download: | epicsetup.exe |
Full analysis: | https://app.any.run/tasks/099e98fa-bdbc-495a-a4f5-079ddaa9e910 |
Verdict: | Malicious activity |
Analysis date: | December 14, 2018, 13:19:47 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 607B6DA10B6DDB74610D8FD72AC85ADC |
SHA1: | C76FABD1ABDDFCD7BD9307C04685674F009BBC6D |
SHA256: | E46853CAAF6ADF679F3BDB116761AA7EF199F148641CFF7EC9D76FD67EF5305F |
SSDEEP: | 49152:9aECKpr/+dFlBRdngJI1YRKa8YuYnlVobKb:sEt/+dXBRdngGa8UnlVoOb |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
PrivateBuild: | - |
---|---|
Debug: | - |
LanguageId: | en |
ProductVersion: | 1.3.27.13 |
ProductName: | Epic Privacy Browser Installer |
OriginalFileName: | EpicUpdateSetup.exe |
LegalCopyright: | Copyright 2007-2010 Google Inc. |
InternalName: | Epic Privacy Browser Installer Setup |
FileVersion: | 1.3.27.13 |
FileDescription: | Epic Privacy Browser Installer Setup |
CompanyName: | Epic Privacy Browser |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | Debug, Private build |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 1.3.27.13 |
FileVersionNumber: | 1.3.27.13 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5 |
ImageVersion: | - |
OSVersion: | 5 |
EntryPoint: | 0x1000 |
UninitializedDataSize: | - |
InitializedDataSize: | 1491968 |
CodeSize: | 333312 |
LinkerVersion: | 9 |
PEType: | PE32 |
TimeStamp: | 2017:05:24 11:16:53+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 24-May-2017 09:16:53 |
Detected languages: |
|
Debug artifacts: |
|
CompanyName: | Epic Privacy Browser |
FileDescription: | Epic Privacy Browser Installer Setup |
FileVersion: | 1.3.27.13 |
InternalName: | Epic Privacy Browser Installer Setup |
LegalCopyright: | Copyright 2007-2010 Google Inc. |
OriginalFilename: | EpicUpdateSetup.exe |
ProductName: | Epic Privacy Browser Installer |
ProductVersion: | 1.3.27.13 |
LanguageId: | en |
Debug: | - |
PrivateBuild: | - |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000E0 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 24-May-2017 09:16:53 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00051561 | 0x00051600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.20794 |
.rdata | 0x00053000 | 0x00010FEC | 0x00011000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.47829 |
.data | 0x00064000 | 0x00002EFC | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.42225 |
.rsrc | 0x00067000 | 0x001562D0 | 0x00156400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.99021 |
.reloc | 0x001BE000 | 0x00003C28 | 0x00003E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.64679 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.09285 | 738 | Latin 1 / Western European | UNKNOWN | RT_MANIFEST |
2 | 4.13669 | 1384 | Latin 1 / Western European | English - United States | RT_ICON |
3 | 3.91985 | 744 | Latin 1 / Western European | English - United States | RT_ICON |
4 | 4.83772 | 2216 | Latin 1 / Western European | English - United States | RT_ICON |
5 | 3.68656 | 1640 | Latin 1 / Western European | English - United States | RT_ICON |
6 | 4.50268 | 3752 | Latin 1 / Western European | English - United States | RT_ICON |
101 | 2.86669 | 90 | Latin 1 / Western European | English - United States | RT_GROUP_ICON |
102 | 7.99988 | 1369007 | Latin 1 / Western European | UNKNOWN | B |
1321 | 3.64009 | 422 | Latin 1 / Western European | Serbian - Serbia (Cyrillic) | RT_STRING |
ADVAPI32.dll |
KERNEL32.dll |
