Trojan.Win32.Delphi_20c9afc1a0 – Adaware

Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD (Lavasoft MAS)Behaviour: Trojan, VirTool

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.The sample has been submitted by Lavasoft customers.

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 20c9afc1a09dbc07b1a922511fd5fd81

SHA1: fe50065514e773bda12f1b96146d52ab26f3cfac

SHA256: 71c67b25c1c40e9103e2101ef6fdd179c6d9bdb5c137683c3ee38b9d7b6ea2f4

SSDeep: 49152:hHjgY7pkJFOTs4eNe6Yzkt3dBuBhrP6gzn4Z6wuKN1rKYpAFOmmw1QyMTH3DLoyQ:n7GSrkLmnUNr/fwOyMjDbhPX7nM/Lt

Size: 3693712 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: Sta

Created at: 2014-01-18 05:39:43

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

YYMusic.exe:552
YYJia.exe:948
%original file name%.exe:1760

The Trojan injects its code into the following process(es):

YYJia.exe:1656

File activity

The process YYMusic.exe:552 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\YYMusic\2014220\SysConfig.ini (217 bytes)
%Program Files%\YYMusic\2014220\Data\client.ini (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (18432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\desktop.ini (67 bytes)
%Program Files%\YYMusic\2014220\Data\user2.ini (196 bytes)
%Program Files%\YYMusic\2014220\Data\server.ini (1024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\ver[1].txt (36 bytes)
%Documents and Settings%\%current user%\ÃƒÂÃ‹Å“ÃƒÂÃ‚Â·ÃƒÂÃ‚Â±Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â°ÃƒÂÃ‚Â½ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ\ÃƒÂÃ¢â‚¬Å“ÃƒÂÃ‚Â²Ãƒâ€šÃ‚Â·ÃƒÂÃ‚Â¡ÃƒÂÃ¢â€žÂ¢ÃƒÂÃ…Â¸ÃƒÂÃ‚ÂÃƒâ€˜Ã‹â€ Ãƒâ€šÃ‚ÂµÃƒâ€˜Ã‹Å“Ãƒâ€˜Ã¢â‚¬ÂÃƒÂÃ¢â‚¬Â¦.url (71 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\a[1].htm (3 bytes)
%Documents and Settings%\%current user%\ÃƒÂÃ‹Å“ÃƒÂÃ‚Â·ÃƒÂÃ‚Â±Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â°ÃƒÂÃ‚Â½ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ\ÃƒÂÃ…â€œÃƒÂÃ‚Â¼ÃƒÂÃ‚Â¢ÃƒÂÃ‚Â½Ãƒâ€˜Ã¢â‚¬Â¢Ãƒâ€˜Ã…â€™ÃƒÂÃ…Â¡ÃƒÂÃ¢â‚¬â„¢ÃƒÂÃ‚ÂÃƒâ€˜Ã‹â€ .url (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\tj[1].ashx (3 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\a[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\tj[1].ashx (0 bytes)

The process YYJia.exe:1656 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\YYXMDT\OLDSet.Xml (3594 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\YYXMDT\DMSet.Xml (3594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)

