EpicGamesLauncher[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

EpicGamesLauncher.exe
Size

2.9MB
MD5

4255dbc62bbbff3eceb8e18098dc966f
SHA1

3c799a85521731d164a7e63cc04e4650f813d7cd
SHA256

c9c269504065bc47ee9a93ebb23c9c54f9c7231622ec9b2a686f4db1518ba639
SHA512

d312731f27ddf0217d68b3dce807510a9a718cd440613ac2f5deb1cb8ea2fb8f3c679a0e1d9acc3be32bf09248221057aa19038ec8fe423d3e56811b72138ae8
SSDEEP

49152:jKWBmJAznlgKFm1p41zdO2KocWsdW/5MUa2XxUQ/XiumT0XpvfTCfd4F6:EGU41znKoclkn3xUClmTQp4J

Score

1^/10

Malware Config

Signatures

Files

EpicGamesLauncher.exe
.exe windows x86

e6605911aea2245dfcb0b450bc5efc5e

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c8:1d:65:2f:ca:7e:a9:b3:c2:1e:3b:f7:61:7b:8b:ae:5e:4d:b2:5b:a1:9f:95:33:f2:db:af:cc:d8:3f:20:af
Signer

Actual PE Digest

c8:1d:65:2f:ca:7e:a9:b3:c2:1e:3b:f7:61:7b:8b:ae:5e:4d:b2:5b:a1:9f:95:33:f2:db:af:cc:d8:3f:20:af

Digest Algorithm

sha256

PE Digest Matches

true

c2:3a:9f:e7:3c:de:57:c0:51:45:bb:e4:c6:72:b1:26:06:7b:a3:ce
Signer

Actual PE Digest

c2:3a:9f:e7:3c:de:57:c0:51:45:bb:e4:c6:72:b1:26:06:7b:a3:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymGetOptions
SymSetOptions
StackWalk64
SymFunctionTableAccess64
SymGetModuleInfo64
MiniDumpWriteDump
SymGetModuleInfoW64
SymGetModuleBase64
SymGetLineFromAddr64
SymRefreshModuleList
SymFromAddr
SymInitializeW

kernel32

GetFinalPathNameByHandleW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError
GetOverlappedResult
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
GetCurrentProcess
GetCurrentProcessId
ExitProcess
CreateThread
GetCurrentThread
OpenThread
SetThreadPriority
SuspendThread
ResumeThread
GetProcessId
GlobalMemoryStatusEx
GetSystemInfo
VirtualAlloc
VirtualFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetDllDirectoryW
GetDllDirectoryW
ReOpenFile
CopyFileW
MoveFileW
FileTimeToSystemTime
SystemTimeToFileTime
K32EnumProcessModulesEx
K32GetModuleFileNameExW
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Thread32First
Thread32Next
RtlCaptureStackBackTrace
VerSetConditionMask
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetLongPathNameW
GetTempPathW
OutputDebugStringW
SetThreadErrorMode
PeekNamedPipe
FlushFileBuffers
QueryPerformanceFrequency
Sleep
GetProcessTimes
TerminateProcess
GetExitCodeProcess
SwitchToThread
CreateProcessW
GetThreadContext
GetThreadIdealProcessorEx
GetSystemTime
GetFileSizeEx
GetLocalTime
GetVersionExW
GetLogicalProcessorInformationEx
GetNativeSystemInfo
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadLibraryW
GetNumaNodeProcessorMaskEx
SetThreadAffinityMask
FormatMessageW
lstrlenW
VerifyVersionInfoW
GetSystemPowerStatus
GetNumaProcessorNodeEx
GetUserPreferredUILanguages
GetUserDefaultLocaleName
SetErrorMode
GetModuleHandleExA
GetACP
GetLocaleInfoEx
GetDynamicTimeZoneInformation
GetGeoInfoW
GetUserGeoID
LCIDToLocaleName
LocaleNameToLCID
GetNumberFormatEx
GetCurrencyFormatEx
ResolveLocaleName
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetTimeFormatEx
GetDateFormatEx
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
HeapSetInformation
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
QueryPerformanceCounter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetCriticalSectionSpinCount
InitializeCriticalSection
GetCommandLineW
GetFileAttributesExW
GetSystemTimeAsFileTime
GetFileAttributesW
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW

user32

EnumDisplayDevicesW
GetTopWindow
ScreenToClient
MessageBoxW
GetWindowRect
SetWindowTextW
SetForegroundWindow
GetSystemMetrics
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
SetWindowPos
PostQuitMessage
UnregisterHotKey
RegisterHotKey
AllowSetForegroundWindow

gdi32

GetTextExtentPoint32W
DeleteDC
CreateCompatibleDC

advapi32

RegCreateKeyExW
GetUserNameW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoCreateGuid
CoTaskMemFree

msvcp140

_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
_Cnd_broadcast
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Mtx_destroy_in_situ

shlwapi

PathFileExistsW

vcruntime140

memcpy
memmove
__current_exception_context
__current_exception
_except_handler4_common
__std_terminate
__RTDynamicCast
__std_type_info_name
__std_type_info_compare
__RTtypeid
__CxxFrameHandler3
strchr
wcsrchr
strstr
wcschr
strrchr
memset
_purecall
wcsstr

api-ms-win-crt-heap-l1-1-0

malloc
free
realloc
_get_heap_handle
_heapchk
_set_new_mode

api-ms-win-crt-convert-l1-1-0

strtod
_wtoi
wcstod
_wtoi64
_wcstoui64
_wtof
_wcstoi64
atoi
strtol
strtoul
wcstoul

api-ms-win-crt-utility-l1-1-0

rand
qsort
div

api-ms-win-crt-string-l1-1-0

iswalpha
iswxdigit
wcsncmp
strncmp
isspace
strncpy
wcsncpy
iswalnum
strspn
iswspace
iswdigit

api-ms-win-crt-stdio-l1-1-0

fputs
__stdio_common_vfwprintf
__acrt_iob_func
_set_fmode
__stdio_common_vswprintf
__stdio_common_vsprintf
__p__commode

api-ms-win-crt-math-l1-1-0

__setusermatherr
_libm_sse2_tan_precise
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_cos_precise
_libm_sse2_atan_precise
_libm_sse2_asin_precise
_CIatan2
round
trunc
__libm_sse2_logf
_dtest
_CIfmod
_libm_sse2_log_precise
_libm_sse2_pow_precise
floor
_dsign
modf
_isnan
ceil

api-ms-win-crt-runtime-l1-1-0

_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
abort
_c_exit
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
exit
_crt_atexit
terminate
_controlfp_s
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_errno

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

__tzname
_tzset
__timezone

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 617KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 698KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6605911aea2245dfcb0b450bc5efc5e

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

c8:1d:65:2f:ca:7e:a9:b3:c2:1e:3b:f7:61:7b:8b:ae:5e:4d:b2:5b:a1:9f:95:33:f2:db:af:cc:d8:3f:20:afSigner

c2:3a:9f:e7:3c:de:57:c0:51:45:bb:e4:c6:72:b1:26:06:7b:a3:ceSigner

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.uedbg Size: 17KB - Virtual size: 16KB

.rdata Size: 617KB - Virtual size: 617KB

.data Size: 69KB - Virtual size: 698KB

_RDATA Size: 10KB - Virtual size: 9KB

.rsrc Size: 66KB - Virtual size: 66KB

.reloc Size: 96KB - Virtual size: 95KB

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

c8:1d:65:2f:ca:7e:a9:b3:c2:1e:3b:f7:61:7b:8b:ae:5e:4d:b2:5b:a1:9f:95:33:f2:db:af:cc:d8:3f:20:af
Signer

c2:3a:9f:e7:3c:de:57:c0:51:45:bb:e4:c6:72:b1:26:06:7b:a3:ce
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.uedbg
Size: 17KB - Virtual size: 16KB

.rdata
Size: 617KB - Virtual size: 617KB

.data
Size: 69KB - Virtual size: 698KB

_RDATA
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 96KB - Virtual size: 95KB