8.6
极危
3 个模型检测该样本为恶意!
重新分析
更多

c9ea0086e6aa47b5b0e09893b61496d73fc454d30d53f33ef4c3f0fa3fa60d79

892b15d5d40b45c870213bd166ff88c2.exe

分析耗时

114s

最近分析

文件大小

1.5MB
静态报毒 动态报毒 AGENTCRTD F47V0422 YGDATA
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Baidu 20180511 1.0.0.2
Avast 20180515 18.4.3895.0
Tencent 20180515 1.0.0.1
Kingsoft 20180515 2013.8.14.323
McAfee 20180515 6.0.6.653
静态指标
Queries for the computername (4 个事件)
Time & API Arguments Status Return Repeated
1620969136.095374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620969136.095374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620969136.095374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620969192.51699
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620969191.70499
IsDebuggerPresent
failed 0 0
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620969135.252374
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (24 个事件)
suspicious_features GET method with no useragent header suspicious_request GET http://trans.hiido.com/zhsdkinfo.php?ver=1&EC=1
suspicious_features GET method with no useragent header suspicious_request GET http://config.hiido.com/api/getDeviceConfig?sys=10&appkey=yygame&deviceid=78a6567f4e2f39ced876d23b733daaf3&hmid=b70d7fe9151d4aabaff10db0102674db&EC=1
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=6e5f37f913fd4df4bfb0819fc352bda0&sdkver=ya-cpp-2.2.4&key=b3fc00467d10208e22025506e77f5fec&time=1620947538&ati=20210514071215&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstartup%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=4aefe57387fe47c0874fa98171c1468e&sdkver=ya-cpp-2.2.4&key=b3fc00467d10208e22025506e77f5fec&time=1620947538&ati=20210514071215&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fstart%26eid_desc%3DygUpdateDisp%252F%25E5%2590%25AF%25E5%258A%25A8%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
suspicious_features GET method with no useragent header suspicious_request GET http://sz.duowan.com/s/lobby/config/yygame_downloader.json
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=bacfb62999e3457dbfb24d948df2a40e&sdkver=ya-cpp-2.2.4&key=9094d03c57d70f7f6b3ae24bfd5efd0b&time=1620947546&ati=20210514071226&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fconfig%2Fsuccess%26eid_desc%3DygUpdateDisp%252F%25E9%2585%258D%25E7%25BD%25AE%252F%25E8%258E%25B7%25E5%258F%2596%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=a49cf8a2cb39456d8fb87f3aadc61d87&sdkver=ya-cpp-2.2.4&key=9094d03c57d70f7f6b3ae24bfd5efd0b&time=1620947546&ati=20210514071226&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fdetect%2Fmissing%26eid_desc%3DygUpdateDisp%252F%25E6%25A3%2580%25E6%25B5%258B%252F%25E7%259B%25AE%25E6%25A0%2587%25E7%2589%2588%25E6%259C%25AC%25E4%25B8%258D%25E5%25AD%2598%25E5%259C%25A8%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=75bdfa7217404ac99a30815f37d3c154&sdkver=ya-cpp-2.2.4&key=9094d03c57d70f7f6b3ae24bfd5efd0b&time=1620947546&ati=20210514071226&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fdownload%2Frepeat%2F1%26eid_desc%3DygUpdateDisp%252F%25E4%25B8%258B%25E8%25BD%25BD%252F%25E9%2587%258D%25E8%25AF%2595%252F%25E6%25AC%25A1%25E6%2595%25B0%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=cb7b040acd97499ea154e79f9bfd8538&sdkver=ya-cpp-2.2.4&key=9d23b940365e4685b277dc0faeef819f&time=1620947584&ati=20210514071304&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fdownload%2Fsuccess%26eid_desc%3DygUpdateDisp%252F%25E4%25B8%258B%25E8%25BD%25BD%252F%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=a00973775a9a4904b0969294489d2e1c&sdkver=ya-cpp-2.2.4&key=f91addbfd80dc30fa777827ad6f22243&time=1620947588&ati=20210514071308&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Funzip%2Fsuccess%26eid_desc%3DygUpdateDisp%252F%25E8%25A7%25A3%25E5%258E%258B%252F%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=0d1ff120427c41ba927fce850910e380&sdkver=ya-cpp-2.2.4&key=f91addbfd80dc30fa777827ad6f22243&time=1620947588&ati=20210514071308&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fexecute%2Fupdate%26eid_desc%3DygUpdateDisp%252F%25E6%2589%25A7%25E8%25A1%258C%25E6%259B%25B4%25E6%2596%25B0%25E7%25A8%258B%25E5%25BA%258F%252F%25E6%259B%25B4%25E6%2596%25B0%25E6%25A8%25A1%25E5%25BC%258F%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=6d47ee853d954db0b57d771bef79fb5e&sdkver=ya-cpp-2.2.4&key=dfc321d541737d8dd9ceb79a1557c4da&time=1620947591&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fexit%26eid_desc%3DygUpdateDisp%252F%25E9%2580%2580%25E5%2587%25BA%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
