File name:

qtranslate-6-10-0.exe

Full analysis: https://app.any.run/tasks/0ffe3fef-0ea3-4da9-9500-715ac4df844b
Verdict: Malicious activity
Analysis date: December 10, 2024, 03:37:58
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

E23FFECB44C814AAA4708D56AB5B144B

SHA1:

202311D615685E7BAAA41DC149B5A76A69C05A0E

SHA256:

D395AF3C10E18C944CF8ADE76A650623DC23E050EAF652FF31056C84077A013C

SSDEEP:

24576:GYnrVnqxCGl2NN5SSbyE3dJfz7oHf2qj2HHmR:bnRqMzlPNJfzfHg

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • qtranslate-6-10-0.exe (PID: 6812)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • qtranslate-6-10-0.exe (PID: 6812)

    • Searches for installed software

      • QTranslate.exe (PID: 6872)

    • The process creates files with name similar to system file names

      • qtranslate-6-10-0.exe (PID: 6812)

    • Creates a software uninstall entry

      • qtranslate-6-10-0.exe (PID: 6812)

  • INFO

    • Checks supported languages

      • qtranslate-6-10-0.exe (PID: 6812)
      • QTranslate.exe (PID: 6872)

    • Reads the computer name

      • qtranslate-6-10-0.exe (PID: 6812)
      • QTranslate.exe (PID: 6872)

    • Creates files or folders in the user directory

      • qtranslate-6-10-0.exe (PID: 6812)

    • Creates files in the program directory

      • qtranslate-6-10-0.exe (PID: 6812)

    • Create files in a temporary directory

      • qtranslate-6-10-0.exe (PID: 6812)

    • Checks proxy server information

      • QTranslate.exe (PID: 6872)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
115
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start qtranslate-6-10-0.exe qtranslate.exe qtranslate-6-10-0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6664"C:\Users\admin\Desktop\qtranslate-6-10-0.exe" C:\Users\admin\Desktop\qtranslate-6-10-0.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\qtranslate-6-10-0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6812"C:\Users\admin\Desktop\qtranslate-6-10-0.exe" C:\Users\admin\Desktop\qtranslate-6-10-0.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\qtranslate-6-10-0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6872"C:\Program Files (x86)\QTranslate\QTranslate.exe"C:\Program Files (x86)\QTranslate\QTranslate.exe
qtranslate-6-10-0.exe
User:
admin
Company:
QuestSoft
Integrity Level:
HIGH
Description:
QTranslate
Version:
6.10.0.0
Modules
Images
c:\program files (x86)\qtranslate\qtranslate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
701
Read events
693
Write events
8
Delete events
0

Modification events

(PID) Process:(6812) qtranslate-6-10-0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QTranslate
Operation:writeName:DisplayName
Value:
QTranslate 6.10.0
(PID) Process:(6812) qtranslate-6-10-0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QTranslate
Operation:writeName:UninstallString
Value:
C:\Program Files (x86)\QTranslate\Uninstall.exe
(PID) Process:(6812) qtranslate-6-10-0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QTranslate
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\QTranslate\QTranslate.exe
(PID) Process:(6812) qtranslate-6-10-0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QTranslate
Operation:writeName:DisplayVersion
Value:
6.10.0
(PID) Process:(6812) qtranslate-6-10-0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QTranslate
Operation:writeName:URLInfoAbout
Value:
https://quest-app.appspot.com/
(PID) Process:(6812) qtranslate-6-10-0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QTranslate
Operation:writeName:Publisher
Value:
QuestSoft
(PID) Process:(6872) QTranslate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\qtranslate.exe
Operation:writeName:JScriptSetScriptStateStarted
Value:
3DAA130000000000
(PID) Process:(6872) QTranslate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings
Operation:writeName:JITDebug
Value:
0
Executable files
6
Suspicious files
15
Text files
112
Unknown types
0