The process %original file name%.exe:1760 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\YYMusic\2014220\picture\baidu_c2cec3fdfc03924517c1df928694a4c27d1e2532.jpg (24090 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_4.png (5768 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_262581.lrc (993 bytes)
%Program Files%\YYMusic\2014220\Skin\tooltipbk.png (319 bytes)
%Program Files%\YYMusic\2014220\Skin\playersidebg.jpg (1568 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensioncloseahover.png (1179 bytes)
%Program Files%\YYMusic\2014220\Skin\icon.png (1706 bytes)
%Program Files%\YYMusic\2014220\Skin\frmplaylist.xml (5434 bytes)
%Program Files%\YYMusic\2014220\Skin\lyrictoplay.png (1342 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWebBrowser.xml (308 bytes)
%Program Files%\YYMusic\2014220\audio.dll (129168 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_close.png (1118 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok.png (3950 bytes)
%Documents and Settings%\%current user%\ÃƒÂÃ¢â‚¬Å“ÃƒÂÃ‚Â»ÃƒÂÃ‚Â°ÃƒÂÃ‚Â²ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã…Â½\ÃƒÂÃ…Â¸Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â¾ÃƒÂÃ‚Â³Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â°ÃƒÂÃ‚Â¼ÃƒÂÃ‚Â¼Ãƒâ€˜Ã¢â‚¬Â¹\YYMusic\ÃƒÂÃ¢â‚¬Â¢ÃƒÂÃ‚Â´ÃƒÂÃ‚Â¦ÃƒÂÃ¢â‚¬Å“ÃƒÂ¢Ã¢â‚¬Å¾Ã¢â‚¬â€œÃƒâ€šÃ‚Â¤Ãƒâ€˜Ã¢â‚¬Â¢ÃƒÂÃ‚Â¯\ÃƒÂÃ‚Â Ãƒâ€šÃ‚Â¶ÃƒÂÃ‚Â¤ÃƒÂÃ‚Â¨YYMusic.lnk (700 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmMenuFrame.xml (1663 bytes)
%Program Files%\YYMusic\2014220\Skin\list_title_bg.png (1049 bytes)
%Program Files%\YYMusic\2014220\Skin\DefaultUserImage.jpg (6747 bytes)
%Program Files%\YYMusic\2014220\Skin\random.jpg (1983 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_3.png (3933 bytes)
%Program Files%\YYMusic\2014220\Skin\frmdownmenu.xml (1702 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_9k.png (4098 bytes)
%Program Files%\YYMusic\2014220\Skin\lista.png (1063 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionmina.png (1047 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmConfig.xml (4521 bytes)
%Program Files%\YYMusic\2014220\swresample-0.dll (107680 bytes)
%Program Files%\YYMusic\2014220\channels.xml (33290 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_whiter.png (318 bytes)
%Program Files%\YYMusic\2014220\Skin\headimg.png (32082 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionlogin.png (2951 bytes)
%Program Files%\YYMusic\2014220\Skin\input-password.png (1705 bytes)
%Program Files%\YYMusic\2014220\Skin\frmProgressToolTip.xml (393 bytes)
%Program Files%\YYMusic\2014220\Skin\color_008.bmp (556 bytes)
%Program Files%\YYMusic\2014220\Skin\playingnext.png (4967 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontop.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_split.png (1006 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-delete.png (1137 bytes)
%Program Files%\YYMusic\2014220\Skin\pop_bkimage.png (1803 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbigahover.png (1084 bytes)
%Program Files%\YYMusic\2014220\YYMusic.exe (1007760 bytes)
%Program Files%\YYMusic\2014220\Skin\playinginga.jpg (5601 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_vol.png (1275 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_xm.png (5013 bytes)
%Program Files%\YYMusic\2014220\Data\client.ini (38 bytes)
%Program Files%\YYMusic\2014220\Skin\downda.png (1531 bytes)
%Program Files%\YYMusic\2014220\Skin\menu.png (1285 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnmini.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\power.png (5511 bytes)
%Program Files%\YYMusic\2014220\Skin\sound (2).jpg (1925 bytes)
%Program Files%\YYMusic\2014220\Skin\color_012.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\BtnRightTop.png (1285 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_color.png (1344 bytes)
%Program Files%\YYMusic\2014220\Skin\loading03.png (1300 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-pause.png (5528 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmColor.xml (1633 bytes)
%Program Files%\YYMusic\2014220\Skin\progress_fore.png (2929 bytes)
%Program Files%\YYMusic\2014220\Skin\random02hover.jpg (2108 bytes)
%Program Files%\YYMusic\2014220\Skin\prev.png (2316 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbiga.png (1073 bytes)
%Program Files%\YYMusic\2014220\Skin\color_003.bmp (560 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionsetahover.png (1305 bytes)
%Program Files%\YYMusic\2014220\Skin\next.png (2182 bytes)
%Program Files%\YYMusic\2014220\Skin\tab_comm.png (1127 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_itself.png (1170 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdelete.png (1146 bytes)
%Program Files%\YYMusic\2014220\Skin\random01hover.jpg (2232 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_fh.png (4560 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_small.png (1279 bytes)
%Program Files%\YYMusic\2014220\Skin\collection.png (3470 bytes)
%Program Files%\YYMusic\2014220\Skin\random02.jpg (1888 bytes)
%Program Files%\YYMusic\2014220\Skin\color_013.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\color_unsel.bmp (5880 bytes)
%Program Files%\YYMusic\2014220\Skin\random0520.png (1780 bytes)
%Program Files%\YYMusic\2014220\Skin\progresstooltip.png (3111 bytes)
%Program Files%\YYMusic\2014220\Skin\musiclibrary.png (3726 bytes)
%Program Files%\YYMusic\2014220\Skin\mini.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_1.png (5612 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_13766042.lrc (1466 bytes)
%Program Files%\YYMusic\2014220\picture\baidu_c8ea15ce36d3d539f9c9305e3b87e950342ab0b2.jpg (41244 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmHotKeyTip.xml (482 bytes)
%Program Files%\YYMusic\2014220\Skin\random03hover.jpg (1426 bytes)
%Program Files%\YYMusic\2014220\Skin\slider_bg.png (1001 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_big.png (1295 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_4.png (4865 bytes)
%Program Files%\YYMusic\2014220\Skin\playerbg01.png (1599 bytes)
%Program Files%\YYMusic\2014220\Skin\reflash.png (1868 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-login2.png (6202 bytes)
%Program Files%\YYMusic\2014220\YYJia.exe (656528 bytes)
%Program Files%\YYMusic\2014220\Skin\125x125.jpg (22934 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_red.png (1421 bytes)
%Program Files%\YYMusic\2014220\Skin\color_003highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_13881991.lrc (1794 bytes)
%Program Files%\YYMusic\2014220\Skin\hotkeytipbk.png (1161 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionclosea.png (1180 bytes)
%Program Files%\YYMusic\2014220\pthreadGC2.dll (117488 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWindowLrcParent.xml (157 bytes)
%Program Files%\YYMusic\2014220\Skin\exit.png (2043 bytes)
%Program Files%\YYMusic\2014220\Skin\color_011.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_scroll_bar.png (1110 bytes)
%Program Files%\YYMusic\2014220\Skin\AutoRunTipFrame.xml (1974 bytes)
%Program Files%\YYMusic\2014220\Skin\color_001.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\LyricFrameVoice.png (2850 bytes)
%Program Files%\YYMusic\2014220\avcodec-54.dll (737952 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricmute.png (1328 bytes)
%Program Files%\YYMusic\2014220\Skin\font_bkcolor.png (2990 bytes)
%Program Files%\YYMusic\2014220\source.dll (203920 bytes)
%Program Files%\YYMusic\2014220\PlayerUpdate.exe (156304 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_res.png (1137 bytes)
%Program Files%\YYMusic\2014220\Skin\color_004.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bg2.png (1014 bytes)
%Program Files%\YYMusic\2014220\Skin\WindowLrcbkIamge.png (732 bytes)
%Program Files%\YYMusic\2014220\Skin\playerbg02.png (1568 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-fav.png (3293 bytes)
%Program Files%\YYMusic\2014220\Skin\max.png (1120 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmDropDownMenuFrame.xml (1661 bytes)
%Program Files%\YYMusic\2014220\Skin\random01a.jpg (2251 bytes)
%Program Files%\YYMusic\2014220\Skin\mineahover.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\BtnHidePlayList.png (1865 bytes)
%Program Files%\YYMusic\2014220\Skin\minea.png (1630 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmLrc.xml (7660 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclike.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\mainframeshadow.png (132105 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_prev.png (1247 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedbacka.png (1381 bytes)
%Program Files%\YYMusic\2014220\Skin\playingprev.jpg (1396 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_blue.png (1410 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_6.png (5307 bytes)
%Program Files%\YYMusic\2014220\Skin\SelectColor_SliderBar_Thumb.png (1346 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionclose.png (1226 bytes)
%Documents and Settings%\%current user%\ÃƒÂÃ¢â‚¬Å“ÃƒÂÃ‚Â»ÃƒÂÃ‚Â°ÃƒÂÃ‚Â²ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã…Â½\ÃƒÂÃ…Â¸Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â¾ÃƒÂÃ‚Â³Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â°ÃƒÂÃ‚Â¼ÃƒÂÃ‚Â¼Ãƒâ€˜Ã¢â‚¬Â¹\YYMusic\ÃƒÂ¢Ã¢â‚¬Å¾Ã¢â‚¬â€œÃƒÂÃ‚Â©Ãƒâ€šÃ‚Â·ÃƒÂÃ¢â‚¬Â¦ÃƒÂÃ‚Â¦Ãƒâ€˜Ã¢â‚¬Â¡ÃƒÂÃ‚Â¢Ãƒâ€˜Ã¢â‚¬â€œ.lnk (334 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_2.png (5222 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWindowLrc.xml (174 bytes)
%Program Files%\YYMusic\2014220\Skin\color_007.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\search.png (3944 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmLrcChild.xml (263 bytes)
%Program Files%\YYMusic\2014220\Skin\frmlogin.xml (3823 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionset.png (1383 bytes)
%Program Files%\YYMusic\2014220\Skin\PlayProgressForeImage.png (142 bytes)
%Program Files%\YYMusic\2014220\Skin\color_002.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bg_2.png (1119 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_pause.png (1067 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_3.png (5407 bytes)
%Program Files%\YYMusic\2014220\Skin\color_006.bmp (560 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionmin.png (1052 bytes)
%Program Files%\YYMusic\2014220\Skin\voiceall0528.png (1310 bytes)