suspicious_features POST method with no referer header suspicious_request POST http://stat.game.yy.com/data.do
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=a80c2490bb3d4671be2dee6e0876dd8a&sdkver=ya-cpp-2.2.4&key=dfc321d541737d8dd9ceb79a1557c4da&time=1620947591&ati=20210514071311&cha=from_push&dur=52484&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dheartbeat%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=f36a51f4f4d84a4c9a9d3fd17d60e8b4&sdkver=ya-cpp-2.2.4&key=dfc321d541737d8dd9ceb79a1557c4da&time=1620947591&ati=20210514071311&cha=from_push&dur=52484&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dendup%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
suspicious_features GET method with no useragent header suspicious_request GET http://sz.duowan.com/s/lobby/config/schedule_config.json
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=178a81b6e6bb4229b21cd535fd1dff0c&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstartup%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=a04e67fb1d8c4520bba908432dda1d78&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fstart%2Fupdate%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E5%2590%25AF%25E5%258A%25A8%252F%25E6%259B%25B4%25E6%2596%25B0%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=3f7d9c8440e844768950c2a9a1d0ac12&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Frequest%2Fsuccess%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E8%25AF%25B7%25E6%25B1%2582%25E9%2585%258D%25E7%25BD%25AE%25E4%25BF%25A1%25E6%2581%25AF%252F%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=1ec25b1e7be94f0c87cdfa42c75b8bf9&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071312&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fschedule%2Fstart%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E8%25AE%25A1%25E5%2588%2592%25E4%25BB%25BB%25E5%258A%25A1%252F%25E5%25BC%2580%25E5%25A7%258B%25E5%25AE%2589%25E8%25A3%2585%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=d279b44e82654bb2baf13b95a3d9febb&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071313&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fschedule%2Finstall%2Fsuccess%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E8%25AE%25A1%25E5%2588%2592%25E4%25BB%25BB%25E5%258A%25A1%252F%25E5%25AE%2589%25E8%25A3%2585%252F%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=425f59b1f21e4010b4085cfbd5a9d350&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071313&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fexit%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E9%2580%2580%25E5%2587%25BA%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=720ea3279f81480f9b67fd8786ac0355&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071313&cha=from_push&dur=1922&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dheartbeat%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
suspicious_features GET method with no useragent header suspicious_request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=13e9c6c0b09845ae8a2e670472dafbc3&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071313&cha=from_push&dur=1922&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dendup%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
Performs some HTTP requests (25 个事件)
request GET http://trans.hiido.com/zhsdkinfo.php?ver=1&EC=1