Dropped files

PID
Process
Filename
Type
6812qtranslate-6-10-0.exeC:\Users\admin\AppData\Local\Temp\nsy6084.tmp\UserInfo.dllexecutable
MD5:2F69AFA9D17A5245EC9B5BB03D56F63C
SHA256:E54989D2B83E7282D0BEC56B098635146AAB5D5A283F1F89486816851EF885A0
6812qtranslate-6-10-0.exeC:\Users\admin\AppData\Local\Temp\nsy6084.tmp\nsDialogs.dllexecutable
MD5:6C3F8C94D0727894D706940A8A980543
SHA256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
6812qtranslate-6-10-0.exeC:\Program Files (x86)\QTranslate\Services\Babylon Dictionary\Service.icoimage
MD5:E3128633E94A0C352375D0FFFC497052
SHA256:47068C0E950F0EE240E38F2F0C3DCF305633B423D4D81FC522F5F2AF8A6AC79B
6812qtranslate-6-10-0.exeC:\Program Files (x86)\QTranslate\Services\ABBYY Lingvo Live\Service.jshtml
MD5:CAD24AB28FF0A3050DD1B2F664562C4F
SHA256:4C0EF8506FF322CE78A29488B90E04F3DD16E55A5BF93E5DDEE0282F637D04E0
6812qtranslate-6-10-0.exeC:\Program Files (x86)\QTranslate\Services\ABBYY Lingvo Live\Service.icoimage
MD5:199E649A59A9582A1EFE8D50DEF9CCB2
SHA256:56D583D80ADAC1307B023E01E2B61FE06874511315E3618826DBC7694CD1A6AE
6812qtranslate-6-10-0.exeC:\Program Files (x86)\QTranslate\Services\Baidu\Service.jsbinary
MD5:F2925941BD95F5A98ECCFE87741E8E0C
SHA256:910DFE9ADCD7994C1FE0F9F12FB24D598EE121E302E823F912C811B9A3BDA92B
6812qtranslate-6-10-0.exeC:\Program Files (x86)\QTranslate\Services\Babylon Dictionary\Service.jstext
MD5:474F5269EAFCEC35B00F232CFF92DACD
SHA256:F406C6FB359820DC24BA74C60CCBDA85F191211320C3A62D2460A18E8220B900
6812qtranslate-6-10-0.exeC:\Program Files (x86)\QTranslate\Services\Babylon\Service.icoimage
MD5:E3128633E94A0C352375D0FFFC497052
SHA256:47068C0E950F0EE240E38F2F0C3DCF305633B423D4D81FC522F5F2AF8A6AC79B
6812qtranslate-6-10-0.exeC:\Program Files (x86)\QTranslate\Services\Google Search\Service.icoimage
MD5:1E7F652C531C17CC60BC6703458DC881
SHA256:E5EFB0B5C0BC1E9E5B258FBD482709CB303AC7638E38B000C0887AEB3FD1A026
6812qtranslate-6-10-0.exeC:\Users\admin\AppData\Local\Temp\nsy6084.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
23
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6872
QTranslate.exe
POST
307
213.180.204.29:80
http://speller.yandex.net/services/spellservice.json/checkText
unknown
whitelisted
POST
200
213.180.204.29:443
https://speller.yandex.net/services/spellservice.json/checkText
unknown
text
258 b
whitelisted
POST
204
92.123.104.34:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.251:5353
unknown
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
92.123.104.34:443
www.bing.com
Akamai International B.V.
DE
whitelisted
6872
QTranslate.exe
213.180.204.29:80
speller.yandex.net
YANDEX LLC
RU
whitelisted
6872
QTranslate.exe
213.180.204.29:443
speller.yandex.net
YANDEX LLC
RU
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.181.238
whitelisted
www.bing.com
  • 92.123.104.34
  • 92.123.104.32
whitelisted
speller.yandex.net
  • 213.180.204.29
whitelisted
self.events.data.microsoft.com
  • 20.189.173.14
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
qtranslate-6-10-0.exe