error: externally-managed-environment

× This environment is externally managed
╰─> To install Python packages system-wide, try 'pacman -S
python-xyz', where xyz is the package you are trying to
install.

If you wish to install a non-Arch-packaged Python package,
create a virtual environment using 'python -m venv path/to/venv'.
Then use path/to/venv/bin/python and path/to/venv/bin/pip.

If you wish to install a non-Arch packaged Python application,
it may be easiest to use 'pipx install xyz', which will manage a
virtual environment for you. Make sure you have python-pipx
installed via pacman.

note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.

how do i use qu1cksc0pe to analyze linux binaries dynamically?

Description:
The VirusTotal JSON output includes suggested_threat_label and popular_threat_name. Please include them in the VTfile output.

Example JSON (VT sample: 7f055dc25a72381ef7b03cc8563c4b3e411e622eb089285eaa639a3a2b6d3c5f):

            "popular_threat_classification": {
                "suggested_threat_label": "trojan.msil/msilzilla",
                "popular_threat_category": [
                    {
                        "count": 25,
                        "value": "trojan"
                    },
                    {
                        "count": 3,
                        "value": "dropper"
                    }
                ],
                "popular_threat_name": [
                    {
                        "count": 9,
                        "value": "msil"
                    },
                    {
                        "count": 6,
                        "value": "msilzilla"
                    },
                    {
                        "count": 2,
                        "value": "fareit"
                    }
                ]
            },

I chose "Potential Threat Label" in the output rather than "Suggested".
Example output:

[*] Potential Threat Label: trojan.msil/msilzilla
+-------------------+-------+
| Threat Categories | Count |
+-------------------+-------+
|       trojan      |   25  |
|      dropper      |   3   |
+-------------------+-------+
+--------------+-------+
| Threat Names | Count |
+--------------+-------+
|     msil     |   9   |
|  msilzilla   |   6   |
|    fareit    |   2   |
+--------------+-------+

Diff to implement

-        # Threat Categories
-        threatTable = PrettyTable()
-        threatTable.field_names = [f"{green}Threat Categories{white}"]
         if "data" in parser.keys():
             if "popular_threat_classification" in parser["data"]["attributes"].keys():
-                for th in range(0, len(parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_category"])):
-                    threatTable.add_row([f'{red}{parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_category"][th][0]}{white}'])
+                if "suggested_threat_label" in parser["data"]["attributes"]["popular_threat_classification"].keys():
+                    print(f"\n{infoS} Potential Threat Label: " + f'{red}{parser["data"]["attributes"]["popular_threat_classification"]["suggested_threat_label"]}{white}')
+
+                # Threat Categories
+                threatTable = PrettyTable()
+                threatTable.field_names = [f"{green}Threat Categories{white}",f"{green}Count{white}"]
+                if "popular_threat_category" in parser["data"]["attributes"]["popular_threat_classification"].keys():
+                    for th in range(0, len(parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_category"])):
+                        threatTable.add_row([f'{red}{parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_category"][th]["value"]}{white}',f'{red}{parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_category"][th]["count"]}{white}'])
                 print(threatTable)
         
+                # Threat Names
+                nameTable = PrettyTable()
+                nameTable.field_names = [f"{green}Threat Names{white}",f"{green}Count{white}"]
+                if "popular_threat_name" in parser["data"]["attributes"]["popular_threat_classification"].keys():
+                    for th in range(0, len(parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_name"])):
+                        nameTable.add_row([f'{red}{parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_name"][th]["value"]}{white}',f'{red}{parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_name"][th]["count"]}{white}'])
+                print(nameTable)
+

Already left you a few PRs, just to demo the kinds of things I'd start off my work with. Just let me know what you think of them once you have time to review. If you prefer doing things "your way" and don't want the additional contributions, just let me know, no hard feelings, that's why I started off with very small changes instead of directly jumping into the deep end.

Hey @CYB3RMX,

I appreciate your work on this project. I like what I'm seeing in terms of actual functionality, quite a holistic set of analysis features/file scanning capabilities you've built up here over the years! We use it at my org (as part of a set of lots of other, diverse analysis tooling) and I'd like to personally give back a bit by contributing in my spare time.