%Program Files%\YYMusic\2014220\picture\baidu_e1fe9925bc315c60bbe955728cb1cb134954772a.jpg (16578 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_btn_down.png (1136 bytes)
%Program Files%\YYMusic\2014220\Skin\voice0520.png (1637 bytes)
%Program Files%\YYMusic\2014220\Skin\color_007highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\voice00528.png (1231 bytes)
%Program Files%\YYMusic\2014220\Skin\history.png (4046 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_sc.png (3695 bytes)
%Program Files%\YYMusic\2014220\Skin\miniÃƒâ€™Ã¢â‚¬ËœÃƒâ€šÃ‚Â°.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionminahover.png (1058 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_feedback.png (1107 bytes)
%Program Files%\YYMusic\2014220\Skin\channel.png (3075 bytes)
%Program Files%\YYMusic\2014220\avcore.dll (97936 bytes)
%Program Files%\YYMusic\2014220\Skin\color_004highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\remembertt.jpg (1860 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_6.png (5404 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_kw.png (5427 bytes)
%Program Files%\YYMusic\2014220\Skin\color_bg.bmp (32240 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontopahover.png (1342 bytes)
%Program Files%\YYMusic\2014220\Skin\playingrandom.jpg (1590 bytes)
%Program Files%\YYMusic\2014220\Skin\DownLoadProgressForeImage.png (1025 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdeletea2.png (2891 bytes)
%Program Files%\YYMusic\2014220\Skin\close.png (1210 bytes)
%Program Files%\YYMusic\2014220\Skin\MessageBox.xml (1577 bytes)
%Program Files%\YYMusic\2014220\Skin\sound.jpg (1925 bytes)
%Program Files%\YYMusic\2014220\Skin\back.png (1684 bytes)
%Program Files%\YYMusic\2014220\Skin\more.png (1083 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-anonymity.png (8941 bytes)
%Program Files%\YYMusic\2014220\Skin\playingpreva.jpg (1730 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmSetWindowLrcFrame.xml (3859 bytes)
%Program Files%\YYMusic\2014220\Skin\loading01.png (1304 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_db.png (3492 bytes)
%Program Files%\YYMusic\2014220\Skin\border.png (1114 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_set.png (1262 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-next.png (4263 bytes)
%Program Files%\YYMusic\2014220\Skin\prevention.png (3651 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_btn_on.png (1283 bytes)
%Program Files%\YYMusic\2014220\Skin\min.png (1021 bytes)
%Program Files%\YYMusic\2014220\Skin\play0520.png (1485 bytes)
%Program Files%\YYMusic\2014220\Skin\color_list_bk.png (57846 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_forward.png (1094 bytes)
%Program Files%\YYMusic\2014220\Skin\like.png (3577 bytes)
%Program Files%\YYMusic\2014220\Skin\playingplaying.jpg (2791 bytes)
%Program Files%\YYMusic\2014220\Skin\astop.png (3320 bytes)
%Program Files%\YYMusic\2014220\Skin\voice1000528.png (2828 bytes)
%Program Files%\YYMusic\2014220\Skin\prev0520.png (1351 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnsteup.png (3024 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-login.png (3196 bytes)
%Program Files%\YYMusic\2014220\Skin\fbcaptionbk.png (1453 bytes)
%Program Files%\YYMusic\2014220\Data\dh.ini (56 bytes)
%Program Files%\YYMusic\2014220\Skin\SetTipFrame.xml (1835 bytes)
%Program Files%\YYMusic\2014220\Skin\random02a.jpg (2119 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_bd.png (4427 bytes)
%Documents and Settings%\%current user%\ÃƒÂÃ¢â‚¬Å“ÃƒÂÃ‚Â»ÃƒÂÃ‚Â°ÃƒÂÃ‚Â²ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã…Â½\ÃƒÂÃ…Â¸Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â¾ÃƒÂÃ‚Â³Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â°ÃƒÂÃ‚Â¼ÃƒÂÃ‚Â¼Ãƒâ€˜Ã¢â‚¬Â¹\YYMusic\YYMusic.lnk (698 bytes)
%Program Files%\YYMusic\2014220\Skin\color_001highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnexit - Ãƒâ€˜Ã¢â‚¬ËœÃƒâ€šÃ‚Â±Ãƒâ€šÃ‚Â±Ãƒâ€˜Ã¢â‚¬Â¢.png (2043 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_next.png (1122 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn.png (1416 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_back.png (1098 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedbackahover.png (1372 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmPopWnd.xml (354 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontopa.png (1328 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok_blue.png (2491 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnfeedback.png (2209 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclikea.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\ÃƒÂÃ‚Â¢Ãƒâ€˜Ã¢â‚¬Å¾ÃƒÂÃ¢â‚¬ËœÃƒâ€˜Ã¢â‚¬â€ÃƒÂÃ…â€œÃƒâ€˜Ã¢â‚¬Â¦.png (1001 bytes)
%Program Files%\YYMusic\2014220\Skin\play2.png (3709 bytes)
%Program Files%\YYMusic\2014220\Skin\feedback.png (2209 bytes)
%Program Files%\YYMusic\2014220\Skin\button.png (3427 bytes)
%Program Files%\YYMusic\2014220\Skin\color_002highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\playingrandoma.jpg (2224 bytes)
%Program Files%\YYMusic\2014220\Skin\lrclist.png (4667 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedback.png (1453 bytes)
%Program Files%\YYMusic\2014220\Skin\loading04.png (1300 bytes)
%Program Files%\YYMusic\2014220\Skin\update.xml (2820 bytes)
%Program Files%\YYMusic\2014220\Skin\color_010.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\SysConfig.ini (235 bytes)
%Program Files%\YYMusic\2014220\Skin\sound100.jpg (1813 bytes)
%Program Files%\YYMusic\2014220\Skin\list_scroll_bar2.png (1097 bytes)
%Program Files%\YYMusic\2014220\Skin\320x225.png (22990 bytes)
%Program Files%\YYMusic\2014220\Skin\color_006highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclikea2.png (3157 bytes)
%Program Files%\YYMusic\2014220\Skin\normalVolume.png (2055 bytes)
%Program Files%\YYMusic\2014220\Skin\ÃƒÂÃ‚Â¢Ãƒâ€˜Ã¢â‚¬Å¾ÃƒÂÃ¢â‚¬ËœÃƒâ€˜Ã¢â‚¬â€Ãƒâ€šÃ‚ÂµÃƒâ€˜Ã¢â‚¬Â¡ÃƒÂÃ¢â‚¬Â¦ÃƒÂÃ‚ÂªÃƒâ€šÃ‚ÂµÃƒÂÃ‚Â³.png (1346 bytes)
%Program Files%\YYMusic\2014220\Skin\loading02.png (1298 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_close.png (2974 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionseta.png (1314 bytes)
%Program Files%\YYMusic\2014220\Skin\input-user.png (1658 bytes)
%Program Files%\YYMusic\2014220\Skin\scrollbar.png (1829 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbig.png (1087 bytes)
%Program Files%\YYMusic\2014220\Skin\home.png (2709 bytes)
%Program Files%\YYMusic\2014220\Skin\downd.png (1528 bytes)
%Program Files%\YYMusic\2014220\Skin\playerlist.png (4638 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-play.png (5858 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_5.png (5406 bytes)
%Program Files%\YYMusic\2014220\Skin\list.png (1077 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_icon.png (3324 bytes)
%Program Files%\YYMusic\2014220\DuiLib.dll (488080 bytes)
%Program Files%\YYMusic\2014220\Skin\mine.png (1619 bytes)
%Program Files%\YYMusic\2014220\Skin\color_009.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmFeedBack.xml (411 bytes)
%Program Files%\YYMusic\2014220\Skin\pushedVolume.png (2869 bytes)
%Program Files%\YYMusic\2014220\Skin\random03.jpg (1372 bytes)
%Program Files%\YYMusic\2014220\Data\server.ini (1024 bytes)
%Program Files%\YYMusic\2014220\Skin\color_008highlight.bmp (552 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnexit.png (4253 bytes)
%Program Files%\YYMusic\2014220\Skin\next0520.png (1414 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_desktop.png (1149 bytes)
%Program Files%\YYMusic\2014220\Skin\color_005.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bk.png (129602 bytes)
%Program Files%\YYMusic\2014220\Skin\random01.jpg (1993 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdeletea.png (1090 bytes)
%Program Files%\YYMusic\2014220\Skin\steup.png (3024 bytes)
%Program Files%\YYMusic\2014220\Skin\random03a.jpg (1404 bytes)
%Program Files%\YYMusic\2014220\Skin\frmplayer.xml (10156 bytes)
%Program Files%\YYMusic\2014220\favorfm.xml (66 bytes)
%Program Files%\YYMusic\2014220\Skin\listahover.png (1076 bytes)
%Program Files%\YYMusic\2014220\Skin\playinging.jpg (2753 bytes)
%Program Files%\YYMusic\2014220\Skin\voice0a0528.png (1293 bytes)
%Program Files%\YYMusic\2014220\Unins.exe (281232 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_7.png (5129 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btntop.png (3320 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_mutevol.png (3110 bytes)
%Program Files%\YYMusic\2014220\Skin\list_item.xml (1326 bytes)
%Program Files%\YYMusic\2014220\Data\version.ini (32 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_5.png (5372 bytes)
%Program Files%\YYMusic\2014220\Skin\LoginBk.png (102991 bytes)
%Program Files%\YYMusic\2014220\avformat-54.dll (378528 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_1.png (4421 bytes)
%Program Files%\YYMusic\2014220\Skin\progresstooltipbk.png (60521 bytes)
%Program Files%\YYMusic\2014220\Skin\downdahover.png (1513 bytes)
%Program Files%\YYMusic\2014220\Skin\list_pause.png (1302 bytes)
%Program Files%\YYMusic\2014220\Skin\LrcBk.png (7678 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_comm.png (1164 bytes)
%Program Files%\YYMusic\2014220\Skin\color_014.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_play.png (1375 bytes)
%Program Files%\YYMusic\2014220\Skin\forgettt.jpg (1981 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_play.png (1244 bytes)
%Program Files%\YYMusic\2014220\Skin\font_forecolor.png (1605 bytes)
%Program Files%\YYMusic\2014220\libav.dll (193680 bytes)
%Program Files%\YYMusic\2014220\Skin\bg3.png (3264 bytes)
%Program Files%\YYMusic\2014220\Skin\color_015.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\color_016.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_item_bg.png (1018 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnmin.png (3713 bytes)
%Program Files%\YYMusic\2014220\Skin\color_005highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_7.png (5552 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_bg.png (1288 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmSystemMenuFrame.xml (1654 bytes)
%Program Files%\YYMusic\2014220\avutil-52.dll (174240 bytes)
%Program Files%\YYMusic\2014220\Skin\playingvoice.png (3122 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_2.png (5515 bytes)
%Program Files%\YYMusic\2014220\Skin\dash.png (955 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok_red.png (2498 bytes)
%Program Files%\YYMusic\2014220\Data\setup.ini (46 bytes)

