URLhaus Database

You are currently viewing the URLhaus database entry for http://down.qqfarmer.com.cn/QQHelper_1540.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3134371
URL: http://down.qqfarmer.com.cn/QQHelper_1540.exe
URL Status:flame Online (spreading malware for 1 year, 9 month, 6 days, 1 hours, 53 minutes)
Host: down.qqfarmer.com.cn
Date added:2024-08-29 14:15:02 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Not blocked
Reporter: SynapticShaam
Abuse complaint sent (?): Yes (2026-05-14 13:40:25 UTC to anti-spam{at}chinatelecom[dot]cn)
Tags:AZORult link exe

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-05-01QQHelper_1540.exeexe 4900bf4dbb5b8b62f232f1748cb1c41e1c9486385e4cba31796c7d9dd61fe6c0n/a 
2025-04-17QQHelper_1540.exeexe ce98d9fee4bbde3b245fc5a2967b1ae959e83d6e30bd21f4deee6ef0385757b7n/a 
2025-03-15n/aexe 060ab0949a9babb536a1858c1145ecf7a86c30b7ab28348f3ef48cd7b9c13498n/a 
2025-03-14n/aexe 32705440d258d0df1d6c440ad88160b496d909272353a8aea5e25599a0c25d8cn/a 
2025-01-25n/aexe ecca5fba5ed62e9745db14b966bd8c3aadd73b5a77376176146c373f6d78a93fn/a 
2025-01-25n/aexe 9413e3a4a582f5f99e5b913ddabc132a5f5ede7a7d595e1e9230dfa053303bf6n/a 
2024-11-30n/aexe 5096c6becd338f3afc2c7a29124a78745bc188663746861de0fc0a7b5dcd5546n/a 
2024-08-29n/aexe 4f91f9c5d3baf612a1920ae8b2c49a1ee9850d018e308f8e65184a9046138658Virustotal results 20.27%AZORult