This tool allows you to statically analyze Windows, Linux, OSX executables and APK files.
You can get:
Qu1cksc0pe aims to get even more information about suspicious files and helps user realize what that file is capable of.
Usage
python3 qu1cksc0pe.py --file suspicious_file --analyze
Setup
Necessary python modules:
puremagic
=> Analyzing target OS and magic numbers.androguard
=> Analyzing APK files.apkid
=> Check for Obfuscators, Anti-Disassembly, Anti-VM and Anti-Debug.prettytable
=> Pretty outputs.tqdm
=> Progressbar animation.colorama
=> Colored outputs.oletools
=> Analyzing VBA Macros.pefile
=> Gathering all information from PE files.quark-engine
=> Extracting IP addresses and URLs from APK files.pyaxmlparser
=> Gathering informations from target APK files.yara-python
=> Android library scanning with Yara rules.prompt_toolkit
=> Interactive shell.Installation of python modules: pip3 install -r requirements.txt
Gathering other dependencies:
https://virustotal.com
sudo apt-get install binutils
sudo apt-get install exiftool
sudo apt-get install strings
Alert
You must specify jadx binary path in Systems/Android/libScanner.conf
[Rule_PATH]
rulepath = /Systems/Android/YaraRules/
[Decompiler]
decompiler = JADX_BINARY_PATH <-- You must specify this.
Installation
sudo pip3 install -r requirements.txt
sudo python3 qu1cksc0pe.py --install
Scan arguments
Normal analysis
Usage: python3 qu1cksc0pe.py --file suspicious_file --analyze
Multiple analysis
Usage: python3 qu1cksc0pe.py --multiple FILE1 FILE2 ...
Hash scan
Usage: python3 qu1cksc0pe.py --file suspicious_file --hashscan
Folder scan
Supported Arguments:
--hashscan
--packer
Usage: python3 qu1cksc0pe.py --folder FOLDER --hashscan
VirusTotal
Report Contents:
Threat Categories
Detections
CrowdSourced IDS Reports
Usage for –vtFile: python3 qu1cksc0pe.py --file suspicious_file --vtFile
Document scan
Usage: python3 qu1cksc0pe.py --file suspicious_document --docs
Programming language detection
Usage: python3 qu1cksc0pe.py --file suspicious_executable --lang
Interactive shell
Usage: python3 qu1cksc0pe.py --console
Domain
Usage: python3 qu1cksc0pe.py --file suspicious_file --domain
Informations about categories
Registry
This category contains functions and strings about:
File
This category contains functions and strings about:
Networking/Web
This category contains functions and strings about:
Process
This category contains functions and strings about:
Dll/Resource Handling
This category contains functions and strings about:
Evasion/Bypassing
This category contains functions and strings about:
System/Persistence
This category contains functions and strings about:
COMObject
This category contains functions and strings about:
Cryptography
This category contains functions and strings about:
Information Gathering
This category contains functions and strings about:
Keyboard/Keylogging
This category contains functions and strings about:
Memory Management
This category contains functions and strings about:
Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment