File name:

QQBrowser_Setup_qb10.exe

Full analysis: https://app.any.run/tasks/e5afd939-4aed-4e39-814e-d9ea5190ad8c
Verdict: Malicious activity
Analysis date: January 08, 2024, 16:52:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

493A532F0A397B3FBBB040F75C869616

SHA1:

B8030E0270D8F0931B20C6E21BC292099812D9A6

SHA256:

305D695D8446E772403D21B9644B1736C7AE37BA59BE89DF43B540156CA379DD

SSDEEP:

49152:yx+73OfHRyZaeKzBfWIYKpzAge5EKmBtzXoCjV0j5M0RHARb7ZRER8aiYBcKHUDT:yqwIRWFp0ge5E/Lz4C50jhgRHPEqbYiv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • QQBrowser_Setup_qb10.exe (PID: 2064)

  • SUSPICIOUS

    • Reads settings of System Certificates

      • QQBrowser_Setup_qb10.exe (PID: 2064)

    • The process verifies whether the antivirus software is installed

      • QQBrowser_Setup_qb10.exe (PID: 2064)

  • INFO

    • Creates files or folders in the user directory

      • QQBrowser_Setup_qb10.exe (PID: 2064)

    • Drops the executable file immediately after the start

      • QQBrowser_Setup_qb10.exe (PID: 2064)

    • Process checks are UAC notifies on

      • QQBrowser_Setup_qb10.exe (PID: 2064)

    • Checks supported languages

      • QQBrowser_Setup_qb10.exe (PID: 2064)

    • Reads the computer name

      • QQBrowser_Setup_qb10.exe (PID: 2064)

    • Reads the machine GUID from the registry

      • QQBrowser_Setup_qb10.exe (PID: 2064)

    • Create files in a temporary directory

      • QQBrowser_Setup_qb10.exe (PID: 2064)

    • Process requests binary or script from the Internet

      • QQBrowser_Setup_qb10.exe (PID: 2064)

    • Creates files in the program directory

      • QQBrowser_Setup_qb10.exe (PID: 2064)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1970:01:27 15:43:12+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 856064
InitializedDataSize: 81920
UninitializedDataSize: 1605632
EntryPoint: 0x2598c0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 10.8.4560.400
ProductVersionNumber: 10.8.4560.400
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
Comments: 2014-07-16 00:00:00
CompanyName: Tencent Inc.
FileDescription: QQ浏览器安装程序
FileVersion: 10.8.4560.400
InternalName: QQBrowser
LegalCopyright: Copyright © 2018 Tencent. All Rights Reserved.
ProductName: QQ 浏览器
ProductVersion: 10.8.4560.400
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start qqbrowser_setup_qb10.exe qqbrowser_setup_qb10.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120"C:\Users\admin\AppData\Local\Temp\QQBrowser_Setup_qb10.exe" C:\Users\admin\AppData\Local\Temp\QQBrowser_Setup_qb10.exeexplorer.exe
User:
admin
Company:
Tencent Inc.
Integrity Level:
MEDIUM
Description:
QQ浏览器安装程序
Exit code:
3221226540
Version:
10.8.4560.400
Modules
Images
c:\users\admin\appdata\local\temp\qqbrowser_setup_qb10.exe
c:\windows\system32\ntdll.dll
2064"C:\Users\admin\AppData\Local\Temp\QQBrowser_Setup_qb10.exe" C:\Users\admin\AppData\Local\Temp\QQBrowser_Setup_qb10.exe
explorer.exe
User:
admin
Company:
Tencent Inc.
Integrity Level:
HIGH
Description:
QQ浏览器安装程序
Exit code:
0
Version:
10.8.4560.400
Modules
Images
c:\users\admin\appdata\local\temp\qqbrowser_setup_qb10.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
Total events
5 561
Read events
5 547
Write events
14
Delete events
0

