Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.QQPC

PUP.QQPC

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.QQPC
Signature status: Self Signed

Known Samples

MD5: 6abadab81b7c9f7d807bb5884b70b554
SHA1: 77e54d18d45b80dc7df31c14b4992f7ce41d70d0
SHA256: F5E8CC5DDAD0EEF9178D2775F5FD946BFB0163E2432E8D96B1E84E01C77F965E
File Size: 1.67 MB, 1669552 bytes
MD5: 0924c95c3c3f6a8b45f020a4b9e23217
SHA1: c51203c2ac7fad4794a9e52c629068d447001924
SHA256: 79D9B01E3A174DF85BB0B8D32674F6C8FA865A98D34CA05F290534420402F36A
File Size: 1.27 MB, 1271688 bytes
MD5: 06a3d1998369e4c8f11bd5869effc5e3
SHA1: 747883a9b8bee88b958f239aa071fd01c02e912b
SHA256: 35BA6A1A2FEDEDE1CCA81AFBCCCB18E82DFC4C2F621186B41740D0D8C598C5F3
File Size: 1.17 MB, 1167264 bytes
MD5: d3891b9c0068850d3448597fbe7fe751
SHA1: 41e2ef0a0b884ca914f79b5e1c275b59db4c8c7b
SHA256: D6F58C316A90946B7F7BFBEDD6FA9F5F9663D0A83F77BE55766D4DE4961B0433
File Size: 555.71 KB, 555712 bytes
MD5: 05b8eca0313f831093bdc7c8a419a084
SHA1: a565e8e2721ae3960e5ba6795c856fcee8dc877a
SHA256: 8386A730C19183FAE4B5E4B2BA2AF4685B8711C6E00077CB29772027103B7DC1
File Size: 680.39 KB, 680392 bytes
Show More
MD5: 0e20557c46f626f4f42e88596b41ba95
SHA1: 3bf0fa77a4f8e06ba498a9c10aaadda875b422a2
SHA256: 29AA30AFCE0334DE16197B2C2A5310700B9CDA64FE502A0532487BB074F4145F
File Size: 733.62 KB, 733616 bytes
MD5: 1039fb74f1a6b6c2b409f95cc6dbb6ec
SHA1: 0059095f3795c5c4be7227be114065cabd8ca904
SHA256: 515000718A09A9F522412754F30A5AA81F5ABA7C262DD19876248C0BD0653A24
File Size: 1.64 MB, 1643912 bytes
MD5: b75703868db96217c9709a5bfe78cd12
SHA1: f2686a26ce96e7c08a3c2bfde72725ad652d1915
SHA256: 1AF20773D71C6E67C3727099A06C4A1F958FDB0764D8231748B70AA7A486D2B4
File Size: 8.01 MB, 8011776 bytes
MD5: e499dbe261ea2341ced7bc0f49c37614
SHA1: 43df5a63fdb9d2d8fb80632152cac58300934774
SHA256: C74B875E6488273C47AEB2B9BFC0BD46F0E1A45B5B875E14BE9DFF35FD6E8002
File Size: 1.17 MB, 1167264 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Cip Ver 10016
Comments 2014-07-16 00:00:00
Company Name
  • Tencent
  • Tencent Inc.
Company Short Name Tencent
File Description
  • QQ Browser
  • QQBrowserLiveup
  • QQ浏览器
  • QQ浏览器安装程序
  • 电脑管家
File Version
  • 13.3.20238.213
  • 12.0.5442.400
  • 11.9.5355.400
  • 11.1.5140.400
  • 11.0.5130.400
  • 10.6.4254.400
  • 9.6.12190.400
  • 9.6.11576.400
Internal Name
  • bug_report_exe
  • QQBrowser
  • QQBrowserLiveup
  • QQBrowser_exe
  • QQPCMgrPacket
Kernel Build 129
Kernel Version 53.0.2785.104
Last Change 713bc9f76cb50125fdd45c5a1681158adfff5709
Legal Copyright
  • Copyright 2015 Tencent. All rights reserved.
  • Copyright 2018 Tencent. All rights reserved.
  • Copyright 2022 Tencent. All rights reserved.
  • Copyright © 2018 Tencent. All Rights Reserved.
  • Copyright © 2022 Tencent. All Rights Reserved.
Official Build 1
Original Filename
  • BugReport.exe
  • QQBrowser.exe
  • QQBrowserLiveup.exe
  • QQPCMgrPacket.exe
Private Build 10016
Product Name
  • QQ Browser
  • QQ浏览器
  • 电脑管家-安装程序
Product Short Name
  • QQ Browser
  • QQ浏览器
Product Version
  • 13.3.20238.213
  • 12.0.5442.400
  • 11.9.5355.400
  • 11.1.5140.400
  • 11.0.5130.400
  • 10.6.4254.400
  • 9.6.12190.400
  • 9.6.11576.400
Special Build 1023
Url Ver 1

Digital Signatures

Signer Root Status
Tencent Technology(Shenzhen) Company Limited DigiCert Assured ID Code Signing CA-1 Self Signed
Tencent Technology(Shenzhen) Company Limited DigiCert SHA2 Assured ID Code Signing CA Self Signed
Tencent Technology(Shenzhen) Company Limited Symantec Class 3 SHA256 Code Signing CA Self Signed
Tencent Technology(Shenzhen) Company Limited VeriSign Class 3 Code Signing 2010 CA Self Signed

File Traits

  • 7-zip (In Overlay)
  • 7-zip SFX
  • HighEntropy
  • No Version Info
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 4,003
Potentially Malicious Blocks: 174
Whitelisted Blocks: 3,828
Unknown Blocks: 1

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 x x x 0 x x x x 0 0 x 0 0 0 x x 0 1 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 1 ? 0 x x x x x x x x x 0 0 x x x x 0 x x 0 x 0 0 0 0 0 1 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 x 0 x x x x x 0 0 x 0 x 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 x 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Patched.E

Files Modified

File Attributes
\device\harddisk0\dr0 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\qqpcmgr\qqpcmgrinstall_20260204142436.log Generic Write,Read Attributes
c:\users\user\appdata\roaming\tencent\deskupdate\globalmgr.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\qqbrowser\liveuplog\2025-08-30 02_16_24.log Generic Write,Read Attributes
c:\users\user\appdata\roaming\tencent\qqbrowser\liveuplog\2026-02-07 16_12_57.log Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\internet explorer\browsermachinecode::machineguid RegNtPreCreateKey
HKCU\software\tencent\qqbrowser\liveup::lur  RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\browsermachinecode::machineguid RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\browsermachinecode::machineguid RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • AdjustTokenPrivileges
Anti Debug
  • OutputDebugString
Network Info Queried
  • GetAdaptersInfo
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpSendRequest
  • WinHttpWriteData
Process Manipulation Evasion
  • ReadProcessMemory
Network Winsock2
  • WSAStartup
Network Winsock
  • connect
  • gethostbyname
  • inet_addr
  • send
  • setsockopt
  • socket

Related Posts

Trending

Most Viewed

Loading...