request GET http://config.hiido.com/api/getDeviceConfig?sys=10&appkey=yygame&deviceid=78a6567f4e2f39ced876d23b733daaf3&hmid=b70d7fe9151d4aabaff10db0102674db&EC=1
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=6e5f37f913fd4df4bfb0819fc352bda0&sdkver=ya-cpp-2.2.4&key=b3fc00467d10208e22025506e77f5fec&time=1620947538&ati=20210514071215&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstartup%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=4aefe57387fe47c0874fa98171c1468e&sdkver=ya-cpp-2.2.4&key=b3fc00467d10208e22025506e77f5fec&time=1620947538&ati=20210514071215&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fstart%26eid_desc%3DygUpdateDisp%252F%25E5%2590%25AF%25E5%258A%25A8%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
request GET http://sz.duowan.com/s/lobby/config/yygame_downloader.json
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=bacfb62999e3457dbfb24d948df2a40e&sdkver=ya-cpp-2.2.4&key=9094d03c57d70f7f6b3ae24bfd5efd0b&time=1620947546&ati=20210514071226&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fconfig%2Fsuccess%26eid_desc%3DygUpdateDisp%252F%25E9%2585%258D%25E7%25BD%25AE%252F%25E8%258E%25B7%25E5%258F%2596%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=a49cf8a2cb39456d8fb87f3aadc61d87&sdkver=ya-cpp-2.2.4&key=9094d03c57d70f7f6b3ae24bfd5efd0b&time=1620947546&ati=20210514071226&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fdetect%2Fmissing%26eid_desc%3DygUpdateDisp%252F%25E6%25A3%2580%25E6%25B5%258B%252F%25E7%259B%25AE%25E6%25A0%2587%25E7%2589%2588%25E6%259C%25AC%25E4%25B8%258D%25E5%25AD%2598%25E5%259C%25A8%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=75bdfa7217404ac99a30815f37d3c154&sdkver=ya-cpp-2.2.4&key=9094d03c57d70f7f6b3ae24bfd5efd0b&time=1620947546&ati=20210514071226&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fdownload%2Frepeat%2F1%26eid_desc%3DygUpdateDisp%252F%25E4%25B8%258B%25E8%25BD%25BD%252F%25E9%2587%258D%25E8%25AF%2595%252F%25E6%25AC%25A1%25E6%2595%25B0%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
request GET http://yygame.duowan.com/yydt/Setup/popup/yygame_popup100901.7z
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=cb7b040acd97499ea154e79f9bfd8538&sdkver=ya-cpp-2.2.4&key=9d23b940365e4685b277dc0faeef819f&time=1620947584&ati=20210514071304&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fdownload%2Fsuccess%26eid_desc%3DygUpdateDisp%252F%25E4%25B8%258B%25E8%25BD%25BD%252F%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=a00973775a9a4904b0969294489d2e1c&sdkver=ya-cpp-2.2.4&key=f91addbfd80dc30fa777827ad6f22243&time=1620947588&ati=20210514071308&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Funzip%2Fsuccess%26eid_desc%3DygUpdateDisp%252F%25E8%25A7%25A3%25E5%258E%258B%252F%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=0d1ff120427c41ba927fce850910e380&sdkver=ya-cpp-2.2.4&key=f91addbfd80dc30fa777827ad6f22243&time=1620947588&ati=20210514071308&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fexecute%2Fupdate%26eid_desc%3DygUpdateDisp%252F%25E6%2589%25A7%25E8%25A1%258C%25E6%259B%25B4%25E6%2596%25B0%25E7%25A8%258B%25E5%25BA%258F%252F%25E6%259B%25B4%25E6%2596%25B0%25E6%25A8%25A1%25E5%25BC%258F%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=6d47ee853d954db0b57d771bef79fb5e&sdkver=ya-cpp-2.2.4&key=dfc321d541737d8dd9ceb79a1557c4da&time=1620947591&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fexit%26eid_desc%3DygUpdateDisp%252F%25E9%2580%2580%25E5%2587%25BA%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
request POST http://stat.game.yy.com/data.do
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=a80c2490bb3d4671be2dee6e0876dd8a&sdkver=ya-cpp-2.2.4&key=dfc321d541737d8dd9ceb79a1557c4da&time=1620947591&ati=20210514071311&cha=from_push&dur=52484&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dheartbeat%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=f36a51f4f4d84a4c9a9d3fd17d60e8b4&sdkver=ya-cpp-2.2.4&key=dfc321d541737d8dd9ceb79a1557c4da&time=1620947591&ati=20210514071311&cha=from_push&dur=52484&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dendup%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc
request GET http://sz.duowan.com/s/lobby/config/schedule_config.json
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=178a81b6e6bb4229b21cd535fd1dff0c&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstartup%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=a04e67fb1d8c4520bba908432dda1d78&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fstart%2Fupdate%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E5%2590%25AF%25E5%258A%25A8%252F%25E6%259B%25B4%25E6%2596%25B0%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=3f7d9c8440e844768950c2a9a1d0ac12&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Frequest%2Fsuccess%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E8%25AF%25B7%25E6%25B1%2582%25E9%2585%258D%25E7%25BD%25AE%25E4%25BF%25A1%25E6%2581%25AF%252F%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=1ec25b1e7be94f0c87cdfa42c75b8bf9&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071312&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fschedule%2Fstart%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E8%25AE%25A1%25E5%2588%2592%25E4%25BB%25BB%25E5%258A%25A1%252F%25E5%25BC%2580%25E5%25A7%258B%25E5%25AE%2589%25E8%25A3%2585%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=d279b44e82654bb2baf13b95a3d9febb&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071313&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fschedule%2Finstall%2Fsuccess%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E8%25AE%25A1%25E5%2588%2592%25E4%25BB%25BB%25E5%258A%25A1%252F%25E5%25AE%2589%25E8%25A3%2585%252F%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=425f59b1f21e4010b4085cfbd5a9d350&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071313&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fexit%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E9%2580%2580%25E5%2587%25BA%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=720ea3279f81480f9b67fd8786ac0355&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071313&cha=from_push&dur=1922&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dheartbeat%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
request GET http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=13e9c6c0b09845ae8a2e670472dafbc3&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071313&cha=from_push&dur=1922&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dendup%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8
Sends data using the HTTP POST Method (1 个事件)
request POST http://stat.game.yy.com/data.do
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620969135.486374
NtAllocateVirtualMemory
process_identifier: 580
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02880000
success 0 0
1620968779.598645
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00000000040c0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates executable files on the filesystem (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\duowan\yygame\popup\package\0.0.8\BoxGameDaemonTask.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\duowan\yygame\popup\package\0.0.8\popup\hjGameUpdate.exe
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\duowan\yygame\popup\package\0.0.8\BoxGameDaemonTask.exe
Drops an executable to the user AppData folder (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\duowan\yygame\popup\package\0.0.8\popup\hjGameUpdate.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\duowan\yygame\popup\package\0.0.8\BoxGameDaemonTask.exe
Executes one or more WMI queries (9 个事件)
wmi select * from Win32_VideoController
wmi select * from Win32_OperatingSystem
wmi select * from Win32_SoundDevice
wmi select * from Win32_LogicalDisk
wmi SELECT * FROM Win32_DiskDrive WHERE InterfaceType = 'IDE' OR InterfaceType = 'SCSI'
wmi SELECT * FROM Win32_NetworkAdapter
