EpicWebHelper[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EpicWebHelper.exe
Size

3.6MB
MD5

add91dae7688a556e40465c5d5e32b77
SHA1

06ee85028a1431052d17fe7729064841c43bb989
SHA256

381b36c6a7e8fc4da341e82f84f5f95a0a718bd88f4730c8eb45ceb83fb8033f
SHA512

4f4e4962b8da40b4d3caea7fba0462a3e9d9a110c1cf46c247a9dcb85559df568ae6167678ea8c84f401b0adcdb6013ec3a70544a4cdeb7ab90855f78958beef
SSDEEP

49152:m7gB8+Uf41MZDxz4GA9P74xBMoJ0K9f91mTro34mdGiZp15UTDDsEn6:cgdquUxBMytHEn6

Score

1^/10

Malware Config

Signatures

Files

EpicWebHelper.exe
.exe windows:6 windows x64 arch:x64

Password: test

44bc7907dfbe1ea87a44038ea2b63cbc

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:1a:46:54:2e:fc:af:0b:58:3d:fd:3d:c8:87:1e:8f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/03/2024, 00:00

Not After

05/03/2025, 23:59

Subject

SERIALNUMBER=D03752763,CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084d6172796c616e64,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:1a:46:54:2e:fc:af:0b:58:3d:fd:3d:c8:87:1e:8f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/03/2024, 00:00

Not After

05/03/2025, 23:59

Subject

SERIALNUMBER=D03752763,CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084d6172796c616e64,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:d7:63:ec:41:bd:85:f3:96:a1:4f:fb:64:26:c9:73:ca:53:67:02:0c:fe:b6:ba:96:aa:0c:54:df:8a:7b:b1
Signer

Actual PE Digest

7b:d7:63:ec:41:bd:85:f3:96:a1:4f:fb:64:26:c9:73:ca:53:67:02:0c:fe:b6:ba:96:aa:0c:54:df:8a:7b:b1

Digest Algorithm

sha256

PE Digest Matches

true

d4:53:1e:30:dd:2d:b2:67:29:8f:8e:d4:b6:ec:cb:6b:9e:87:24:f7
Signer

Actual PE Digest

d4:53:1e:30:dd:2d:b2:67:29:8f:8e:d4:b6:ec:cb:6b:9e:87:24:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

EpicWebHelper.pdb

Imports

kernel32

K32EnumProcessModulesEx
K32GetModuleFileNameExW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetOverlappedResult
WriteFile
ReadFile
RtlCaptureStackBackTrace
VerSetConditionMask
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindNextFileW
FlushFileBuffers
GetFileAttributesExW
GetFileSizeEx
GetFinalPathNameByHandleW
GetLongPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
GetTempPathW
OutputDebugStringW
SetLastError
SetThreadErrorMode
PeekNamedPipe
QueryPerformanceFrequency
Sleep
GetProcessTimes
TerminateProcess
GetExitCodeProcess
SwitchToThread
CreateProcessW
GetThreadContext
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime
GetVersionExW
GetLogicalProcessorInformationEx
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
SetDllDirectoryW
ResetEvent
LoadLibraryW
FormatMessageW
lstrlenW
ReOpenFile
CopyFileW
MoveFileW
VerifyVersionInfoW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemPowerStatus
GetUserPreferredUILanguages
GetUserDefaultLocaleName
K32GetProcessMemoryInfo
SetErrorMode
GetModuleHandleExA
FlsAlloc
FlsSetValue
GetLargePageMinimum
VirtualUnlock
LoadLibraryA
GetEnvironmentVariableA
GetACP
GetLocaleInfoEx
GetDynamicTimeZoneInformation
GetGeoInfoW
GetUserGeoID
LCIDToLocaleName
LocaleNameToLCID
GetNumberFormatEx
GetCurrencyFormatEx
ResolveLocaleName
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetTimeFormatEx
GetDateFormatEx
VirtualQuery
LoadLibraryExA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetProcessId
ResumeThread
SuspendThread
SetThreadPriority
OpenThread
GetCurrentThread
CreateThread
ExitProcess
GetCurrentProcessId
GetCurrentProcess
CreateEventW
WaitForSingleObject
GetDllDirectoryW
GetModuleHandleExW
SetEvent
GetLastError
SetUnhandledExceptionFilter
RaiseException
CloseHandle
GetFileAttributesW
CreateFileW
GetCommandLineW
HeapSetInformation
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetCriticalSectionSpinCount
InitializeCriticalSection
FindFirstFileW
FindClose
GetCurrentThreadId
QueryPerformanceCounter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetProcAddress

