

    • Reads the computer name

      • syzs_installer_1000207169_market.exe (PID: 2208)

    • Create files in a temporary directory

      • syzs_installer_1000207169_market.exe (PID: 2208)

    • Creates files or folders in the user directory

      • syzs_installer_1000207169_market.exe (PID: 2208)

    • Drops the executable file immediately after the start

      • syzs_installer_1000207169_market.exe (PID: 2208)

    • Reads the machine GUID from the registry

      • syzs_installer_1000207169_market.exe (PID: 2208)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:09:19 18:42:03+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 2628608
InitializedDataSize: 978944
UninitializedDataSize: -
EntryPoint: 0x225d88
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 1.0.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
FileDescription: TGBDownloader
ProductName: TGBDownloader
CompanyName: Tencent
FileVersion: 1, 0, 0, 1
InternalName: TGBDownloader.exe
LegalCopyright: Copyright ? 2020 Tencent. All Rights Reserved.
OriginalFileName: TGBDownloader.exe
ProductVersion: 1, 0, 0, 1
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start syzs_installer_1000207169_market.exe syzs_installer_1000207169_market.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2184"C:\Users\admin\AppData\Local\Temp\syzs_installer_1000207169_market.exe" C:\Users\admin\AppData\Local\Temp\syzs_installer_1000207169_market.exeexplorer.exe
User:
admin
Company:
Tencent
Integrity Level:
MEDIUM
Description:
TGBDownloader
Exit code:
3221226540
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\syzs_installer_1000207169_market.exe
c:\windows\system32\ntdll.dll
2208"C:\Users\admin\AppData\Local\Temp\syzs_installer_1000207169_market.exe" C:\Users\admin\AppData\Local\Temp\syzs_installer_1000207169_market.exe
explorer.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
TGBDownloader
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\syzs_installer_1000207169_market.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
Total events
2 988
Read events
2 973
Write events
15
Delete events
0

Modification events

(PID) Process:(2208) syzs_installer_1000207169_market.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(2208) syzs_installer_1000207169_market.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
4
Suspicious files
3
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
2208syzs_installer_1000207169_market.exeC:\Users\admin\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.dbtext
MD5:8CDD2558D98B4A8E924575F8C97B7475
SHA256:11C9004AEDA5FA30E4F03083546DEE226DB390CCBCEB7CC2D7F9F9B0CD8A1065
2208syzs_installer_1000207169_market.exeC:\Users\admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dllexecutable
MD5:2814ACBD607BA47BDBCDF6AC3076EE95
SHA256:5904A7E4D97EEAC939662C3638A0E145F64FF3DD0198F895C4BF0337595C6A67
2208syzs_installer_1000207169_market.exeC:\Users\admin\AppData\Local\Temp\Tencent\Androws\pcyyb_sdk\AndrowsInstaller.exeexecutable
MD5:83D5EF931931B7E387EFEC4C23FA5D21
SHA256:8A880EFEA0429E4415941874CCDF17BEFCD936B2BDCFF6CF2CEEE0DE7FCA8F14
2208syzs_installer_1000207169_market.exeC:\Users\admin\AppData\Local\Temp\Tencent\Androws\pcyyb_sdk\androws_logo.pngimage
MD5:022FC5C29D8CF5EC7ABE4EAE57E5E311
SHA256:88DCCC3165B30052117C4FB9A17D8BD08AE014C8D6EC65366331FC078ABB54AC
2208syzs_installer_1000207169_market.exeC:\Users\admin\AppData\Local\Temp\Tencent\Androws\pcyyb_sdk\pcyyb_sdk_dll.dllexecutable
MD5:3A4FFD9A768B951EF6FF4874CE43DC9C
SHA256:054288D57C5FA2FDEADB4871C892C8A511A74B66CAFA3CB8E7BC1862FBD48E8B
2208syzs_installer_1000207169_market.exeC:\Users\admin\AppData\Local\Temp\Tencent\Androws\PcyybSdk.zipcompressed
MD5:27B35DFF356E73016EE962A31C0DF507
SHA256:268F91FDC43B4DDB4EF8F7CD3A3BE51992318384D50D7BD927864171FC7C7437
2208syzs_installer_1000207169_market.exeC:\test.tmpbinary
MD5:642A3C10FB104D13E432E7389B3728D4
SHA256:AE870155D69E1EB1BA0FE1B2218B9E0FD14FAB0E781A0C8C6AD69C88FF57C8C8
2208syzs_installer_1000207169_market.exeC:\Users\admin\AppData\Local\Temp\Tencent\Androws\pcyyb_sdk\PcyybAssistant.exeexecutable
MD5:61C095FE96D31C88C154A983259B963E
SHA256:95E85F7E57B0EDB4DB5D35400E1BEC31F560B3DCE42BFEE95B05A9C6400EA2B1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
20
DNS requests
7
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
202.97.231.11:80
http://dldir1.qq.com/syzs/syzs_cms/815fce4c05b5708ab6a7dee721ccc36f.exe
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2208
syzs_installer_1000207169_market.exe
157.255.4.39:443
master.etl.desktop.qq.com
China Unicom Guangdong IP network
CN
unknown
2208
syzs_installer_1000207169_market.exe
221.204.165.231:443
down.pc.yyb.qq.com
CHINA UNICOM China169 Backbone
CN
unknown
2208
syzs_installer_1000207169_market.exe
101.33.47.68:8081
oth.eve.mdt.qq.com
Tencent Building, Kejizhongyi Avenue
SG
unknown
2208
syzs_installer_1000207169_market.exe
121.14.76.43:443
yybadaccess.3g.qq.com
Chinanet
CN
unknown
2208
syzs_installer_1000207169_market.exe
123.6.2.175:80
dldir1.qq.com
CHINA UNICOM China169 Backbone
CN
unknown
2208
syzs_installer_1000207169_market.exe
202.97.231.11:80
dldir1.qq.com
CHINA UNICOM China169 Backbone
CN
unknown
2208
syzs_installer_1000207169_market.exe
113.105.95.120:443
Chinanet
CN
unknown

DNS requests

Domain
IP
Reputation
down.pc.yyb.qq.com
  • 221.204.165.231
  • 116.153.90.68
  • 153.35.100.189
  • 14.205.47.205
  • 116.153.90.115
  • 116.153.90.58
  • 153.35.100.133
  • 36.250.243.12
  • 218.60.10.40
  • 116.153.90.78
  • 218.61.163.57
  • 116.153.90.11
  • 116.153.90.175
unknown
master.etl.desktop.qq.com
  • 157.255.4.39
whitelisted
oth.eve.mdt.qq.com
  • 101.33.47.68
  • 101.33.47.206
unknown
yybadaccess.3g.qq.com
  • 121.14.76.43
  • 121.14.76.247
  • 121.14.78.51
unknown
dldir1.qq.com
  • 123.6.2.175
  • 202.97.231.11
  • 36.248.43.191
  • 218.29.205.112
  • 123.6.2.138
  • 218.29.204.193
  • 218.29.50.18
  • 115.56.90.107
  • 175.43.23.104
  • 221.204.166.200
  • 36.249.92.111
  • 36.248.223.121
  • 123.6.2.151
  • 113.1.0.204
  • 113.201.154.200
whitelisted

Threats

PID
Process
Class
Message
2208
syzs_installer_1000207169_market.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2 ETPRO signatures available at the full report
Process
Message
syzs_installer_1000207169_market.exe
Standard VGA Graphics Adapter
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
syzs_installer_1000207169_market.exe