Registry activity

The process YYMusic.exe:552 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 30 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF 2D 44 57 85 C0 FF 98 0D A9 E1 48 7C 41 4B BC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YYMusic_2014220" = "%Program Files%\YYMusic\2014220\YYMusic.exe -mini"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YYMusic_News_2014220" = "%Program Files%\YYMusic\2014220\YYJia.exe -mini"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process YYJia.exe:1656 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE 03 CF 9C 8F A7 A3 4E 49 62 D9 30 4A 8E 97 5E"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process YYJia.exe:948 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 A6 AD 1D 17 50 7E 7B 01 09 E9 12 88 10 67 21"

The process %original file name%.exe:1760 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂÃ‚Â¢Ãƒâ€˜Ã¢â‚¬Å¾ÃƒÂÃ‚ÂÃƒÂÃ‚Â¦FM]
"DisplayName" = "YYMusic"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\ÃƒÂÃ…â€œÃƒÂÃ‚Â¾ÃƒÂÃ‚Â¸ ÃƒÂÃ‚Â´ÃƒÂÃ‚Â¾ÃƒÂÃ‚ÂºÃƒâ€˜Ã†â€™ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã¢â‚¬Å¡Ãƒâ€˜Ã¢â‚¬Â¹\ÃƒÂÃ…â€œÃƒÂÃ‚Â¾ÃƒÂÃ‚Â¸ Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â¸Ãƒâ€˜Ã‚ÂÃƒâ€˜Ã†â€™ÃƒÂÃ‚Â½ÃƒÂÃ‚ÂºÃƒÂÃ‚Â¸"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂÃ‚Â¢Ãƒâ€˜Ã¢â‚¬Å¾ÃƒÂÃ‚ÂÃƒÂÃ‚Â¦FM]
"DisplayIcon" = "%Program Files%\YYMusic\2014220\Unins.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\ÃƒÂÃ¢â‚¬Å“ÃƒÂÃ‚Â»ÃƒÂÃ‚Â°ÃƒÂÃ‚Â²ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã…Â½"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂÃ‚Â¢Ãƒâ€˜Ã¢â‚¬Å¾ÃƒÂÃ‚ÂÃƒÂÃ‚Â¦FM]
"UninstallString" = "%Program Files%\YYMusic\2014220\Unins.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃƒÂÃ…â€œÃƒÂÃ‚Â¾ÃƒÂÃ‚Â¸ ÃƒÂÃ‚Â´ÃƒÂÃ‚Â¾ÃƒÂÃ‚ÂºÃƒâ€˜Ã†â€™ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã¢â‚¬Å¡Ãƒâ€˜Ã¢â‚¬Â¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\ÃƒÂÃ¢â‚¬ÂÃƒÂÃ‚Â¾ÃƒÂÃ‚ÂºÃƒâ€˜Ã†â€™ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã¢â‚¬Å¡Ãƒâ€˜Ã¢â‚¬Â¹\ÃƒÂÃ…â€œÃƒÂÃ‚Â¾Ãƒâ€˜Ã‚Â ÃƒÂÃ‚Â¼Ãƒâ€˜Ã†â€™ÃƒÂÃ‚Â·Ãƒâ€˜Ã¢â‚¬Â¹ÃƒÂÃ‚ÂºÃƒÂÃ‚Â°"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃƒÂÃ‚Â ÃƒÂÃ‚Â°ÃƒÂÃ‚Â±ÃƒÂÃ‚Â¾Ãƒâ€˜Ã¢â‚¬Â¡ÃƒÂÃ‚Â¸ÃƒÂÃ‚Â¹ Ãƒâ€˜Ã‚ÂÃƒâ€˜Ã¢â‚¬Å¡ÃƒÂÃ‚Â¾ÃƒÂÃ‚Â»"

[HKLM\SOFTWARE\YyfmPlay]
"RD" = "_2014220"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃƒÂÃ¢â‚¬ÂÃƒÂÃ‚Â¾ÃƒÂÃ‚ÂºÃƒâ€˜Ã†â€™ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã¢â‚¬Å¡Ãƒâ€˜Ã¢â‚¬Â¹"