Modification events

(PID) Process:(2064) QQBrowser_Setup_qb10.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
1
Suspicious files
1
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
2064QQBrowser_Setup_qb10.exeC:\Users\admin\AppData\Local\Temp\14abdf8c8\bin\ExportFavHtml.dllexecutable
MD5:3AC3574315BA16692D1D4CDC72BAAAFE
SHA256:F234B48105B0A3EDD0F300DEE41C518C9D8165CCA25D22499B165F4F441412C5
2064QQBrowser_Setup_qb10.exeC:\Users\admin\AppData\Local\Temp\14abdf8c8\license.txttext
MD5:F8581FF0348DE970315072E4D7998A38
SHA256:5CA3E9481BB486F5164246A2841A2D20C5D69E275C0083781FDDED3B4C6CFD03
2064QQBrowser_Setup_qb10.exeC:\Users\admin\AppData\Local\Temp\14abdf8c8\nsis_skin.gtbinary
MD5:DFDAE15B5C5DAA8C509C9EF53D467A32
SHA256:47789E3CB45BF37F903E70EB2E887C3FD0D1A51B3A550973AD711BF3F868A0BE
2064QQBrowser_Setup_qb10.exeC:\Users\admin\AppData\Local\Temp\14abdf8c8\CustomerJoinPlan.txttext
MD5:4C5ECD4D39CD945FEEF82EADBBFC27C7
SHA256:FE650E0865BEC584C6B14E3BC69303603FC1EC5BE5A3F39121C081724B7DB8C2
2064QQBrowser_Setup_qb10.exeC:\Users\admin\AppData\Local\Temp\14abdf8c8\Config.xmlxml
MD5:A21A2EF9926FA7D7444AF00B66841DFD
SHA256:DEBC12CD6A37590983018283871E8C528D94061C88AE5DBBF2ABF584561B9886
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
19
DNS requests
11
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2064
QQBrowser_Setup_qb10.exe
GET
61.54.94.94:80
http://dldir1.qq.com/invc/tt/QQBrowser_Setup_10.8.4560.400_for_downloader.exe
unknown
unknown
2064
QQBrowser_Setup_qb10.exe
GET
61.54.94.94:80
http://dldir1.qq.com/invc/tt/QQBrowser_Setup_10.8.4560.400_for_downloader.exe
unknown
unknown
2064
QQBrowser_Setup_qb10.exe
POST
14.22.9.100:80
http://qbwup.imtt.qq.com/
unknown
unknown
2064
QQBrowser_Setup_qb10.exe
GET
61.54.94.94:80
http://dldir1.qq.com/invc/tt/QQBrowser_Setup_10.8.4560.400_for_downloader.exe
unknown
unknown
2064
QQBrowser_Setup_qb10.exe
POST
200
183.47.104.158:80
http://qbwup.imtt.qq.com/
unknown
binary
93 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2064
QQBrowser_Setup_qb10.exe
43.135.106.212:443
go.browser.qq.com
Tencent Building, Kejizhongyi Avenue
HK
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2064
QQBrowser_Setup_qb10.exe
61.54.94.94:80
dldir1.qq.com
CHINA UNICOM China169 Backbone
CN
unknown
2064
QQBrowser_Setup_qb10.exe
129.226.106.211:443
wup.browser.qq.com
Tencent Building, Kejizhongyi Avenue
HK
unknown
2064
QQBrowser_Setup_qb10.exe
14.22.9.100:80
qbwup.imtt.qq.com
Chinanet
CN
unknown
2064
QQBrowser_Setup_qb10.exe
129.226.107.80:443
wup.browser.qq.com
Tencent Building, Kejizhongyi Avenue
HK
unknown
2064
QQBrowser_Setup_qb10.exe
183.47.126.106:80
qbwup.imtt.qq.com
Chinanet
CN
unknown

DNS requests

Domain
IP
Reputation
go.browser.qq.com
  • 43.135.106.212
  • 43.135.106.42
whitelisted
dldir1.qq.com
  • 61.54.94.94
  • 61.54.91.227
  • 123.6.2.138
  • 116.136.170.207
  • 119.36.226.152
  • 116.153.46.52
  • 119.167.147.66
  • 119.167.147.223
  • 221.204.166.200
  • 218.29.205.112
  • 119.36.226.159
  • 58.144.248.39
  • 113.1.0.204
  • 113.201.154.245
  • 119.167.147.70
  • 202.97.231.11
  • 115.56.90.245
whitelisted
wup.browser.qq.com
  • 129.226.106.211
  • 129.226.107.80
whitelisted
qbwup.imtt.qq.com
  • 14.22.9.100
  • 183.47.104.158
  • 183.47.126.106
unknown

Threats

PID
Process
Class
Message
2064
QQBrowser_Setup_qb10.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2064
QQBrowser_Setup_qb10.exe
Potential Corporate Privacy Violation
ET POLICY QQ Browser WUP Request - qbpcstatf.stat
2064
QQBrowser_Setup_qb10.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2064
QQBrowser_Setup_qb10.exe
Potential Corporate Privacy Violation
ET POLICY QQ Browser WUP Request - qbpcstatf.stat
2064
QQBrowser_Setup_qb10.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
QQBrowser_Setup_qb10.exe