wmi select * from Win32_DiskDrive
wmi SELECT * FROM Win32_BaseBoard
wmi SELECT * FROM Win32_BIOS
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3 个事件)
Zillya Dropper.AgentCRTD.Win32.10133
TrendMicro-HouseCall Suspicious_GEN.F47V0422
Ikarus not-a-virus:Downloader.YgData
Executes one or more WMI queries which can be used to identify virtual machines (2 个事件)
wmi select * from Win32_LogicalDisk
wmi SELECT * FROM Win32_BIOS
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2017-11-29 16:13:33

Imports

Library PSAPI.DLL:
Library VERSION.dll:
0x5187c8 VerQueryValueW
0x5187cc GetFileVersionInfoW
Library ADVAPI32.dll:
0x518000 CryptImportKey
0x518004 CryptGenRandom
0x518008 RegQueryValueExA
0x51800c RegOpenKeyExA
0x518010 RegSetValueExA
0x518014 RegCreateKeyExA
0x518018 RegDeleteKeyW
0x51801c RegDeleteValueW
0x518020 RegCloseKey
0x518024 RegCreateKeyExW
0x518028 RegOpenKeyExW
0x51802c RegEnumKeyExW
0x518030 RegSetValueExW
0x518034 RegQueryInfoKeyW
0x518038 GetUserNameW
0x51803c GetTokenInformation
0x518040 OpenProcessToken
0x518048 ReportEventA
0x518050 CryptEncrypt
0x518054 CryptDestroyKey
0x518058 CryptGetHashParam
0x51805c CryptDestroyHash
0x518060 CryptHashData
0x518064 CryptCreateHash
0x51806c CryptReleaseContext
Library WS2_32.dll:
0x518820 socket
0x518824 closesocket
0x518828 connect
0x51882c freeaddrinfo
0x518830 getaddrinfo
0x518834 sendto
0x518838 recvfrom
0x51883c getpeername
0x518840 getsockopt
0x518844 htons
0x518848 bind
0x51884c ntohs
0x518850 getsockname
0x518854 listen
0x518858 shutdown
0x51885c ntohl
0x518860 htonl
0x518864 ioctlsocket
0x518868 gethostname
0x51886c WSACleanup
0x518870 accept
0x518874 WSAStartup
0x518878 WSASetLastError
0x51887c __WSAFDIsSet
0x518880 WSAGetLastError
0x518884 setsockopt
0x518888 WSAIoctl
0x51888c send
0x518890 recv
0x518894 select
Library WLDAP32.dll:
0x5187dc
0x5187e0
0x5187e4
0x5187e8
0x5187ec
0x5187f0
0x5187f4
0x5187f8
0x5187fc
0x518800
0x518804
0x518808
0x51880c
0x518810
0x518814
0x518818
Library KERNEL32.dll:
0x51807c WriteFile
0x518080 SetFilePointer
0x518088 GetModuleHandleA
0x51808c GlobalMemoryStatus
0x518090 CreateFileA
0x518094 DeviceIoControl
0x518098 ResumeThread
0x51809c GetFileAttributesA
0x5180a4 GetCurrentProcessId
0x5180a8 IsDebuggerPresent
0x5180b4 GetStartupInfoW
0x5180b8 InterlockedExchange
0x5180bc VirtualAlloc
0x5180c0 VirtualFree
0x5180c8 HeapAlloc
0x5180cc GetProcessHeap
0x5180d0 HeapFree
0x5180d4 CreateThread
0x5180d8 CreateFileW
0x5180e4 ResetEvent
0x5180ec GetExitCodeThread
0x5180f0 FindFirstFileA
0x5180f4 OutputDebugStringA
0x5180f8 GetVersionExW
0x5180fc GetVersion
0x518100 FindNextFileA
0x518104 FindClose
0x518108 CloseHandle
0x51810c GetLastError
0x518110 CreateMutexW
0x518114 SetLastError
0x518118 GetCurrentThreadId
0x51811c RaiseException
0x518128 GetCurrentProcess
0x51813c GetModuleHandleW
0x518140 GetModuleFileNameW
0x518144 lstrlenW
0x51814c FreeLibrary
0x518150 MultiByteToWideChar
0x518154 SizeofResource
0x518158 LoadResource
0x51815c FindResourceW
0x518160 LoadLibraryExW
0x518164 lstrcmpiW
0x518168 Sleep
0x51816c DeleteFileW
0x518170 MoveFileExW
0x518174 DebugBreak
0x518178 OutputDebugStringW
0x51817c lstrlenA
0x518180 LockResource
0x518184 CreateEventW
0x518188 WaitForSingleObject
0x51818c SetEvent
0x518190 GetLocalTime
0x518194 QueueUserWorkItem
0x518198 GetProcAddress
0x51819c LoadLibraryW
0x5181a0 WideCharToMultiByte
0x5181a4 GetFileAttributesW
0x5181a8 OpenMutexW
0x5181ac GetTempFileNameW
0x5181b0 GetTempPathW
0x5181b4 CreateDirectoryW
0x5181b8 TerminateProcess
0x5181bc OpenProcess
0x5181c0 GetExitCodeProcess
0x5181c4 CreateProcessW
0x5181c8 Module32NextW
0x5181cc Module32FirstW
0x5181d4 Process32NextW
0x5181d8 Process32FirstW
0x5181dc CreateDirectoryA
0x5181e0 GetFullPathNameA
0x5181e8 TerminateThread
0x5181ec FormatMessageA
0x5181f0 LoadLibraryA
0x5181f4 VerifyVersionInfoA
0x5181f8 VerSetConditionMask
0x5181fc GetTickCount
0x518200 SleepEx
0x518204 ReadFile
0x518208 PeekNamedPipe
0x518210 GetFileType
0x518214 GetStdHandle