[HKLM\SOFTWARE\YYMusic]
"RD" = "_2014220"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\ÃƒÂÃ¢â‚¬Å“ÃƒÂÃ‚Â»ÃƒÂÃ‚Â°ÃƒÂÃ‚Â²ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã…Â½"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂÃ‚Â¢Ãƒâ€˜Ã¢â‚¬Å¾ÃƒÂÃ‚ÂÃƒÂÃ‚Â¦FM]
"Publisher" = "YYMusic"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\ÃƒÂÃ¢â‚¬ÂÃƒÂÃ‚Â¾ÃƒÂÃ‚ÂºÃƒâ€˜Ã†â€™ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã¢â‚¬Å¡Ãƒâ€˜Ã¢â‚¬Â¹\ÃƒÂÃ…â€œÃƒÂÃ‚Â¾ÃƒÂÃ‚Â¸ ÃƒÂÃ‚Â²ÃƒÂÃ‚Â¸ÃƒÂÃ‚Â´ÃƒÂÃ‚ÂµÃƒÂÃ‚Â¾ÃƒÂÃ‚Â·ÃƒÂÃ‚Â°ÃƒÂÃ‚Â¿ÃƒÂÃ‚Â¸Ãƒâ€˜Ã‚ÂÃƒÂÃ‚Â¸"
"CommonPictures" = "%Documents and Settings%\All Users\ÃƒÂÃ¢â‚¬ÂÃƒÂÃ‚Â¾ÃƒÂÃ‚ÂºÃƒâ€˜Ã†â€™ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã¢â‚¬Å¡Ãƒâ€˜Ã¢â‚¬Â¹\ÃƒÂÃ…â€œÃƒÂÃ‚Â¾ÃƒÂÃ‚Â¸ Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â¸Ãƒâ€˜Ã‚ÂÃƒâ€˜Ã†â€™ÃƒÂÃ‚Â½ÃƒÂÃ‚ÂºÃƒÂÃ‚Â¸"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 BF E0 5D A7 D6 B5 68 B2 F2 C7 56 D4 05 D5 D0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃƒÂÃ‚Â ÃƒÂÃ‚Â°ÃƒÂÃ‚Â±ÃƒÂÃ‚Â¾Ãƒâ€˜Ã¢â‚¬Â¡ÃƒÂÃ‚Â¸ÃƒÂÃ‚Â¹ Ãƒâ€˜Ã‚ÂÃƒâ€˜Ã¢â‚¬Å¡ÃƒÂÃ‚Â¾ÃƒÂÃ‚Â»"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃƒÂÃ‚Â¢Ãƒâ€˜Ã¢â‚¬Å¾ÃƒÂÃ‚ÂÃƒÂÃ‚Â¦FM]
"DisplayVersion" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\ÃƒÂÃ¢â‚¬Å“ÃƒÂÃ‚Â»ÃƒÂÃ‚Â°ÃƒÂÃ‚Â²ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã…Â½\ÃƒÂÃ…Â¸Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â¾ÃƒÂÃ‚Â³Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â°ÃƒÂÃ‚Â¼ÃƒÂÃ‚Â¼Ãƒâ€˜Ã¢â‚¬Â¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

The Trojan deletes the following value(s) in system registry:

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YyfmPlay"

"BoxNews"

"YYMusic_News"

"YYMusic"

Network activity (URLs)

URL	IP
hxxp://update.yinyue.fm/DM5/DMSet.Xml	222.186.60.13
hxxp://update.yinyue.fm/tj.ashx
hxxp://update.yinyue.fm/a.ashx?v=51856086832E9ADB32CC6A9B6C71DCBCC7C74FC51D7CB5113174FECED7F13C18C0C8B1AB73BA45DEED104630DCBC32D1683F373E788B33870079C2970BD8B6BA896DF390AB045112338BAC450D2072B22BE17713DB1ECE3885EEFD3039D20A0003D26306363B7D2651F8D15274EFDA40CBCE8E3B8F607294
hxxp://update.yinyue.fm/appupdate/ver.txt
tongji.yinyue.fm	222.186.60.13