Think of the changes in this PR (and the ones I've already submitted, as well as further ones I might sent through the course of tonight) as just a small sample representing the kinds of changes I'd like to apply.

I'm a bit nitpicky when it comes to (Python) code and would also like to take care of typos as well as moving the codebase towards PEP 8 compliance (I'm not a complete stickler when it comes to PEP8 in particular, but let's at least get the simpler things right, such as moving variable and module names from inconsistent naming schemes/camelCase towards snake_case). However, since you're ultimately in charge here, if you tell me that I should ignore that kinda stuff upfront, I am happy to respect that and will try to let it go ^^

I hope you're open to me proposing changes, as I feel like your project could benefit from them (see below). If you are on board with me trying to improve this project, I have a lot more on my mind, e.g.:

Quality:

• better interactions with the system by using stdlib functions over subprocesses/subshells (this also improves security a bit)
• generally reducing the size of the codebase/making it less verbose by consolidating duplicated code and possibly rearchitecting some things
• introducing automated testing, specifically unit tests, at least in the places that could benefit the most from them (e.g. maybe for some of the more "fiddly" analysis modules?)
• focus on more defensive coding and generally try to safeguard the program against abuse/make it less susceptible to evasion techniques?

Usability:

• improving error handling on a broader scope (follow up with commits for qu1cksc0pe.py, then continue beyond the main module)
• make the code more platform agnostic (where possible, besides the given limitations)

Extensions (I work as a Security Analyst at my day job so I might have some stuff to offer when it comes to the analysis-specific parts of the code):

• adding new/improving/extending existing analysers

Performance:

• at first glance, I did not see anything of particular concern, but maybe assembling a test set of representative samples (whatever that means) and performing a profiling run is in the cards? (again, maybe .. in the long run, not an immediate priority)

I know the plan might seem overly ambitious/big but I'll take it slow in small steps, can't commit to working on this every single weekend but I do have some time I'd like to invest here and I really think I can achieve at least a good portion of the goals listed above given some time over the coming months and a bit of support in terms of reviews from your side.

Looking forward to working with you (:
Obviously no need to rush any reviews, nothing of this is particularly urgent and I'll adjust to your pace

idk i install al requeriments

When i try to run bash setup.py on my virtual environment, i get this error.
Could not find a version that satisfies the requirement yara-python-dex>=1.0.1 (from apkid->-r requirements.txt (line 3)) (from versions: none)

processing buffer... ━━━━━╺━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 13% -:--:--
Traceback (most recent call last):
File "/home/yash/Downloads/Qu1cksc0pe/Modules/sigChecker.py", line 217, in
sig_check = SignatureChecker(target_file=sys.argv[1])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/yash/Downloads/Qu1cksc0pe/Modules/sigChecker.py", line 58, in init
self.pumped_file_carver()
File "/home/yash/Downloads/Qu1cksc0pe/Modules/sigChecker.py", line 174, in pumped_file_carver
exec_size = self.parse_pe_size(buffer_read)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/yash/Downloads/Qu1cksc0pe/Modules/sigChecker.py", line 205, in parse_pe_size
size_of_image = struct.unpack('<L', pe_data[size_of_image_offset:size_of_image_offset + 4])[0]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Description:
MacOS (at least 11.6) puts user directories into /Users instead of /home. Additionally, the "strings" command on MacOS 11.6 doesn't support long options, so it needs to use "-a" instead of "--all".

Example fixes:

     if args.file:
         if os.path.exists(args.file):
-            command = f"strings --all {args.file} > temp.txt"
-            os.system(command)
+            if sys.platform == "darwin":
+                command = f"strings -a {args.file} > temp.txt"
+                os.system(command)
+            else:
+                command = f"strings --all {args.file} > temp.txt"
+                os.system(command)

+            home=f"/home"
+            if sys.platform == "darwin":
+                home=f"/Users"
+
             try:
-                directory = f"/home/{username}/sc0pe_Base/sc0pe_VT_apikey.txt"
+                directory = f"{home}/{username}/sc0pe_Base/sc0pe_VT_apikey.txt"

