How to use Qu1cksc0pe to analyze malware

Qu1cksc0pe is a tool to analyze Windows, Linux, OSX source code, exe files and even Apk. If you are passionate about reverse engineering or want to analyze if a file is safe before installation, Qu1cksc0pe will quickly analyze it for you with just a few simple commands.

Join the channel Telegram of the AnonyViet 👉 Link 👈

Features of Qu1cksc0pe

Qu1cksc0pe is written in Python, so it’s quite easy to use, you only need a file to analyze and the computer has python pre-installed. Features of this software will help you to know:

What DLL files are used.
Functions and APIs.
Sections and segments
URL, IP address and email.
Android permissions.
File extensions and their names.

Qu1cksc0pe aims to get more information about suspicious files and help users realize what the file is capable of.

How to install Qu1cksc0pe

First you need to download and install Qu1cksc0pe on your computer. On linux you can use the command:

git clone https://github.com/CYB3RMX/Qu1cksc0pe.git

cd Qu1cksc0pe

Or download the .zip file directly here.

Then install the necessary modules: pip3 install -r requirements.txt. These modules include:

puremagic=> Analyze OS
androguard=> Analyze APK files.
apkid=> Check Obfuscators, Anti-Disassembly, Anti-VM and Anti-Debug.
prettytable=> create a table for the results
tqdm=> Progress bar animation.
colorama=>Color the output
oletools=> Analyze VBA Macros.
pefile=> Collect all information from PE files.
spacy=> Natural language processing for string parsing.
quark-engine=> Extract IP address and URL from APK file.
pyaxmlparser=> Collect information from target APK files.
yara-python=> Scan Android libraries with Yara rules.
capstone=> Decode binary.

Can you provide some more information to make the decompile process better:

Add VirusTotal API Key: https://virustotal.com
Install more Binutils: sudo apt-get install binutils
Install more ExifTool: sudo apt-get install exiftool
Install more Strings: sudo apt-get install strings

The last step is to install Qu1cksc0pe

sudo python3 qu1cksc0pe.py --install

How to use Qu1cksc0pe for malware analysis

To analyze the source code of a file or data to see if it is malicious, copy the file to be analyzed into the same directory of Qu1cksc0pe and use one of the following commands:

Normal analysis:

python3 qu1cksc0pe.py --file filename.exe --analyze

Analyze multiple files at once:

python3 qu1cksc0pe.py --multiple FILE1 FILE2 ...

Hash scan:

python3 qu1cksc0pe.py --file filename --hashscan

Folder scan:

There are 2 parameters:

python3 qu1cksc0pe.py --folder FOLDER --hashscan

VirusTotal:

python3 qu1cksc0pe.py --file suspicious_file --vtFile

Document scan – Analyze text files with malicious code:

python3 qu1cksc0pe.py --file filename_document --docs

Programming language detection – Check language:

python3 qu1cksc0pe.py --file suspicious_executable --lang

Domains:

python3 qu1cksc0pe.py --file suspicious_file --domain