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):
YYMusic.exe:552
YYJia.exe:948
%original file name%.exe:1760
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:
%Program Files%\YYMusic\2014220\SysConfig.ini (217 bytes)
%Program Files%\YYMusic\2014220\Data\client.ini (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (18432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\desktop.ini (67 bytes)
%Program Files%\YYMusic\2014220\Data\user2.ini (196 bytes)
%Program Files%\YYMusic\2014220\Data\server.ini (1024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\ver[1].txt (36 bytes)
%Documents and Settings%\%current user%\ÃƒÂÃ‹Å“ÃƒÂÃ‚Â·ÃƒÂÃ‚Â±Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â°ÃƒÂÃ‚Â½ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ\ÃƒÂÃ¢â‚¬Å“ÃƒÂÃ‚Â²Ãƒâ€šÃ‚Â·ÃƒÂÃ‚Â¡ÃƒÂÃ¢â€žÂ¢ÃƒÂÃ…Â¸ÃƒÂÃ‚ÂÃƒâ€˜Ã‹â€ Ãƒâ€šÃ‚ÂµÃƒâ€˜Ã‹Å“Ãƒâ€˜Ã¢â‚¬ÂÃƒÂÃ¢â‚¬Â¦.url (71 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\a[1].htm (3 bytes)
%Documents and Settings%\%current user%\ÃƒÂÃ‹Å“ÃƒÂÃ‚Â·ÃƒÂÃ‚Â±Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â°ÃƒÂÃ‚Â½ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ\ÃƒÂÃ…â€œÃƒÂÃ‚Â¼ÃƒÂÃ‚Â¢ÃƒÂÃ‚Â½Ãƒâ€˜Ã¢â‚¬Â¢Ãƒâ€˜Ã…â€™ÃƒÂÃ…Â¡ÃƒÂÃ¢â‚¬â„¢ÃƒÂÃ‚ÂÃƒâ€˜Ã‹â€ .url (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\tj[1].ashx (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\YYXMDT\OLDSet.Xml (3594 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\YYXMDT\DMSet.Xml (3594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Program Files%\YYMusic\2014220\picture\baidu_c2cec3fdfc03924517c1df928694a4c27d1e2532.jpg (24090 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_4.png (5768 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_262581.lrc (993 bytes)
%Program Files%\YYMusic\2014220\Skin\tooltipbk.png (319 bytes)
%Program Files%\YYMusic\2014220\Skin\playersidebg.jpg (1568 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensioncloseahover.png (1179 bytes)
%Program Files%\YYMusic\2014220\Skin\icon.png (1706 bytes)
%Program Files%\YYMusic\2014220\Skin\frmplaylist.xml (5434 bytes)
%Program Files%\YYMusic\2014220\Skin\lyrictoplay.png (1342 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWebBrowser.xml (308 bytes)
%Program Files%\YYMusic\2014220\audio.dll (129168 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_close.png (1118 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok.png (3950 bytes)
%Documents and Settings%\%current user%\ÃƒÂÃ¢â‚¬Å“ÃƒÂÃ‚Â»ÃƒÂÃ‚Â°ÃƒÂÃ‚Â²ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã…Â½\ÃƒÂÃ…Â¸Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â¾ÃƒÂÃ‚Â³Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â°ÃƒÂÃ‚Â¼ÃƒÂÃ‚Â¼Ãƒâ€˜Ã¢â‚¬Â¹\YYMusic\ÃƒÂÃ¢â‚¬Â¢ÃƒÂÃ‚Â´ÃƒÂÃ‚Â¦ÃƒÂÃ¢â‚¬Å“ÃƒÂ¢Ã¢â‚¬Å¾Ã¢â‚¬â€œÃƒâ€šÃ‚Â¤Ãƒâ€˜Ã¢â‚¬Â¢ÃƒÂÃ‚Â¯\ÃƒÂÃ‚Â Ãƒâ€šÃ‚Â¶ÃƒÂÃ‚Â¤ÃƒÂÃ‚Â¨YYMusic.lnk (700 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmMenuFrame.xml (1663 bytes)
%Program Files%\YYMusic\2014220\Skin\list_title_bg.png (1049 bytes)
%Program Files%\YYMusic\2014220\Skin\DefaultUserImage.jpg (6747 bytes)
%Program Files%\YYMusic\2014220\Skin\random.jpg (1983 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_3.png (3933 bytes)
%Program Files%\YYMusic\2014220\Skin\frmdownmenu.xml (1702 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_9k.png (4098 bytes)
%Program Files%\YYMusic\2014220\Skin\lista.png (1063 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionmina.png (1047 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmConfig.xml (4521 bytes)
%Program Files%\YYMusic\2014220\swresample-0.dll (107680 bytes)
%Program Files%\YYMusic\2014220\channels.xml (33290 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_whiter.png (318 bytes)
%Program Files%\YYMusic\2014220\Skin\headimg.png (32082 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionlogin.png (2951 bytes)
%Program Files%\YYMusic\2014220\Skin\input-password.png (1705 bytes)
%Program Files%\YYMusic\2014220\Skin\frmProgressToolTip.xml (393 bytes)
%Program Files%\YYMusic\2014220\Skin\color_008.bmp (556 bytes)
%Program Files%\YYMusic\2014220\Skin\playingnext.png (4967 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontop.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_split.png (1006 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-delete.png (1137 bytes)
%Program Files%\YYMusic\2014220\Skin\pop_bkimage.png (1803 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbigahover.png (1084 bytes)
%Program Files%\YYMusic\2014220\YYMusic.exe (1007760 bytes)
%Program Files%\YYMusic\2014220\Skin\playinginga.jpg (5601 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_vol.png (1275 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_xm.png (5013 bytes)
%Program Files%\YYMusic\2014220\Skin\downda.png (1531 bytes)
%Program Files%\YYMusic\2014220\Skin\menu.png (1285 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnmini.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\power.png (5511 bytes)
%Program Files%\YYMusic\2014220\Skin\sound (2).jpg (1925 bytes)
%Program Files%\YYMusic\2014220\Skin\color_012.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\BtnRightTop.png (1285 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_color.png (1344 bytes)
%Program Files%\YYMusic\2014220\Skin\loading03.png (1300 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-pause.png (5528 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmColor.xml (1633 bytes)
%Program Files%\YYMusic\2014220\Skin\progress_fore.png (2929 bytes)
%Program Files%\YYMusic\2014220\Skin\random02hover.jpg (2108 bytes)
%Program Files%\YYMusic\2014220\Skin\prev.png (2316 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbiga.png (1073 bytes)
%Program Files%\YYMusic\2014220\Skin\color_003.bmp (560 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionsetahover.png (1305 bytes)
%Program Files%\YYMusic\2014220\Skin\next.png (2182 bytes)
%Program Files%\YYMusic\2014220\Skin\tab_comm.png (1127 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_itself.png (1170 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdelete.png (1146 bytes)
%Program Files%\YYMusic\2014220\Skin\random01hover.jpg (2232 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_fh.png (4560 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_small.png (1279 bytes)
%Program Files%\YYMusic\2014220\Skin\collection.png (3470 bytes)
%Program Files%\YYMusic\2014220\Skin\random02.jpg (1888 bytes)
%Program Files%\YYMusic\2014220\Skin\color_013.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\color_unsel.bmp (5880 bytes)
%Program Files%\YYMusic\2014220\Skin\random0520.png (1780 bytes)
%Program Files%\YYMusic\2014220\Skin\progresstooltip.png (3111 bytes)
%Program Files%\YYMusic\2014220\Skin\musiclibrary.png (3726 bytes)
%Program Files%\YYMusic\2014220\Skin\mini.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_1.png (5612 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_13766042.lrc (1466 bytes)
%Program Files%\YYMusic\2014220\picture\baidu_c8ea15ce36d3d539f9c9305e3b87e950342ab0b2.jpg (41244 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmHotKeyTip.xml (482 bytes)
%Program Files%\YYMusic\2014220\Skin\random03hover.jpg (1426 bytes)
%Program Files%\YYMusic\2014220\Skin\slider_bg.png (1001 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_big.png (1295 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_4.png (4865 bytes)
%Program Files%\YYMusic\2014220\Skin\playerbg01.png (1599 bytes)
%Program Files%\YYMusic\2014220\Skin\reflash.png (1868 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-login2.png (6202 bytes)
%Program Files%\YYMusic\2014220\YYJia.exe (656528 bytes)
%Program Files%\YYMusic\2014220\Skin\125x125.jpg (22934 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_red.png (1421 bytes)