user32

EnumDisplayDevicesW
AllowSetForegroundWindow
RegisterHotKey
UnregisterHotKey
GetTopWindow
ScreenToClient
MessageBoxW
GetWindowRect
SetWindowTextW
SetForegroundWindow
GetSystemMetrics
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
SetWindowPos
PostQuitMessage

gdi32

DeleteDC
GetTextExtentPoint32W
CreateCompatibleDC

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetUserNameW

shell32

SHGetKnownFolderPath

ole32

CoCreateGuid
CoTaskMemFree

msvcp140

??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ

shlwapi

PathFileExistsW

vcruntime140

__current_exception_context
__current_exception
wcsstr
__RTDynamicCast
__std_type_info_name
__std_type_info_compare
__RTtypeid
strchr
__CxxFrameHandler3
__std_terminate
__C_specific_handler
wcsrchr
_purecall
memcpy
memmove
memset
memcmp
strrchr
wcschr
strstr

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_narrow_environment
exit
terminate
_errno
_initialize_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
strerror
_invoke_watson
_exit
abort
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_configure_narrow_argv
_initterm_e

api-ms-win-crt-utility-l1-1-0

div
qsort

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fputs
__p__commode
__stdio_common_vsprintf
__acrt_iob_func
__stdio_common_vswprintf
__stdio_common_vfwprintf

api-ms-win-crt-string-l1-1-0

toupper
strncat
strspn
strcmp
iswxdigit
iswalpha
iswalnum
strncpy
isspace
strncmp
iswspace
iswdigit
wcsncmp
wcsncpy

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
_heapchk
_get_heap_handle
malloc
free

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtod
strtoul
_wcstoi64
_wcstoui64
_wtoi64
wcstod
_wtof
_wtoi
wcstoul

api-ms-win-crt-math-l1-1-0

round
logf
floor
ceil
cos
__setusermatherr
fmod
modf
_isnan
asin
sin
log
sqrt
tan
_dsign
atan
_dtest
trunc
atan2
pow

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-conio-l1-1-0

_cputs

api-ms-win-crt-time-l1-1-0

_tzset
__tzname
__timezone

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 942KB - Virtual size: 941KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 978KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: test

44bc7907dfbe1ea87a44038ea2b63cbc

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:1a:46:54:2e:fc:af:0b:58:3d:fd:3d:c8:87:1e:8fCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:1a:46:54:2e:fc:af:0b:58:3d:fd:3d:c8:87:1e:8fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7b:d7:63:ec:41:bd:85:f3:96:a1:4f:fb:64:26:c9:73:ca:53:67:02:0c:fe:b6:ba:96:aa:0c:54:df:8a:7b:b1Signer

d4:53:1e:30:dd:2d:b2:67:29:8f:8e:d4:b6:ec:cb:6b:9e:87:24:f7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 942KB - Virtual size: 941KB

.data Size: 85KB - Virtual size: 978KB

.pdata Size: 150KB - Virtual size: 150KB

_RDATA Size: 9KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 28KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:1a:46:54:2e:fc:af:0b:58:3d:fd:3d:c8:87:1e:8f
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:1a:46:54:2e:fc:af:0b:58:3d:fd:3d:c8:87:1e:8f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7b:d7:63:ec:41:bd:85:f3:96:a1:4f:fb:64:26:c9:73:ca:53:67:02:0c:fe:b6:ba:96:aa:0c:54:df:8a:7b:b1
Signer

d4:53:1e:30:dd:2d:b2:67:29:8f:8e:d4:b6:ec:cb:6b:9e:87:24:f7
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 942KB - Virtual size: 941KB

.data
Size: 85KB - Virtual size: 978KB

.pdata
Size: 150KB - Virtual size: 150KB

_RDATA
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 28KB