analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

QQBrowser_Setup_qb10.exe.zs

Full analysis: https://app.any.run/tasks/667e3e9f-b184-4061-9906-3e503b83b781
Verdict: Malicious activity
Analysis date: September 30, 2020, 10:03:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

92CD9E1614CA449C3E26379EDD4A86C7

SHA1:

6C0530C3A9091AEBD62553662ABA64BF3B214F01

SHA256:

63F6A850C831063FDFAC77961D96A8F895CC9DD7CBF89234753613D7688C3B87

SSDEEP:

24576:5i2q8Frpc8YSFqRuNwerbDFiCYmL4KVxYZ48lrVwWAyke0Kj:58OrvYSLNpDFhLv+rfQe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • QQBrowser_Setup_qb10.exe.zs.exe (PID: 3844)

  • SUSPICIOUS

    • Creates files in the program directory

      • QQBrowser_Setup_qb10.exe.zs.exe (PID: 3844)

    • Executable content was dropped or overwritten

      • QQBrowser_Setup_qb10.exe.zs.exe (PID: 3844)

    • Creates files in the user directory

      • QQBrowser_Setup_qb10.exe.zs.exe (PID: 3844)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

ProductVersion: 10.6.4212.400
ProductName: QQ 浏览器
LegalCopyright: Copyright © 2018 Tencent. All Rights Reserved.
InternalName: QQBrowser
FileVersion: 10.6.4212.400
FileDescription: QQ浏览器安装程序
CompanyName: Tencent Inc.
Comments: 2014-07-16 00:00:00
CharacterSet: Unicode
LanguageCode: Chinese (Simplified)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x0017
ProductVersionNumber: 10.6.4212.400
FileVersionNumber: 10.6.4212.400
Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion: -
OSVersion: 5.1
EntryPoint: 0x2595b0
UninitializedDataSize: 1605632
InitializedDataSize: 81920
CodeSize: 856064
LinkerVersion: 14
PEType: PE32
TimeStamp: 1970:01:27 14:52:00+01:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 27-Jan-1970 13:52:00
Detected languages:
  • Chinese - PRC
  • English - United States
Comments: 2014-07-16 00:00:00
CompanyName: Tencent Inc.
FileDescription: QQ浏览器安装程序
FileVersion: 10.6.4212.400
InternalName: QQBrowser
LegalCopyright: Copyright © 2018 Tencent. All Rights Reserved.
ProductName: QQ 浏览器
ProductVersion: 10.6.4212.400

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000138

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 3
Time date stamp: 27-Jan-1970 13:52:00
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
UPX0
0x00001000
0x00188000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
UPX1
0x00189000
0x000D1000
0x000D0800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.93417
.rsrc
0x0025A000
0x00014000
0x00013600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
5.84543

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.32299
1128
UNKNOWN
English - United States
RT_MANIFEST
2
4.41312
21640
UNKNOWN
English - United States
RT_ICON
3
4.47913
16936
UNKNOWN
English - United States
RT_ICON
4
4.48252
9640
UNKNOWN
English - United States
RT_ICON
5
4.31138
4264
UNKNOWN
English - United States
RT_ICON
6
4.71151
2440
UNKNOWN
English - United States
RT_ICON
7
4.6535
34
UNKNOWN
Chinese - PRC
RT_STRING
201
7.72351
1058
UNKNOWN
Chinese - PRC
FILE
202
6.56297
140
UNKNOWN
Chinese - PRC
RT_DIALOG
IDI_ICON1
2.89478
104
UNKNOWN
English - United States
RT_GROUP_ICON

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.DLL
MSIMG32.dll
NETAPI32.dll
OLEAUT32.dll
PSAPI.DLL
SHELL32.dll
SHLWAPI.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start qqbrowser_setup_qb10.exe.zs.exe no specs qqbrowser_setup_qb10.exe.zs.exe