%Program Files%\YYMusic\2014220\Skin\color_003highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_13881991.lrc (1794 bytes)
%Program Files%\YYMusic\2014220\Skin\hotkeytipbk.png (1161 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionclosea.png (1180 bytes)
%Program Files%\YYMusic\2014220\pthreadGC2.dll (117488 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWindowLrcParent.xml (157 bytes)
%Program Files%\YYMusic\2014220\Skin\exit.png (2043 bytes)
%Program Files%\YYMusic\2014220\Skin\color_011.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_scroll_bar.png (1110 bytes)
%Program Files%\YYMusic\2014220\Skin\AutoRunTipFrame.xml (1974 bytes)
%Program Files%\YYMusic\2014220\Skin\color_001.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\LyricFrameVoice.png (2850 bytes)
%Program Files%\YYMusic\2014220\avcodec-54.dll (737952 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricmute.png (1328 bytes)
%Program Files%\YYMusic\2014220\Skin\font_bkcolor.png (2990 bytes)
%Program Files%\YYMusic\2014220\source.dll (203920 bytes)
%Program Files%\YYMusic\2014220\PlayerUpdate.exe (156304 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_res.png (1137 bytes)
%Program Files%\YYMusic\2014220\Skin\color_004.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bg2.png (1014 bytes)
%Program Files%\YYMusic\2014220\Skin\WindowLrcbkIamge.png (732 bytes)
%Program Files%\YYMusic\2014220\Skin\playerbg02.png (1568 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-fav.png (3293 bytes)
%Program Files%\YYMusic\2014220\Skin\max.png (1120 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmDropDownMenuFrame.xml (1661 bytes)
%Program Files%\YYMusic\2014220\Skin\random01a.jpg (2251 bytes)
%Program Files%\YYMusic\2014220\Skin\mineahover.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\BtnHidePlayList.png (1865 bytes)
%Program Files%\YYMusic\2014220\Skin\minea.png (1630 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmLrc.xml (7660 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclike.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\mainframeshadow.png (132105 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_prev.png (1247 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedbacka.png (1381 bytes)
%Program Files%\YYMusic\2014220\Skin\playingprev.jpg (1396 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_blue.png (1410 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_6.png (5307 bytes)
%Program Files%\YYMusic\2014220\Skin\SelectColor_SliderBar_Thumb.png (1346 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionclose.png (1226 bytes)
%Documents and Settings%\%current user%\ÃƒÂÃ¢â‚¬Å“ÃƒÂÃ‚Â»ÃƒÂÃ‚Â°ÃƒÂÃ‚Â²ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã…Â½\ÃƒÂÃ…Â¸Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â¾ÃƒÂÃ‚Â³Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â°ÃƒÂÃ‚Â¼ÃƒÂÃ‚Â¼Ãƒâ€˜Ã¢â‚¬Â¹\YYMusic\ÃƒÂ¢Ã¢â‚¬Å¾Ã¢â‚¬â€œÃƒÂÃ‚Â©Ãƒâ€šÃ‚Â·ÃƒÂÃ¢â‚¬Â¦ÃƒÂÃ‚Â¦Ãƒâ€˜Ã¢â‚¬Â¡ÃƒÂÃ‚Â¢Ãƒâ€˜Ã¢â‚¬â€œ.lnk (334 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_2.png (5222 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWindowLrc.xml (174 bytes)
%Program Files%\YYMusic\2014220\Skin\color_007.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\search.png (3944 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmLrcChild.xml (263 bytes)
%Program Files%\YYMusic\2014220\Skin\frmlogin.xml (3823 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionset.png (1383 bytes)
%Program Files%\YYMusic\2014220\Skin\PlayProgressForeImage.png (142 bytes)
%Program Files%\YYMusic\2014220\Skin\color_002.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bg_2.png (1119 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_pause.png (1067 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_3.png (5407 bytes)
%Program Files%\YYMusic\2014220\Skin\color_006.bmp (560 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionmin.png (1052 bytes)
%Program Files%\YYMusic\2014220\Skin\voiceall0528.png (1310 bytes)
%Program Files%\YYMusic\2014220\picture\baidu_e1fe9925bc315c60bbe955728cb1cb134954772a.jpg (16578 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_btn_down.png (1136 bytes)
%Program Files%\YYMusic\2014220\Skin\voice0520.png (1637 bytes)
%Program Files%\YYMusic\2014220\Skin\color_007highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\voice00528.png (1231 bytes)
%Program Files%\YYMusic\2014220\Skin\history.png (4046 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_sc.png (3695 bytes)
%Program Files%\YYMusic\2014220\Skin\miniÃƒâ€™Ã¢â‚¬ËœÃƒâ€šÃ‚Â°.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionminahover.png (1058 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_feedback.png (1107 bytes)
%Program Files%\YYMusic\2014220\Skin\channel.png (3075 bytes)
%Program Files%\YYMusic\2014220\avcore.dll (97936 bytes)
%Program Files%\YYMusic\2014220\Skin\color_004highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\remembertt.jpg (1860 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_6.png (5404 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_kw.png (5427 bytes)
%Program Files%\YYMusic\2014220\Skin\color_bg.bmp (32240 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontopahover.png (1342 bytes)
%Program Files%\YYMusic\2014220\Skin\playingrandom.jpg (1590 bytes)
%Program Files%\YYMusic\2014220\Skin\DownLoadProgressForeImage.png (1025 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdeletea2.png (2891 bytes)
%Program Files%\YYMusic\2014220\Skin\close.png (1210 bytes)
%Program Files%\YYMusic\2014220\Skin\MessageBox.xml (1577 bytes)
%Program Files%\YYMusic\2014220\Skin\sound.jpg (1925 bytes)
%Program Files%\YYMusic\2014220\Skin\back.png (1684 bytes)
%Program Files%\YYMusic\2014220\Skin\more.png (1083 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-anonymity.png (8941 bytes)
%Program Files%\YYMusic\2014220\Skin\playingpreva.jpg (1730 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmSetWindowLrcFrame.xml (3859 bytes)
%Program Files%\YYMusic\2014220\Skin\loading01.png (1304 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_db.png (3492 bytes)
%Program Files%\YYMusic\2014220\Skin\border.png (1114 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_set.png (1262 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-next.png (4263 bytes)
%Program Files%\YYMusic\2014220\Skin\prevention.png (3651 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_btn_on.png (1283 bytes)
%Program Files%\YYMusic\2014220\Skin\min.png (1021 bytes)
%Program Files%\YYMusic\2014220\Skin\play0520.png (1485 bytes)
%Program Files%\YYMusic\2014220\Skin\color_list_bk.png (57846 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_forward.png (1094 bytes)
%Program Files%\YYMusic\2014220\Skin\like.png (3577 bytes)
%Program Files%\YYMusic\2014220\Skin\playingplaying.jpg (2791 bytes)
%Program Files%\YYMusic\2014220\Skin\astop.png (3320 bytes)
%Program Files%\YYMusic\2014220\Skin\voice1000528.png (2828 bytes)
%Program Files%\YYMusic\2014220\Skin\prev0520.png (1351 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnsteup.png (3024 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-login.png (3196 bytes)
%Program Files%\YYMusic\2014220\Skin\fbcaptionbk.png (1453 bytes)
%Program Files%\YYMusic\2014220\Data\dh.ini (56 bytes)
%Program Files%\YYMusic\2014220\Skin\SetTipFrame.xml (1835 bytes)
%Program Files%\YYMusic\2014220\Skin\random02a.jpg (2119 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_bd.png (4427 bytes)
%Documents and Settings%\%current user%\ÃƒÂÃ¢â‚¬Å“ÃƒÂÃ‚Â»ÃƒÂÃ‚Â°ÃƒÂÃ‚Â²ÃƒÂÃ‚Â½ÃƒÂÃ‚Â¾ÃƒÂÃ‚Âµ ÃƒÂÃ‚Â¼ÃƒÂÃ‚ÂµÃƒÂÃ‚Â½Ãƒâ€˜Ã…Â½\ÃƒÂÃ…Â¸Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â¾ÃƒÂÃ‚Â³Ãƒâ€˜Ã¢â€šÂ¬ÃƒÂÃ‚Â°ÃƒÂÃ‚Â¼ÃƒÂÃ‚Â¼Ãƒâ€˜Ã¢â‚¬Â¹\YYMusic\YYMusic.lnk (698 bytes)
