Qu1cksc0pe: All-in-One static malware analysis tool

Qu1cksc0pe

This tool allows statically analysis Windows, Linux, osx, executables, and also APK files.
You can get:

• What DLL files are used.
• Functions and API.
• Sections and segments.
• URLs, IP addresses, and emails.
• Android permissions.
• File extensions and their names.
  And so on…

Qu1cksc0pe aims to get even more information about suspicious files and helps users realizing what that file capable of.

Information about categories

Registry

This category contains functions and strings about:

• Creating or destroying registry keys.
• Changing registry keys and registry logs.

File

This category contains functions and strings about:

• Creating/changing/infecting/deleting files.
• Getting information about file contents and file systems.

Networking/Web

This category contains functions and strings about:

• Communicating malicious hosts.
• Download malicious files.
• Sending information about the infected machine and its user.

Process

This category contains functions and strings about:

• Creating/infecting/terminating processes.
• Manipulating processes.

Dll/Resource Handling

This category contains functions and strings about:

• Handling DLL files and other malware resource files.
• Infecting and manipulating DLL files.

Evasion/Bypassing

This category contains functions and strings about:

• Manipulating Windows security policies and bypassing restrictions.
• Detecting debuggers and doing evasive tricks.

System/Persistence

This category contains functions and strings about:

• Executing system commands.
• Manipulating system files and system options to get persistence in target systems.

COMObject

This category contains functions and strings about:

• Microsoft’s Component Object Model system.

Cryptography

This category contains functions and strings about:

• Encrypting and decrypting files.
• Creating and destroying hashes.

Information Gathering

This category contains functions and strings about:

• Gathering all information from target hosts. Like process states, network devices, etc.

Keyboard/Keylogging

This category contains functions and strings about:

• Tracking infected machine’s keyboard.
• Gathering information about targets keyboard.
• Managing input methods etc.

Memory Management

This category contains functions and strings about:

• Manipulating and using target machines memory.

Changelog

10/06/2023

•  WindowsAnalyzer module is upgraded. Added basic detection capability for detecting PsExec, Rubeus, Mimikatz binaries.
•  Added basic detection capability for detecting interesting strings(like filenames etc.)

Install & Use

Copyright (C) 2021 CYB3RMX