SHLWAPI.dll |
USER32.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2976 | "C:\Users\admin\AppData\Local\Temp\epicsetup.exe" | C:\Users\admin\AppData\Local\Temp\epicsetup.exe | explorer.exe | |
User: admin Company: Epic Privacy Browser Integrity Level: MEDIUM Description: Epic Privacy Browser Installer Setup Version: 1.3.27.13 | ||||
3556 | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\EpicUpdate.exe /installsource taggedmi /install "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en" | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\EpicUpdate.exe | epicsetup.exe | |
User: admin Company: Epic Privacy Browser Integrity Level: MEDIUM Description: Epic Privacy Browser Installer Version: 1.3.27.13 | ||||
2224 | "C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /regserver | C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe | EpicUpdate.exe | |
User: admin Company: Epic Privacy Browser Integrity Level: MEDIUM Description: Epic Privacy Browser Installer Exit code: 0 Version: 1.3.27.13 | ||||
2408 | "C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /c | C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe | EpicUpdate.exe | |
User: admin Company: Epic Privacy Browser Integrity Level: MEDIUM Description: Epic Privacy Browser Installer Version: 1.3.27.13 | ||||
3716 | "C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /cr | C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe | EpicUpdate.exe | |
User: admin Company: Epic Privacy Browser Integrity Level: MEDIUM Description: Epic Privacy Browser Installer Exit code: 0 Version: 1.3.27.13 | ||||
3944 | "C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\EpicCrashHandler.exe" /crashhandler | C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\EpicCrashHandler.exe | EpicUpdate.exe | |
User: admin Company: Epic Privacy Browser Integrity Level: MEDIUM Description: Epic Privacy Browser Installer Exit code: 0 Version: 1.3.27.13 | ||||
2612 | "C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ua /installsource core | C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe | EpicUpdate.exe | |
User: admin Company: Epic Privacy Browser Integrity Level: MEDIUM Description: Epic Privacy Browser Installer Exit code: 0 Version: 1.3.27.13 | ||||
2800 | "C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjcuMTMiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NENCRjAxM0MtNUQ3MC00OTg2LUExNjYtRDBFQUNCQkEwRDhEfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0U2RjM0NzVBLTYxODUtNDI2Ny04M0Y2LTcxQjU4QTdEMDVDN30iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0ie0I4NTJFN0IxLTkwOEEtNDhFRi05NTc2LUNCRTIzNjU0RDkwN30iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yNy4xMyIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg | C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe | EpicUpdate.exe | |
User: admin Company: Epic Privacy Browser Integrity Level: MEDIUM Description: Epic Privacy Browser Installer Exit code: 0 Version: 1.3.27.13 | ||||
3768 | "C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /handoff "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en" /installsource taggedmi /sessionid "{4CBF013C-5D70-4986-A166-D0EACBBA0D8D}" | C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe | EpicUpdate.exe | |
User: admin Company: Epic Privacy Browser Integrity Level: MEDIUM Description: Epic Privacy Browser Installer Version: 1.3.27.13 | ||||
