This looks fishy. That tool, among a number of others are all listed on
https://androidmtk.com/download-qpst-flash-tool (scroll down to section “Alternative Qualcomm Flash Tool”
they all have different names, they all claim to be able to flash firmware for “any qualcomm chipset” - they all call it “download” when really they mean flashing a firmware onto the device, and they are all shady windows programs from shady webpages with zero other content.
I downloaded one of those zip files. automatic virus analysis failed because (what a surprise) the zip its password protected (with the password written on the webpage in cleartext) hindering automatic analysis
I went to the trouble and unzipped it, extracted the files from the msi installer and sent them to virustotal. No known malware was detected, but the heuristics went bonkers:
TL;DR don’t dare installing and executing that stuff unless you do it on a virtual machine running on a RAM disk on a battery powered raspberry in a sealed room with lead walls, and burn it afterwards. Connect your phone at your own risk, especially if its unlocked. If the malware is any good, it might actually install itself on your phone.
Edit: After snooping a bit more in the contents, it looks like there is some actual qualcomm tools in there, but they are from 2015 and likely don’t support the newer chips like the 632, so don’t get your hopes up too high.
Edit2: Since I didn’t want to upload every single file to virustotal for checking i re-zipped the unpacked folder (without password) these are the results:
while nothing specific has been found, I have to say, this does not look safe