%Program Files%\YYMusic\2014220\Skin\color_001highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnexit - Ãƒâ€˜Ã¢â‚¬ËœÃƒâ€šÃ‚Â±Ãƒâ€šÃ‚Â±Ãƒâ€˜Ã¢â‚¬Â¢.png (2043 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_next.png (1122 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn.png (1416 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_back.png (1098 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedbackahover.png (1372 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmPopWnd.xml (354 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontopa.png (1328 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok_blue.png (2491 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnfeedback.png (2209 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclikea.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\ÃƒÂÃ‚Â¢Ãƒâ€˜Ã¢â‚¬Å¾ÃƒÂÃ¢â‚¬ËœÃƒâ€˜Ã¢â‚¬â€ÃƒÂÃ…â€œÃƒâ€˜Ã¢â‚¬Â¦.png (1001 bytes)
%Program Files%\YYMusic\2014220\Skin\play2.png (3709 bytes)
%Program Files%\YYMusic\2014220\Skin\feedback.png (2209 bytes)
%Program Files%\YYMusic\2014220\Skin\button.png (3427 bytes)
%Program Files%\YYMusic\2014220\Skin\color_002highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\playingrandoma.jpg (2224 bytes)
%Program Files%\YYMusic\2014220\Skin\lrclist.png (4667 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedback.png (1453 bytes)
%Program Files%\YYMusic\2014220\Skin\loading04.png (1300 bytes)
%Program Files%\YYMusic\2014220\Skin\update.xml (2820 bytes)
%Program Files%\YYMusic\2014220\Skin\color_010.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\sound100.jpg (1813 bytes)
%Program Files%\YYMusic\2014220\Skin\list_scroll_bar2.png (1097 bytes)
%Program Files%\YYMusic\2014220\Skin\320x225.png (22990 bytes)
%Program Files%\YYMusic\2014220\Skin\color_006highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclikea2.png (3157 bytes)
%Program Files%\YYMusic\2014220\Skin\normalVolume.png (2055 bytes)
%Program Files%\YYMusic\2014220\Skin\ÃƒÂÃ‚Â¢Ãƒâ€˜Ã¢â‚¬Å¾ÃƒÂÃ¢â‚¬ËœÃƒâ€˜Ã¢â‚¬â€Ãƒâ€šÃ‚ÂµÃƒâ€˜Ã¢â‚¬Â¡ÃƒÂÃ¢â‚¬Â¦ÃƒÂÃ‚ÂªÃƒâ€šÃ‚ÂµÃƒÂÃ‚Â³.png (1346 bytes)
%Program Files%\YYMusic\2014220\Skin\loading02.png (1298 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_close.png (2974 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionseta.png (1314 bytes)
%Program Files%\YYMusic\2014220\Skin\input-user.png (1658 bytes)
%Program Files%\YYMusic\2014220\Skin\scrollbar.png (1829 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbig.png (1087 bytes)
%Program Files%\YYMusic\2014220\Skin\home.png (2709 bytes)
%Program Files%\YYMusic\2014220\Skin\downd.png (1528 bytes)
%Program Files%\YYMusic\2014220\Skin\playerlist.png (4638 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-play.png (5858 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_5.png (5406 bytes)
%Program Files%\YYMusic\2014220\Skin\list.png (1077 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_icon.png (3324 bytes)
%Program Files%\YYMusic\2014220\DuiLib.dll (488080 bytes)
%Program Files%\YYMusic\2014220\Skin\mine.png (1619 bytes)
%Program Files%\YYMusic\2014220\Skin\color_009.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmFeedBack.xml (411 bytes)
%Program Files%\YYMusic\2014220\Skin\pushedVolume.png (2869 bytes)
%Program Files%\YYMusic\2014220\Skin\random03.jpg (1372 bytes)
%Program Files%\YYMusic\2014220\Skin\color_008highlight.bmp (552 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnexit.png (4253 bytes)
%Program Files%\YYMusic\2014220\Skin\next0520.png (1414 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_desktop.png (1149 bytes)
%Program Files%\YYMusic\2014220\Skin\color_005.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bk.png (129602 bytes)
%Program Files%\YYMusic\2014220\Skin\random01.jpg (1993 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdeletea.png (1090 bytes)
%Program Files%\YYMusic\2014220\Skin\steup.png (3024 bytes)
%Program Files%\YYMusic\2014220\Skin\random03a.jpg (1404 bytes)
%Program Files%\YYMusic\2014220\Skin\frmplayer.xml (10156 bytes)
%Program Files%\YYMusic\2014220\favorfm.xml (66 bytes)
%Program Files%\YYMusic\2014220\Skin\listahover.png (1076 bytes)
%Program Files%\YYMusic\2014220\Skin\playinging.jpg (2753 bytes)
%Program Files%\YYMusic\2014220\Skin\voice0a0528.png (1293 bytes)
%Program Files%\YYMusic\2014220\Unins.exe (281232 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_7.png (5129 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btntop.png (3320 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_mutevol.png (3110 bytes)
%Program Files%\YYMusic\2014220\Skin\list_item.xml (1326 bytes)
%Program Files%\YYMusic\2014220\Data\version.ini (32 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_5.png (5372 bytes)
%Program Files%\YYMusic\2014220\Skin\LoginBk.png (102991 bytes)
%Program Files%\YYMusic\2014220\avformat-54.dll (378528 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_1.png (4421 bytes)
%Program Files%\YYMusic\2014220\Skin\progresstooltipbk.png (60521 bytes)
%Program Files%\YYMusic\2014220\Skin\downdahover.png (1513 bytes)
%Program Files%\YYMusic\2014220\Skin\list_pause.png (1302 bytes)
%Program Files%\YYMusic\2014220\Skin\LrcBk.png (7678 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_comm.png (1164 bytes)
%Program Files%\YYMusic\2014220\Skin\color_014.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_play.png (1375 bytes)
%Program Files%\YYMusic\2014220\Skin\forgettt.jpg (1981 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_play.png (1244 bytes)
%Program Files%\YYMusic\2014220\Skin\font_forecolor.png (1605 bytes)
%Program Files%\YYMusic\2014220\libav.dll (193680 bytes)
%Program Files%\YYMusic\2014220\Skin\bg3.png (3264 bytes)
%Program Files%\YYMusic\2014220\Skin\color_015.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\color_016.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_item_bg.png (1018 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnmin.png (3713 bytes)
%Program Files%\YYMusic\2014220\Skin\color_005highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_7.png (5552 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_bg.png (1288 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmSystemMenuFrame.xml (1654 bytes)
%Program Files%\YYMusic\2014220\avutil-52.dll (174240 bytes)
%Program Files%\YYMusic\2014220\Skin\playingvoice.png (3122 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_2.png (5515 bytes)
%Program Files%\YYMusic\2014220\Skin\dash.png (955 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok_red.png (2498 bytes)
%Program Files%\YYMusic\2014220\Data\setup.ini (46 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YYMusic_2014220" = "%Program Files%\YYMusic\2014220\YYMusic.exe -mini"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YYMusic_News_2014220" = "%Program Files%\YYMusic\2014220\YYJia.exe -mini"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: Sta
Product Name: ??FM????
Product Version: 1.0.0.0
Legal Copyright: Copyright (C) 2012
Legal Trademarks:
Original Filename: SetupApp.exe
Internal Name: SetupApp.exe
File Version: 1.0.0.0
File Description: ??FM????
Comments:
Language: Chinese (Simplified, PRC)

Company Name: StaProduct Name: ??FM????Product Version: 1.0.0.0Legal Copyright: Copyright (C) 2012Legal Trademarks: Original Filename: SetupApp.exeInternal Name: SetupApp.exeFile Version: 1.0.0.0File Description: ??FM????Comments: Language: Chinese (Simplified, PRC)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	96280	96768	4.56971	68509f9d87f1a11e9bbd7486a832c951
.rdata	102400	24300	24576	3.44421	656dda3489126e9fdada8dd6750ba725
.data	126976	12580	5120	2.29426	2252c8646b3326b8c4b2d29678bc1e55
.rsrc	143360	3542040	3542528	5.50927	2ab8acc008b47033cc93505806784942
.reloc	3686400	16630	16896	1.65655	1680cc09cb313c5c1ff3381a341ef242

Network Activity

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Map

Strings from Dumps