2188 | "C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /uninstall | C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe | EpicUpdate.exe | |
User: admin Company: Epic Privacy Browser Integrity Level: MEDIUM Description: Epic Privacy Browser Installer Exit code: 0 Version: 1.3.27.13 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2976 | epicsetup.exe | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\EpicUpdateHelper.msi | executable | |
MD5:A39C5B57BB946852A41B21F540D54D2B | SHA256:E4207DAC538CEE89A84776482EECBF19F9F06ED2A75C6898D195B3183AE8B913 | |||
2976 | epicsetup.exe | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\psuser.dll | executable | |
MD5:A9FDF35B84EB73B1523C257407648E3A | SHA256:A299CD75F83E1B29BF2EF4538D4C1F79F7B0DD67AD8F14F3B793A08C3312215F | |||
2976 | epicsetup.exe | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\EpicCrashHandler.exe | executable | |
MD5:BA86A3AD65404FC5E08078A638611F52 | SHA256:A722FA6E47F612DAE6A3B90838843A9ADD4AF52BF5E19ED025F9DF5332E444B9 | |||
2976 | epicsetup.exe | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\goopdateres_ar.dll | executable | |
MD5:E9B4909C22C80AFF9E6A3948BA9F0A96 | SHA256:B5ECFD924F970165553B56EEBFC5BB898D54A39D1FDC93ADCFB372FACA44963A | |||
2976 | epicsetup.exe | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\goopdateres_de.dll | executable | |
MD5:F4324D28412A6B555ADEDCB363110D9E | SHA256:46C06CC8415E9B2FF45D3E54A7751F0407A8E3BA4EDF3A51DEFCCAAB01D8E8D5 | |||
2976 | epicsetup.exe | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\EpicUpdate.exe | executable | |
MD5:BA86A3AD65404FC5E08078A638611F52 | SHA256:A722FA6E47F612DAE6A3B90838843A9ADD4AF52BF5E19ED025F9DF5332E444B9 | |||
2976 | epicsetup.exe | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\goopdate.dll | executable | |
MD5:AA8C6DB4925ADF7B02FF646E2A8D744F | SHA256:D9359E17DC24D47EFF57799DACF56401ADD24C34029048C905416AF6A2C182E3 | |||
2976 | epicsetup.exe | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\goopdateres_cs.dll | executable | |
MD5:DA18C7C0792CEC950774AC63AF73E3CD | SHA256:38F22B838679BD61BC87881C1E081300C01E32D1FD5B5EC81E652F7B08AA4E2E | |||
2976 | epicsetup.exe | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\goopdateres_en.dll | executable | |
MD5:E80AF7A0FB03C11C3A325A832CE59F70 | SHA256:DFA59C2A8DFDDCFED059D611A3344892AFD2E0D4CE206B1396204BE75311770E | |||
2976 | epicsetup.exe | C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\goopdateres_da.dll | executable | |
MD5:7D7861258E18A1FF34B49D354186757F | SHA256:8E503CD5A1807A82000AEA70ABC119C442216EAE4206B218F1B998A0C6F375FD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3716 | EpicUpdate.exe | GET | 404 | 206.189.4.63:80 | http://updates.epicbrowser.com/service/check2?appid=%7BB852E7B1-908A-48EF-9576-CBE23654D907%7D&appversion=1.3.27.13&applang=&machine=0&version=0.0.0.0&osversion=6.1&servicepack=Service%20Pack%201 | US | html | 2.74 Kb | whitelisted |
2800 | EpicUpdate.exe | POST | 200 | 206.189.4.63:80 | http://updates.epicbrowser.com/service/update2 | US | xml | 352 b | whitelisted |
3540 | EpicUpdate.exe | POST | 200 | 206.189.4.63:80 | http://updates.epicbrowser.com/service/update2?w=3:OX7CrZds0eI3k0Can3VYVkO-4O5eij4rqxSOUIHayxW3kaMdTyk0r0ADHMBAg9N1ay8MHYDfe5j6-AhKMCFSrOFXPsp8wshDbtXWqon61mYGRvcrwok39aR40K4rRBp454HAWK2vaqyQ03nUjDcCHe7iQU1cvmc4KEWhJG5sduQ | US | xml | 869 b | whitelisted |