0x51821c GetSystemDirectoryW
Library USER32.dll:
0x518724 EnableWindow
0x518728 SetWindowTextW
0x51872c LoadImageW
0x518730 GetWindow
0x518734 GetWindowRect
0x518738 GetWindowLongW
0x51873c MonitorFromWindow
0x518740 GetMonitorInfoW
0x518744 GetClientRect
0x518748 MapWindowPoints
0x51874c SetWindowPos
0x518750 IsDialogMessageW
0x518754 SendMessageW
0x518758 GetParent
0x51875c SendDlgItemMessageW
0x518760 KillTimer
0x518764 SetTimer
0x518768 EndDialog
0x518774 MessageBoxA
0x518778 DialogBoxParamW
0x51877c PostQuitMessage
0x518780 GetActiveWindow
0x518784 GetSystemMetrics
0x518788 PostMessageW
0x51878c CharNextW
0x518790 SetWindowLongW
0x518794 ShowWindow
0x518798 DestroyWindow
0x51879c PeekMessageW
0x5187a0 GetMessageW
0x5187a4 TranslateMessage
0x5187a8 DispatchMessageW
0x5187ac CreateDialogParamW
0x5187b0 DefWindowProcW
0x5187b4 GetDlgItem
0x5187b8 PostThreadMessageW
0x5187bc UnregisterClassA
Library SHELL32.dll:
0x5186fc SHFileOperationW
0x518704 ShellExecuteExW
0x518708 SHGetFolderPathA
0x51870c SHGetFolderPathW
Library ole32.dll:
0x51889c CoInitializeEx
0x5188a0 CoTaskMemRealloc
0x5188a4 CoTaskMemAlloc
0x5188a8 CoTaskMemFree
0x5188ac CoInitialize
0x5188b0 CoUninitialize
0x5188b8 CoSetProxyBlanket
0x5188bc CoCreateGuid
0x5188c0 CoCreateInstance
Library OLEAUT32.dll:
0x5186d8 SysAllocString
0x5186dc VariantClear
0x5186e0 VariantInit
0x5186e4 SysFreeString
0x5186e8 VarUI4FromStr
0x5186ec SysStringLen
Library SHLWAPI.dll:
0x518714 PathCombineW
0x518718 PathFileExistsW
0x51871c PathRemoveFileSpecW
Library COMCTL32.dll:
Library MSVCP90.dll:
Library MSVCR90.dll:
0x518474 _getch
0x518478 _localtime64_s
0x51847c strftime
0x518480 _itoa
0x518484 _wremove
0x518488 _wfopen
0x51848c _difftime64
0x518490 sscanf_s
0x518494 _snprintf
0x518498 remove
0x51849c __RTDynamicCast
0x5184a0 _wcsnicmp
0x5184a4 _snprintf_s
0x5184a8 _unlock
0x5184ac __dllonexit
0x5184b0 _encode_pointer
0x5184b4 _onexit
0x5184b8 _decode_pointer
0x5184c0 _amsg_exit
0x5184c4 __wgetmainargs
0x5184c8 _cexit
0x5184cc _exit
0x5184d0 _XcptFilter
0x5184d4 exit
0x5184d8 _wcmdln
0x5184dc _initterm
0x5184e0 _initterm_e
0x5184e4 _configthreadlocale
0x5184e8 __setusermatherr
0x5184ec _adjust_fdiv
0x5184f0 __p__commode
0x5184f4 __p__fmode
0x5184f8 __set_app_type
0x5184fc ?terminate@@YAXXZ
0x518500 _crt_debugger_hook
0x518508 _invoke_watson
0x51850c _controlfp_s
0x518510 _strdup
0x518514 _read
0x518518 _write
0x51851c _close
0x518520 _open
0x518524 _strnicmp
0x518528 _vsnprintf
0x51852c raise
0x518530 strcmp
0x518534 ferror
0x518538 _setmode
0x51853c _fileno
0x518540 feof
0x518544 signal
0x518548 _lock
0x51854c ??3@YAXPAX@Z
0x518550 isspace
0x518554 ??2@YAPAXI@Z
0x518558 _CxxThrowException
0x518568 __CxxFrameHandler3
0x518578 free
0x51857c _recalloc
0x518580 memmove_s
0x518584 memcpy_s
0x518588 ??_V@YAXPAX@Z
0x51858c wcsstr
0x518590 wcsncpy_s
0x518594 memset
0x518598 malloc
0x51859c _purecall
0x5185a0 fclose
0x5185a4 _wfopen_s
0x5185a8 fwrite
0x5185ac wcslen
0x5185b0 vswprintf_s
0x5185b4 iswdigit
0x5185b8 _wtoi
0x5185bc calloc
0x5185c0 swprintf_s
0x5185c4 _vsnwprintf_s
0x5185c8 strtol
0x5185cc wcstol
0x5185d0 wcstok_s
0x5185d4 strtok_s
0x5185d8 wcscpy
0x5185dc _wcsicmp
0x5185e0 strcpy_s
0x5185e4 wcscpy_s
0x5185e8 wcscat_s
0x5185ec _resetstkoflw
0x5185f0 _splitpath_s
0x5185f4 _makepath_s
0x5185f8 sprintf_s
0x5185fc sscanf
0x518600 memcpy
0x518604 fprintf
0x518608 __iob_func
0x51860c abort
0x518610 memcmp
0x518614 strlen
0x518618 modf
0x51861c strchr
0x518620 strpbrk
0x518624 _stricmp
0x518628 tolower
0x51862c _aligned_malloc
0x518630 _aligned_free
0x518634 _beginthreadex
0x518638 _ultow_s
0x51863c realloc
0x518640 strncpy
0x518644 strrchr
0x518648 strerror
0x51864c __sys_nerr
0x518650 strtoul
0x518654 isxdigit
0x518658 _errno
0x51865c strstr
0x518660 fread
0x518664 ftell
0x518668 fseek
0x51866c fopen
0x518670 _time64
0x518674 isalpha
0x518678 strncmp
0x51867c memmove
0x518680 _strtoi64
0x518684 qsort
0x518688 fputs
0x51868c fgets
0x518690 atoi
0x518694 fflush