The home directory is set in 4 places in qu1cksc0pe.py and 3 places in Modules/hashScanner.py:

qu1cksc0pe.py:284:                directory = f"/home/{username}/sc0pe_Base/sc0pe_VT_apikey.txt"
qu1cksc0pe.py:340:            if os.path.exists(f"/home/{username}/sc0pe_Base/"):
qu1cksc0pe.py:343:                os.system(f"mkdir /home/{username}/sc0pe_Base/")
qu1cksc0pe.py:346:            apifile = open(f"/home/{username}/sc0pe_Base/sc0pe_VT_apikey.txt", "w")
Modules/hashScanner.py:55:if os.path.exists(f"/home/{username}/sc0pe_Base/"):
Modules/hashScanner.py:58:    os.system(f"mkdir /home/{username}/sc0pe_Base/")
Modules/hashScanner.py:61:install_dir = f"/home/{username}/sc0pe_Base"

hey can anyone help me out in this ?
i run the command bash setup.sh but its not installing sc0pe_helper module .due to which I'm unable to excute quicksc0pe.py
i also tried to install this as a separate python package but i did not fine any python package named as scope_helper.

how i can resolve this issue?

When you install apkid module via pip on kali linux pip installs apkid to /home/kali/.local/bin by default. If you encounter this error do this following command to solve the error:

• sudo cp /home/kali/.local/bin/apkid /usr/bin/

I installed the latest version of Qu1cksc0pe this evening. Previous versions worked fine, but when I tried to analyze a Windows PE32 file I got "Error: >pythonnet< module not found."
I have run the setup.sh script and no errors were noted during the setup.

mr@box:~/repos/Qu1cksc0pe$ pip3 install puremagic
Requirement already satisfied: puremagic in /home/mr/.local/lib/python3.8/site-packages (1.11)
mr@box:~/repos/Qu1cksc0pe$ sudo python3 qu1cksc0pe.py --install
Error: >puremagic< module not found.

I ran the requirements installer and it was successful. And I tried installing it manually as shown above. I don't know all that much about python, but the qu1cksc0pe.py file looks like it's just trying to do a simple import puremagic so I don't know why it isn't finding it. This is on WSL Ubuntu.

I can run quickscope manually without installing just fine.

How to add virustotal api key? because when i add one using --key_init argument

qu1cksc0pe --key_init

qu1cksc0pe: error: unrecognized arguments:

it says qu1cksc0pe: error: unrecognized arguments

On "Setup and Installation" section, it says that to use the Docker image, have to run the command:
docker build qu1cksc0pe .

But it returns the following:

ERROR: "docker buildx build" requires exactly 1 argument.
See 'docker buildx build --help'.

Usage: docker buildx build [OPTIONS] PATH | URL | -

Start a build

So, I had to run the command:
docker build .

Which returned the following:

[+] Building 1.4s (12/15) docker:default
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 713B 0.0s
=> [internal] load metadata for docker.io/library/ubuntu:latest 0.8s
=> [ 1/11] FROM docker.io/library/ubuntu:latest@sha256:2b7412e6465c3c7fc5bb21d3e6f1917c167358449fecac8176c6e496e 0.0s
=> [internal] load build context 0.1s
=> => transferring context: 20.08kB 0.0s
=> CACHED [ 2/11] RUN apt update && apt install -y curl wget git binutils sudo unzip python3 python3-pip mono-co 0.0s
=> CACHED [ 3/11] RUN pip3 install setuptools wheel pythonnet pycryptodome python-magic 0.0s
=> CACHED [ 4/11] WORKDIR /app 0.0s
=> CACHED [ 5/11] COPY . . 0.0s
=> CACHED [ 6/11] RUN chmod +x qu1cksc0pe.py setup.sh 0.0s
=> CACHED [ 7/11] RUN ln -s /root /home/root 0.0s
=> ERROR [ 8/11] RUN ./setup.sh 0.5s
------
> [ 8/11] RUN ./setup.sh:
0.428 /bin/sh: 1: ./setup.sh: not found
------
Dockerfile:17
--------------------
15 | RUN chmod +x qu1cksc0pe.py setup.sh
16 | RUN ln -s /root /home/root
17 | >>> RUN ./setup.sh
18 | RUN wget https://raw.githubusercontent.com/CYB3RMX/MalwareHashDB/main/HashDB -O /home/root/sc0pe_Base/HashDB
19 |
--------------------
ERROR: failed to solve: process "/bin/sh -c ./setup.sh" did not complete successfully: exit code: 127

These steps were done on Windows 10 with Docker v4.24.0

I get this error while analyzing process dump help me!

When executing qu1cksc0pe in order to analyze document files (--doc argument) qu1cksc0pe's nonExecAnalyzer module is used to initiate VBA Macro retrieval.

Problem gets here

Once olevba tool gets instantiated as vbaparser a non existing property (contains_macros) gets called causing an Exception therefore get this error "An error occured while parsing that file for macro scan"
Solution seems to replace contains_macro by contains_vba_macros.

This is the final output (once the problem is solved)

Issue Title: Report flag has no effect

Description:
The report flag seems to have no effect when attempting to export a JSON report using the following command:

python qu1cksc0pe.py --file exefile --analyze --report

Steps to Reproduce:

1. Run the specified command with the --file and --report flags.

Expected Behavior:
A JSON report should be generated as expected.

Actual Behavior:
No report is generated, indicating that the report flag has no effect.

I have solved the issue by commenting out line 131 in winAnalyzer.py.

I have installed the package manually still same error is showing

@CYB3RMX

I tried to debug it but can't able to solve the issue hope you will help into it.
I am attaching the error I faced while running the script .

Error

Traceback (most recent call last):
File "/opt/Qu1cksc0pe/Modules/winAnalyzer.py", line 359, in
Analyzer()
File "/opt/Qu1cksc0pe/Modules/winAnalyzer.py", line 276, in Analyzer
pe = pf.PE(fileName)
^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/pefile.py", line 2895, in init
self.parse(name, data, fast_load)
File "/usr/local/lib/python3.11/dist-packages/pefile.py", line 3031, in parse
raise PEFormatError("DOS Header magic not found.")
pefile.PEFormatError: 'DOS Header magic not found.'
Error in sys.excepthook:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 72, in apport_excepthook
from apport.fileutils import likely_packaged, get_recent_crashes
File "/usr/lib/python3/dist-packages/apport/init.py", line 5, in
from apport.report import Report
File "/usr/lib/python3/dist-packages/apport/report.py", line 32, in
import apport.fileutils
File "/usr/lib/python3/dist-packages/apport/fileutils.py", line 12, in
import os, glob, subprocess, os.path, time, pwd, sys, requests_unixsocket
File "/usr/lib/python3/dist-packages/requests_unixsocket/init.py", line 1, in
import requests
File "/usr/lib/python3/dist-packages/requests/init.py", line 95, in
from urllib3.contrib import pyopenssl
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 46, in
import OpenSSL.SSL
File "/usr/lib/python3/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1553, in
class X509StoreFlags(object):
File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1573, in X509StoreFlags
CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

Original exception was:
Traceback (most recent call last):
File "/opt/Qu1cksc0pe/Modules/winAnalyzer.py", line 359, in
Analyzer()
File "/opt/Qu1cksc0pe/Modules/winAnalyzer.py", line 276, in Analyzer
pe = pf.PE(fileName)
^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/pefile.py", line 2895, in init
self.parse(name, data, fast_load)
File "/usr/local/lib/python3.11/dist-packages/pefile.py", line 3031, in parse
raise PEFormatError("DOS Header magic not found.")
pefile.PEFormatError: 'DOS Header magic not found.'

Hope it will get sorted , or is anything from my side changes need to be done let me know I am using WLS 20.04.6 WLS. Even I tried on my kali linux virtual issue was same . Even I tried re-install the tool it was giving same issue :')

Description:
The JSON output from VirusTotal appears to have changed, breaking the threatTable report and the VTwrapper as a whole.

Output:

[*] Sending query to VirusTotal API...
[*] Parsing the scan report...

Traceback (most recent call last):
  File ".../Qu1cksc0pe/Modules/VTwrapper.py", line 159, in <module>
    ReportParser()
  File ".../Qu1cksc0pe/Modules/VTwrapper.py", line 92, in ReportParser
    threatTable.add_row([f'{red}{parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_category"][th][0]}{white}'])
KeyError: 0

This occurs with a freshly cloned copy of this repo.