2620 | epic.exe | GET | 200 | 128.199.39.15:80 | http://updates.epicbrowser.com/extensions/newtab/newAdd.html | NL | html | 958 b | whitelisted |
2812 | EpicUpdate.exe | POST | 200 | 206.189.4.63:80 | http://updates.epicbrowser.com/service/update2 | US | xml | 1.01 Kb | whitelisted |
2620 | epic.exe | GET | 200 | 128.199.39.15:80 | http://updates.epicbrowser.com/extensions/newtab/newTabAd.xml | NL | text | 118 b | whitelisted |
3540 | EpicUpdate.exe | GET | 200 | 91.199.212.52:80 | http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt | GB | der | 1.51 Kb | whitelisted |
3540 | EpicUpdate.exe | GET | 200 | 91.199.212.52:80 | http://crt.comodoca.com/COMODORSAAddTrustCA.crt | GB | der | 1.37 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3540 | EpicUpdate.exe | 91.199.212.52:80 | crt.comodoca.com | Comodo CA Ltd | GB | suspicious |
2800 | EpicUpdate.exe | 206.189.4.63:80 | updates.epicbrowser.com | — | US | unknown |
2620 | epic.exe | 82.196.2.74:443 | epicbrowser.com | Digital Ocean, Inc. | NL | unknown |
2620 | epic.exe | 173.194.76.153:443 | chromium-i18n.appspot.com | Google Inc. | US | unknown |
3540 | EpicUpdate.exe | 206.189.4.63:443 | updates.epicbrowser.com | — | US | unknown |
— | — | 62.113.194.2:443 | cdn.epicbrowser.com | 23media GmbH | DE | malicious |
3540 | EpicUpdate.exe | 206.189.4.63:80 | updates.epicbrowser.com | — | US | unknown |
3716 | EpicUpdate.exe | 206.189.4.63:80 | updates.epicbrowser.com | — | US | unknown |
2812 | EpicUpdate.exe | 206.189.4.63:80 | updates.epicbrowser.com | — | US | unknown |
2620 | epic.exe | 216.58.215.234:443 | translate.googleapis.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
updates.epicbrowser.com |
| whitelisted |
crt.comodoca.com |
| whitelisted |
cdn.epicbrowser.com |
| malicious |
www.google.com |
| whitelisted |
chromium-i18n.appspot.com |
| whitelisted |
epicbrowser.com |
| unknown |
www.epicbrowser.com |
| unknown |
translate.googleapis.com |
| whitelisted |
Process | Message |
---|---|
EpicUpdate.exe | LOG_SYSTEM: [EpicUpdate:goopdate]: ERROR - Cannot create ETW log writer |
EpicUpdate.exe | [12/14/18 13:20:11.468][EpicUpdate:goopdate][3556:3560][OS][version: OS_WINDOWS_7][service pack: 1]
|
EpicUpdate.exe | [12/14/18 13:20:11.468][EpicUpdate:goopdate][3556:3560][GetNamedObjectAttributes][named_object=Global\ES-1-5-21-1302019708-1500728564-335382590-1000_Epic Privacy Browser_Installer_Report_Ids_Lock_57146B01-6A07-4b8d-A1D8-0C3AFC3B2F9B]
|
EpicUpdate.exe | [12/14/18 13:20:11.468][EpicUpdate:goopdate][3556:3560][DllEntry][C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\EpicUpdate.exe /installsource taggedmi /install "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en"]
|
EpicUpdate.exe | [12/14/18 13:20:11.468][EpicUpdate:goopdate][3556:3560][Goopdate::Goopdate]
|
EpicUpdate.exe | [12/14/18 13:20:11.468][EpicUpdate:goopdate][3556:3560][Crash::InstallCrashHandler][is_machine 0]
|
EpicUpdate.exe | [12/14/18 13:20:11.484][EpicUpdate:goopdate][3556:3560][crash dir C:\Users\admin\AppData\Local\Epic Privacy Browser\CrashReports]
|
EpicUpdate.exe | [12/14/18 13:20:11.484][EpicUpdate:goopdate][3556:3560][exception handler has been installed]
|
EpicUpdate.exe | [12/14/18 13:20:11.484][EpicUpdate:goopdate][3556:3560][ThreadPool::ThreadPool]
|
EpicUpdate.exe | [12/14/18 13:20:11.484][EpicUpdate:goopdate][3556:3560][C:\Users\admin\AppData\Local\Temp\GUM88CD.tmp\goopdate.dll][version 1.3.27.13][dbg][dev]
|