0x518698 isdigit
0x51869c memchr
0x5186a0 sprintf
0x5186a4 fputc
0x5186a8 isalnum
0x5186ac _getpid
0x5186b0 _fstat64
0x5186b4 _lseeki64
0x5186b8 getenv
0x5186bc _gmtime64
0x5186c0 _stat64
0x5186c4 isupper
0x5186c8 islower
0x5186cc isprint
0x5186d0 isgraph
Library WINMM.dll:
0x5187d4 timeGetTime

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49185 119.41.210.238 yygame.duowan.com 80
192.168.56.101 49177 121.11.220.194 config.hiido.com 80
192.168.56.101 49207 121.11.220.194 config.hiido.com 80
192.168.56.101 49180 124.225.134.229 sz.duowan.com 80
192.168.56.101 49201 124.225.134.229 sz.duowan.com 80
192.168.56.101 49174 14.17.109.17 trans.hiido.com 80
192.168.56.101 49178 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49179 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49181 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49182 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49183 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49188 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49189 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49191 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49192 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49198 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49199 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49206 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49208 183.36.1.203 ylog.hiido.com 80
192.168.56.101 49209 183.36.1.203 ylog.hiido.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=425f59b1f21e4010b4085cfbd5a9d350&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071313&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fexit%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E9%2580%2580%25E5%2587%25BA%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8 
GET /c.gif?act=zhwebevent&smkdata=0&EC=1&action=425f59b1f21e4010b4085cfbd5a9d350&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071313&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fexit%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E9%2580%2580%25E5%2587%25BA%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8 HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
Host: ylog.hiido.com
Cache-Control: no-cache
Content-Length: 0
http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=6e5f37f913fd4df4bfb0819fc352bda0&sdkver=ya-cpp-2.2.4&key=b3fc00467d10208e22025506e77f5fec&time=1620947538&ati=20210514071215&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstartup%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc 
GET /c.gif?act=zhwebevent&smkdata=0&EC=1&action=6e5f37f913fd4df4bfb0819fc352bda0&sdkver=ya-cpp-2.2.4&key=b3fc00467d10208e22025506e77f5fec&time=1620947538&ati=20210514071215&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstartup%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
Host: ylog.hiido.com
Cache-Control: no-cache
Content-Length: 0
http://config.hiido.com/api/getDeviceConfig?sys=10&appkey=yygame&deviceid=78a6567f4e2f39ced876d23b733daaf3&hmid=b70d7fe9151d4aabaff10db0102674db&EC=1 
GET /api/getDeviceConfig?sys=10&appkey=yygame&deviceid=78a6567f4e2f39ced876d23b733daaf3&hmid=b70d7fe9151d4aabaff10db0102674db&EC=1 HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
Host: config.hiido.com
Cache-Control: no-cache
Content-Length: 0
http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=a80c2490bb3d4671be2dee6e0876dd8a&sdkver=ya-cpp-2.2.4&key=dfc321d541737d8dd9ceb79a1557c4da&time=1620947591&ati=20210514071311&cha=from_push&dur=52484&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dheartbeat%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc 
GET /c.gif?act=zhwebevent&smkdata=0&EC=1&action=a80c2490bb3d4671be2dee6e0876dd8a&sdkver=ya-cpp-2.2.4&key=dfc321d541737d8dd9ceb79a1557c4da&time=1620947591&ati=20210514071311&cha=from_push&dur=52484&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dheartbeat%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
Host: ylog.hiido.com