JSON output from VirusTotal:

{
    "data": {
        "attributes": {
...
            "popular_threat_classification": {
                "suggested_threat_label": "downloader.emeka/w97m",
                "popular_threat_category": [
                    {
                        "count": 18,
                        "value": "downloader"
                    },
                    {
                        "count": 17,
                        "value": "trojan"
                    }
                ],
                "popular_threat_name": [
                    {
                        "count": 7,
                        "value": "emeka"
                    },
                    {
                        "count": 5,
                        "value": "w97m"
                    },
                    {
                        "count": 4,
                        "value": "macro"
                    }
                ]
            },
...

This results in the popular_threat_category section being represented as:

[{'count': 25, 'value': 'trojan'}, {'count': 3, 'value': 'dropper'}]

Which means that parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_category"][th][0] is invalid, since th is a dictionary, rather than a list.

Diff (fixes the indexing issue and adds a table column for the count):

--- a/Modules/VTwrapper.py
+++ b/Modules/VTwrapper.py
@@ -85,11 +85,11 @@ def ReportParser():
 
         # Threat Categories
         threatTable = PrettyTable()
-        threatTable.field_names = [f"{green}Threat Categories{white}"]
+        threatTable.field_names = [f"{green}Threat Categories{white}",f"{green}Count{white}"]
         if "data" in parser.keys():
             if "popular_threat_classification" in parser["data"]["attributes"].keys():
                 for th in range(0, len(parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_category"])):
-                    threatTable.add_row([f'{red}{parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_category"][th][0]}{white}'])
+                    threatTable.add_row([f'{red}{parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_category"][th]["value"]}{white}',f'{red}{parser["data"]["attributes"]["popular_threat_classification"]["popular_threat_category"][th]["count"]}{white}'])
                 print(threatTable)
         
         # Detections

I ran setup.sh in WSL in windows 11 and got this error:

/home/mulletgoneviral/Downloads/opt/pyexiftool/setup.py:17: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives
from distutils.core import setup
Traceback (most recent call last):
File "/home/mulletgoneviral/Downloads/opt/pyexiftool/setup.py", line 17, in
from distutils.core import setup

I also get this error:

cp: cannot stat 'Modules/lib/sc0pe_helper.py': No such file or directory

I checked the setup.sh file and cannot see where sc0pe_helper.py gets installed, is this error related to the previous one?

Hello,
Using linux/arm64 I get Error: >pygore< module not found. when analyzing an AMD64 ELF GO binary. Pygore is properly installed.

Also, FYI when using Docker image on the same platform, cmake is missing from the required packages. I may do a PR in the future but my platform is not mature enough to make Qu1cksc0pe work (M1 Mac, using Kali ARM -- building a linux/amd64 Docker image using Rosetta throws an error when installing Mono).

Any idea would be appreciated, I'm so hyped by your project !
Thanks,
T.

Hello,

I updated Qu1cksc0pe today after quite some time on an older version. I downloaded the latest, ran setup.sh and then sudo python3 qu1cksc0pe.py --install. The install seems to go well but when trying to run qu1cksc0pe I get the following output:

bash: /usr/bin/qu1cksc0pe: cannot execute: required file not found

I have tried uninstalling and reinstalling without success. If I just run python ./qu1cksc0pe.py it seems work normally, but the installed version will not work. I'm unsure how to troubleshoot this further.

Hey Team!!

I am trying to utilize this project and am struggling with implementing the docker version of this tool in my lab. I am unsure what I am doing wrong here, but clearly docker cannot see where I have pulled the code base to. I have listed below what I believe is relevant. Please ask if you need any more info!

As an aside, I love this tool. Great work is being done here!!!

