PUP.QQ

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.QQ
Signature status:	No Signature

Known Samples

MD5: 7fecbfe8074fa0119858c680f264a7fc

SHA1: 38bf35cdc70d4d6e7fb12711721bc0f81dad47db

SHA256: 086E4239D21CCD3AC5CB43322A87958B8811A556DADEDED50D075222326DEF5E

File Size: 2.53 MB, 2529974 bytes

MD5: 890bd61fc3031de20aaf15390fd3951e

SHA1: 697985d005bf72aa7dbf09243140fce08392bf56

SHA256: B84960B5048004BCCC7792E28D1D6EF2725BDBA106A60BFF6D810BBE65FD609D

File Size: 638.98 KB, 638976 bytes

MD5: 065feb7cdb87e301a73c5b9a8e4cd697

SHA1: 4b8b9f9089e7a31bee46c74903db1a5caf2a4bfb

SHA256: 65AB5ED0B678DED21F33116B9DC2EADDC0A703B99045C52F577040C70937F7D3

File Size: 851.97 KB, 851968 bytes

MD5: c0b22d01e1a6c7ff4eea3e1039ab7b94

SHA1: 77b9bab4ae8ef6be823cd39e0f7f023c8bdbc179

SHA256: 55A37C7E3F2C8D124BEE3DBE65C7EF9FCC357140360DE5C27AA2FA4FE64D7997

File Size: 4.34 MB, 4341760 bytes

MD5: b68aab3cfd609f18ebf7a09c9c0af537

SHA1: 79e4d95553fd83d039352350b623e67158c1202d

SHA256: 20A44C91B4A234200E05AA4BDC2B1F11CDAEEBBF352FF4493EF57A40CC9A3F1C

File Size: 2.44 MB, 2441216 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	channel1upgrade
Company Name	Tencent Corporation
File Description	QQLiveMPlayer Installer Application TencentVideo Installer Application 腾讯电脑管家在线安装程序
File Version	11.155.8637.0 11.138.9784.0 11.115.4977.0 2.0.6.27 2.0.4.156
Legal Copyright	Copyright (C) 1998 - 2018 Tencent. All Rights Reserved. Copyright (C) 1998-2019 Tencent. All Rights Reserved. Copyright (C) 1998-2024 Tencent. All Rights Reserved. Copyright (C) 1998-2025 Tencent. All Rights Reserved. Copyright (C) 1998-2026 Tencent. All Rights Reserved.
Original Filename	QQLiveSetup_{C0DC-697A-6A57-4d4f-8529-0D79-BF0F-8980-C0DC-697A-6A57-4d4f-8529-0D79-BF0F-8980-7075-F6C0-61C2-4e31-AFD4-281B-A03D-081C}.exe
Product Name	QQLiveMPlayer TencentVideo 腾讯电脑管家
Product Version	2.0.6.27

Digital Signatures

Signer	Root	Status
Tencent Technology (Shenzhen) Company Limited	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch

File Traits

7-zip (In Overlay)
Installer Manifest
Installer Version
nosig nsis
Nullsoft Installer
x86

Files Modified

File	Attributes
\device\harddisk0\dr0	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\deskupdate\globalmgr.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\deskupdate\globalmgr.db	Generic Write,Read Attributes
c:\programdata\tencent\deskupdate\guid.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\deskupdate\guidinfo.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\deskupdate\guidlist.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\deskupdate\guidreport.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\deskupdate\hdd.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\c6a9.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsia00.tmp	Synchronize,Write Attributes

c:\users\user\appdata\local\temp\nsia00.tmp\procdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsia00.tmp\procdll.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tencentdownload\~11c33d\beacon_sdk.dll	Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
c:\users\user\appdata\local\temp\tencentdownload\~11c33d\qqpcdownload.dll	Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
c:\users\user\appdata\local\temp\tencentdownload\~11c33d\setup.xml	Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db-journal	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db-shm	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db-wal	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\deskupdate\globalmgr.db	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\tencent\qmdownload\downloaderrlogfile.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\qqpcmgr\download\version	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Glbgyqda\AppData\Local\Temp\nsiA00.tmp\	RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent
Network Info Queried	GetAdaptersInfo
Network Winsock2	WSAStartup
Other Suspicious	SetWindowsHookEx
Network Winsock	connect gethostbyname send setsockopt socket
Network Winhttp	WinHttpConnect WinHttpOpen WinHttpOpenRequest
Network Wininet	InternetOpen InternetOpenUrl
User Data Access	GetUserObjectInformation

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.QQ

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Related Posts

PUP.QQB.A

PUP.QQPC.A

PUP.QQPC.AA

PUP.QQPC

PUP.QQ.B

Trending

Demotrix.org

UNC4899 Cloud Compromise Campaign

Chargeback Invoice Email Scam

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen