EPIKAAAA[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EPIKAAAA.exe
Size

3.3MB
MD5

30e8074a5985ae435c92295b883eedab
SHA1

19c019415b88da9720a768f0980e2b6df105e9ab
SHA256

d6f630ef4b6d991f2a71e7b104284f8d411f4a9b49fc88dfd0cebea9442e94de
SHA512

7c4142dc824f4d1efdd7e99947112997f2b5605d42c34b6a8228da3aaa5abfa272764a9d101632c561ffa00cbc607f2cf5a7bcd471ffa24f8ca82a445b5b011d
SSDEEP

24576:yBGH/zBET17wS2iU7vvHG1D7mVlFJmfpTHIv9q9CHrBohCGZZX+AsMXrvrwzxP3t:yQ/uT1n2iWv/GFfwq9crBKcBRo4MCd

Score

1^/10

Malware Config

Signatures

Files

EPIKAAAA.exe
.exe windows:5 windows x86 arch:x86

82d957a17da5b76fafad5813aad808e0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:8d:07:d8:de:aa:af:83:25:d5:2a:b0:59:5b:ba:3f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/10/2017, 00:00

Not After

18/01/2019, 23:59

Subject

CN=Kings Information & Network Co.\, Ltd.,O=Kings Information & Network Co.\, Ltd.,L=Hanamsi,ST=Gyeonggido,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:53:60:96:ed:fe:27:fc:ec:06:df:59:29:d3:9a:62
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/09/2017, 00:00

Not After

21/09/2018, 23:59

Subject

SERIALNUMBER=220-81-63160,CN=Kings Information & Network Co.\, Ltd.,O=Kings Information & Network Co.\, Ltd.,L=Hanam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130848616e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a3:ca:9b:62:7d:a1:2c:c9:ab:6e:06:27:19:8d:75:4c:6f:20:aa:e5:d0:62:73:45:a0:34:a9:cb:72:e9:50:63
Signer

Actual PE Digest

a3:ca:9b:62:7d:a1:2c:c9:ab:6e:06:27:19:8d:75:4c:6f:20:aa:e5:d0:62:73:45:a0:34:a9:cb:72:e9:50:63

Digest Algorithm

sha256

PE Digest Matches

true

37:76:00:aa:7f:60:f1:57:3e:0f:19:d7:98:69:c0:37:c5:fc:9e:94
Signer

Actual PE Digest

37:76:00:aa:7f:60:f1:57:3e:0f:19:d7:98:69:c0:37:c5:fc:9e:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\solution\Release\kdfmgr.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
PathAppendA
PathAddExtensionA
PathStripToRootA
PathStripToRootW
PathAppendW

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoA

uxtheme

SetWindowTheme

kernel32

CopyFileA
DeleteFileA
CopyFileExA
GetModuleHandleA
CreateFileA
LoadLibraryA
GetVersionExA
GetModuleHandleExA
GetModuleFileNameA
GetModuleFileNameW
GetWindowsDirectoryA
GetSystemWow64DirectoryA
GetSystemWow64DirectoryW
IsDebuggerPresent
OutputDebugStringW
GetCurrentProcessId
DeleteCriticalSection
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
WaitForSingleObject
GetSystemInfo
GlobalMemoryStatusEx
GetSystemDefaultLangID
GetUserDefaultLangID
OpenMutexA
GetCurrentThreadId
SetCurrentDirectoryA
DeviceIoControl
SleepEx
ExitThread
OpenProcess
GetVersion
CreateThread
CreateEventA
SetThreadPriority
SetEvent
GetPrivateProfileStringW
GetTickCount
ReleaseMutex
TerminateProcess
CreateMutexA
LocalFree
GetSystemDirectoryA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
GetHandleInformation
LCMapStringW
CompareStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetStdHandle
GetProcessHeap
HeapSize
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
AreFileApisANSI
GetModuleHandleExW
ExitProcess
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
RtlUnwind
RaiseException
HeapAlloc
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
LoadLibraryExW
DecodePointer
EncodePointer
IsProcessorFeaturePresent
GetFileAttributesExW
LoadLibraryW
DeleteFileW
ReadConsoleW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
GetModuleHandleW
Sleep
GetWindowsDirectoryW
CloseHandle
GetLastError
WriteFile
CreateFileW
SetFileAttributesW
GetFileAttributesW
SizeofResource
LockResource
LoadResource
FindResourceA
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
FlushFileBuffers
HeapReAlloc
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
ReadFile
IsWow64Process

user32

GetKeyState
DispatchMessageA
TranslateMessage
GetMessageA
LoadStringA
LoadStringW
DefWindowProcA
PostQuitMessage
EnumChildWindows
ReplyMessage
InSendMessage
GetGUIThreadInfo
wsprintfA
SetDlgItemTextW
DestroyWindow
DestroyMenu
SystemParametersInfoA
GetKeyboardState
ToAscii
SendInput
MapVirtualKeyExA
GetKeyboardLayout
MapVirtualKeyA
GetWindowTextA
GetWindow
GetWindowTextW
SendMessageW
UnregisterClassA
TrackPopupMenu
SetForegroundWindow
CheckMenuItem
BeginPaint
GetSubMenu
LoadMenuA
CreateDialogParamA
IsWindow
GetAsyncKeyState
GetCursorPos
ReleaseDC
GetDC
GetWindowRect
KillTimer
GetClassNameW
SetTimer
UpdateWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
FindWindowA
GetPropW
ShowWindow
EndDialog
RemovePropW
SetPropW
SetWindowPos
SendMessageA
GetClientRect
SetParent
SetWindowTextA
GetDlgItem
DialogBoxParamW
GetWindowThreadProcessId
LoadImageW
wsprintfW
LoadImageA
DestroyIcon
MessageBoxW
GetClassNameA
GetForegroundWindow
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
EndPaint
FindWindowExA
AppendMenuA
PostMessageA

gdi32

SelectObject
GetObjectA
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap
GetDeviceCaps

advapi32

RegCreateKeyExA
ControlService
StartServiceA
ChangeServiceConfigA
OpenServiceA
CreateServiceA
OpenSCManagerA
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegCloseKey
GetCurrentHwProfileA
RegOpenKeyExA
GetSecurityDescriptorSacl
RegSetValueExA
RegFlushKey
RegDeleteValueA

shell32

Shell_NotifyIconW
SHGetFolderPathA
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoInitializeEx

imm32

ImmGetDefaultIMEWnd

Exports

Exports

DelAll_KSvcInfo_kill_process

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

82d957a17da5b76fafad5813aad808e0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1f:8d:07:d8:de:aa:af:83:25:d5:2a:b0:59:5b:ba:3fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

19:53:60:96:ed:fe:27:fc:ec:06:df:59:29:d3:9a:62Certificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

a3:ca:9b:62:7d:a1:2c:c9:ab:6e:06:27:19:8d:75:4c:6f:20:aa:e5:d0:62:73:45:a0:34:a9:cb:72:e9:50:63Signer

37:76:00:aa:7f:60:f1:57:3e:0f:19:d7:98:69:c0:37:c5:fc:9e:94Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

version

uxtheme

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

Exports

Exports

Sections

.text Size: 235KB - Virtual size: 234KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 13KB - Virtual size: 25KB

.rsrc Size: 2.9MB - Virtual size: 3.8MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1f:8d:07:d8:de:aa:af:83:25:d5:2a:b0:59:5b:ba:3f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

19:53:60:96:ed:fe:27:fc:ec:06:df:59:29:d3:9a:62
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

a3:ca:9b:62:7d:a1:2c:c9:ab:6e:06:27:19:8d:75:4c:6f:20:aa:e5:d0:62:73:45:a0:34:a9:cb:72:e9:50:63
Signer

37:76:00:aa:7f:60:f1:57:3e:0f:19:d7:98:69:c0:37:c5:fc:9e:94
Signer

.text
Size: 235KB - Virtual size: 234KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 13KB - Virtual size: 25KB

.rsrc
Size: 2.9MB - Virtual size: 3.8MB