Steps to reproduce:

• Fresh Ubuntu LTS VM built and configured for docker containers
• git clone https://github.com/CYB3RMX/Qu1cksc0pe.git
• cd Qu1cksc0pe
• sudo docker build -t qu1cksc0pe .
• sudo docker run -it --rm -v $(pwd):/data qu1cksc0pe:latest --file /data/requirements.txt --docs

Error Log:

~/Qu1cksc0pe$ sudo docker run -it --rm -v $(pwd):/data qu1cksc0pe:latest --file /data/requirements.txt --docs
exec /app/qu1cksc0pe.py: no such file or directory

The analysis on the code base's own requirement.txt may not work, but I am unable to even get to the point where the container would throw that error. It will not even run to begin with. I have made it function with only the python install, but my lab would benefit from this being something that I could containerize. Thanks for your help in advance!!!

Not sure how much of an issue this is but I was working on a file after building the docker image and found that adding bs4 to requirements.txt got the analysis done.

docker run -it --rm -v $(pwd):/data qu1cksc0pe:latest --file /data/suspect.docx --docs
Granted, I'm aware that this is an unsupported file but my qu1cksc0pe image was running fine but spit out.

raceback (most recent call last):
  File "/app/Modules/document_analyzer.py", line 14, in <module>
    from bs4 import BeautifulSoup
ModuleNotFoundError: No module named 'bs4'

So I removed the already built docker, added bs4 to requirements.txt, and rebuilt and all was fine again.

Not sure if there are other requirements missing?

hello, i get an error when i want to use.

my command to install:
git clone https://github.com/CYB3RMX/Qu1cksc0pe.git
bash setup.sh
sudo python qu1cksc0pe.py --install

error:
Error: >rich< module not found.

Requirement already satisfied: rich in /home/ben/.local/lib/python3.11/site-packages (from -r requirements.txt (line 4)) (13.7.0)

ben@BEN:~/Qu1cksc0pe$ python --version
Python 3.11.1

Linux BEN 5.15.133.1-microsoft-standard-WSL2 #1 SMP Thu Oct 5 21:02:42 UTC 2023 x86_64 GNU/Linu
DEBIAN 11.6

When running code for Windows Dynamic analysis, seems the script is looking for the file to be present at '/Qu1cksc0pe-master/Systems/Windows/x86_windows' instead elsewhere. I then place the file in there and emulator still goes wrong. What shall be done?

python qu1cksc0pe.py --file malware.exe --watch

Error:

[x] 	'malware.exe' is not in the subpath of '/home/linux/Desktop/Qu1cksc0pe-master/Systems/Windows/x86_windows' OR one path is relative and the other is absolute.
Traceback (most recent call last):
  File "/home/linux/.local/lib/python3.9/site-packages/qiling/os/windows/windows.py", line 193, in hook_winapi
    api_func(ql, address, api_name)
  File "/home/linux/.local/lib/python3.9/site-packages/qiling/os/windows/fncc.py", line 26, in wrapper
    return ql.os.call(pc, func, params, onenter, onexit, passthru=passthru)
  File "/home/linux/.local/lib/python3.9/site-packages/qiling/os/os.py", line 187, in call
    targs, retval, retaddr = self.fcall.call(func, proto, args, onenter, onexit, passthru)
  File "/home/linux/.local/lib/python3.9/site-packages/qiling/os/fcall.py", line 159, in call
    retval = func(ql, pc, params)
  File "/home/linux/.local/lib/python3.9/site-packages/qiling/os/windows/dlls/kernel32/libloaderapi.py", line 110, in hook_GetModuleFileNameA
    return __GetModuleFileName(ql, address, params, wide=False)
  File "/home/linux/.local/lib/python3.9/site-packages/qiling/os/windows/dlls/kernel32/libloaderapi.py", line 88, in __GetModuleFileName
    vpath = ql.os.path.host_to_virtual_path(hpath)
  File "/home/linux/.local/lib/python3.9/site-packages/qiling/os/path.py", line 273, in host_to_virtual_path
    virtpath = self._cwd_anchor / resolved.relative_to(self._rootfs_path)
  File "/usr/lib/python3.9/pathlib.py", line 928, in relative_to
    raise ValueError("{!r} is not in the subpath of {!r}"
ValueError: 'malware.exe' is not in the subpath of '/home/linux/Desktop/M-Analysis/Qu1cksc0pe-master/Systems/Windows/x86_windows' OR one path is relative and the other is absolute.
[!] An error occurred while performing x86 emulation.