Process information

PID
CMD
Path
Indicators
Parent process
2148"C:\Users\admin\AppData\Local\Temp\QQBrowser_Setup_qb10.exe.zs.exe" C:\Users\admin\AppData\Local\Temp\QQBrowser_Setup_qb10.exe.zs.exeexplorer.exe
User:
admin
Company:
Tencent Inc.
Integrity Level:
MEDIUM
Description:
QQ浏览器安装程序
Exit code:
3221226540
Version:
10.6.4212.400
3844"C:\Users\admin\AppData\Local\Temp\QQBrowser_Setup_qb10.exe.zs.exe" C:\Users\admin\AppData\Local\Temp\QQBrowser_Setup_qb10.exe.zs.exe
explorer.exe
User:
admin
Company:
Tencent Inc.
Integrity Level:
HIGH
Description:
QQ浏览器安装程序
Version:
10.6.4212.400
Total events
57
Read events
40
Write events
17
Delete events
0

Modification events

(PID) Process:(3844) QQBrowser_Setup_qb10.exe.zs.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant
Operation:writeName:ExecutablesToExclude
Value:
C:\Users\admin\AppData\Local\Temp\QQBrowser_Setup_qb10.exe.zs.exe
(PID) Process:(3844) QQBrowser_Setup_qb10.exe.zs.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
Operation:writeName:C:\Users\admin\AppData\Local\Temp\QQBrowser_Setup_qb10.exe.zs.exe
Value:
1
(PID) Process:(3844) QQBrowser_Setup_qb10.exe.zs.exeKey:HKEY_CURRENT_USER\Software\Tencent\QQBrowser\PrivateCfg
Operation:writeName:flash_ver_url
Value:
32.0.0.371|http://dldir1.qq.com/invc/tt/QB/flash/install_flash_player_32.0.0.371.exe|63a4a68616080a41f75d7f58c0d00de3
(PID) Process:(3844) QQBrowser_Setup_qb10.exe.zs.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserMachineCode
Operation:writeName:MachineGuid
Value:
B07FDBB6A82EE52F5DF1F8E62B476643
(PID) Process:(3844) QQBrowser_Setup_qb10.exe.zs.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3844) QQBrowser_Setup_qb10.exe.zs.exeKey:HKEY_CURRENT_USER\Software\Tencent\QQBrowser\InstallInfo
Operation:writeName:InstallStep
Value:
2590
(PID) Process:(3844) QQBrowser_Setup_qb10.exe.zs.exeKey:HKEY_CURRENT_USER\Software\Tencent\QQBrowser\InstallInfo
Operation:writeName:InstallResult
Value:
12
(PID) Process:(3844) QQBrowser_Setup_qb10.exe.zs.exeKey:HKEY_CURRENT_USER\Software\Tencent\QQBrowser\InstallInfo
Operation:writeName:InstallError
Value:
0
Executable files
1
Suspicious files
1
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
3844QQBrowser_Setup_qb10.exe.zs.exeC:\Users\admin\AppData\Local\Temp\14ab19b4ee\Config.xmlxml
MD5:07B22EDB16D018BA38338B44ACB3C71F
SHA256:9C58941DE688D7CE14783B928A62D5B6D88096565BD5BE54B5C1F40A75B79187
3844QQBrowser_Setup_qb10.exe.zs.exeC:\Users\admin\AppData\Local\Temp\14ab19b4ee\license.txttext
MD5:F8581FF0348DE970315072E4D7998A38
SHA256:5CA3E9481BB486F5164246A2841A2D20C5D69E275C0083781FDDED3B4C6CFD03
3844QQBrowser_Setup_qb10.exe.zs.exeC:\Users\admin\AppData\Local\Temp\14ab19b4ee\nsis_skin.gtbinary
MD5:DFDAE15B5C5DAA8C509C9EF53D467A32
SHA256:47789E3CB45BF37F903E70EB2E887C3FD0D1A51B3A550973AD711BF3F868A0BE
3844QQBrowser_Setup_qb10.exe.zs.exeC:\Users\admin\AppData\Local\Temp\14ab19b4ee\CustomerJoinPlan.txttext
MD5:4C5ECD4D39CD945FEEF82EADBBFC27C7
SHA256:FE650E0865BEC584C6B14E3BC69303603FC1EC5BE5A3F39121C081724B7DB8C2