Cache-Control: no-cache
Content-Length: 0
http://sz.duowan.com/s/lobby/config/yygame_downloader.json 
GET /s/lobby/config/yygame_downloader.json HTTP/1.1
Host: sz.duowan.com
Accept: */*
http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=cb7b040acd97499ea154e79f9bfd8538&sdkver=ya-cpp-2.2.4&key=9d23b940365e4685b277dc0faeef819f&time=1620947584&ati=20210514071304&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fdownload%2Fsuccess%26eid_desc%3DygUpdateDisp%252F%25E4%25B8%258B%25E8%25BD%25BD%252F%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc 
GET /c.gif?act=zhwebevent&smkdata=0&EC=1&action=cb7b040acd97499ea154e79f9bfd8538&sdkver=ya-cpp-2.2.4&key=9d23b940365e4685b277dc0faeef819f&time=1620947584&ati=20210514071304&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fdownload%2Fsuccess%26eid_desc%3DygUpdateDisp%252F%25E4%25B8%258B%25E8%25BD%25BD%252F%25E6%2588%2590%25E5%258A%259F%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
Host: ylog.hiido.com
Cache-Control: no-cache
Content-Length: 0
http://stat.game.yy.com/data.do 
POST /data.do HTTP/1.1
Connection: Keep-Alive
User-Agent: HttpPost by ygdata_report
Content-Length: 326
Host: stat.game.yy.com
http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=6d47ee853d954db0b57d771bef79fb5e&sdkver=ya-cpp-2.2.4&key=dfc321d541737d8dd9ceb79a1557c4da&time=1620947591&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fexit%26eid_desc%3DygUpdateDisp%252F%25E9%2580%2580%25E5%2587%25BA%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc 
GET /c.gif?act=zhwebevent&smkdata=0&EC=1&action=6d47ee853d954db0b57d771bef79fb5e&sdkver=ya-cpp-2.2.4&key=dfc321d541737d8dd9ceb79a1557c4da&time=1620947591&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fexit%26eid_desc%3DygUpdateDisp%252F%25E9%2580%2580%25E5%2587%25BA%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
Host: ylog.hiido.com
Cache-Control: no-cache
Content-Length: 0
http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=a04e67fb1d8c4520bba908432dda1d78&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fstart%2Fupdate%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E5%2590%25AF%25E5%258A%25A8%252F%25E6%259B%25B4%25E6%2596%25B0%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8 
GET /c.gif?act=zhwebevent&smkdata=0&EC=1&action=a04e67fb1d8c4520bba908432dda1d78&sdkver=ya-cpp-2.2.5&key=63a96b9419cf921ce9452a308fb16752&time=1620947594&ati=20210514071311&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=BoxGameDaemonTask-3.9.5470.0.20170516.30903&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3Dstatus%2Fstart%2Fupdate%26eid_desc%3D%25E7%258A%25B6%25E6%2580%2581%252F%25E5%2590%25AF%25E5%258A%25A8%252F%25E6%259B%25B4%25E6%2596%25B0%26sdk_ver%3Dya-cpp-2.2.5%26session_id%3D081aae1b-6e96-49ff-84a9-dede80a1acf8 HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
Host: ylog.hiido.com
Cache-Control: no-cache
Content-Length: 0
http://ylog.hiido.com/c.gif?act=zhwebevent&smkdata=0&EC=1&action=4aefe57387fe47c0874fa98171c1468e&sdkver=ya-cpp-2.2.4&key=b3fc00467d10208e22025506e77f5fec&time=1620947538&ati=20210514071215&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fstart%26eid_desc%3DygUpdateDisp%252F%25E5%2590%25AF%25E5%258A%25A8%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc 
GET /c.gif?act=zhwebevent&smkdata=0&EC=1&action=4aefe57387fe47c0874fa98171c1468e&sdkver=ya-cpp-2.2.4&key=b3fc00467d10208e22025506e77f5fec&time=1620947538&ati=20210514071215&cha=from_push&hiido_mid=b70d7fe9151d4aabaff10db0102674db&ive=1.0.0.5-ygUpdateDisp&lla=zh_cn&mid=78a6567f4e2f39ced876d23b733daaf3&os=Windows7&pro=yygame&rso=from_push&extra=dty%3Dpas%26eid%3DygUpdateDisp%2Fstart%26eid_desc%3DygUpdateDisp%252F%25E5%2590%25AF%25E5%258A%25A8%26sdk_ver%3Dya-cpp-2.2.4%26session_id%3D5b1476f4-3788-4ee4-a72a-4b2488fb10cc HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
Host: ylog.hiido.com
Cache-Control: no-cache
Content-Length: 0

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.