3844QQBrowser_Setup_qb10.exe.zs.exeC:\Users\admin\AppData\Local\Temp\14ab19b4ee\bin\ExportFavHtml.dllexecutable
MD5:3AC3574315BA16692D1D4CDC72BAAAFE
SHA256:F234B48105B0A3EDD0F300DEE41C518C9D8165CCA25D22499B165F4F441412C5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
16
DNS requests
11
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3844
QQBrowser_Setup_qb10.exe.zs.exe
GET
2.16.186.75:80
http://dldir1.qq.com/invc/tt/QQBrowser_Setup_10.6.4212.400_for_downloader.exe
unknown
whitelisted
3844
QQBrowser_Setup_qb10.exe.zs.exe
GET
2.16.186.75:80
http://dldir1.qq.com/invc/tt/QQBrowser_Setup_10.6.4212.400_for_downloader.exe
unknown
whitelisted
3844
QQBrowser_Setup_qb10.exe.zs.exe
POST
203.205.219.54:80
http://qbwup.imtt.qq.com/
CN
suspicious
3844
QQBrowser_Setup_qb10.exe.zs.exe
GET
2.16.186.75:80
http://dldir1.qq.com/invc/tt/QQBrowser_Setup_10.6.4212.400_for_downloader.exe
unknown
whitelisted
3844
QQBrowser_Setup_qb10.exe.zs.exe
POST
200
203.205.219.54:80
http://qbwup.imtt.qq.com/
CN
binary
54 b
suspicious
3844
QQBrowser_Setup_qb10.exe.zs.exe
POST
200
203.205.219.54:80
http://qbwup.imtt.qq.com/
CN
binary
54 b
suspicious
3844
QQBrowser_Setup_qb10.exe.zs.exe
POST
203.205.219.54:80
http://qbwup.imtt.qq.com/
CN
suspicious
3844
QQBrowser_Setup_qb10.exe.zs.exe
POST
203.205.219.54:80
http://qbwup.imtt.qq.com/
CN
suspicious
3844
QQBrowser_Setup_qb10.exe.zs.exe
POST
200
203.205.219.54:80
http://qbwup.imtt.qq.com/
CN
binary
54 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3844
QQBrowser_Setup_qb10.exe.zs.exe
2.16.186.75:80
dldir1.qq.com
Akamai International B.V.
whitelisted
3844
QQBrowser_Setup_qb10.exe.zs.exe
183.232.96.107:443
wup.browser.qq.com
China Mobile communications corporation
CN
unknown
3844
QQBrowser_Setup_qb10.exe.zs.exe
203.205.253.140:443
go.browser.qq.com
CN
suspicious
3844
QQBrowser_Setup_qb10.exe.zs.exe
203.205.253.183:443
go.browser.qq.com
CN
suspicious
3844
QQBrowser_Setup_qb10.exe.zs.exe
203.205.219.54:80
qbwup.imtt.qq.com
CN
suspicious

DNS requests

Domain
IP
Reputation
go.browser.qq.com
  • 203.205.253.183
  • 203.205.253.140
whitelisted
dldir1.qq.com
  • 2.16.186.75
  • 2.16.186.104
whitelisted
wup.browser.qq.com
  • 183.232.96.107
whitelisted
qbwup.imtt.qq.com
  • 203.205.219.54
suspicious

Threats

PID
Process
Class
Message
3844
QQBrowser_Setup_qb10.exe.zs.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3844
QQBrowser_Setup_qb10.exe.zs.exe
Potential Corporate Privacy Violation
ET POLICY QQ Browser WUP Request - qbpcstatf.stat
3844
QQBrowser_Setup_qb10.exe.zs.exe
Potential Corporate Privacy Violation
ET POLICY QQ Browser WUP Request - qbpcstatf.stat
3844
QQBrowser_Setup_qb10.exe.zs.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3844
QQBrowser_Setup_qb10.exe.zs.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3844
QQBrowser_Setup_qb10.exe.zs.exe
Potential Corporate Privacy Violation
ET POLICY QQ Browser WUP Request - qbpcstatf.stat
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
QQBrowser_Setup_qb10.exe.zs