Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).
Contains characteristics of an identified security risk.


Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.


Possible Security Risk

Threat CategoryDescription
A potentially unwanted adware program designed to deliver various advertisements to the users' systems


File System Modifications

#Filename(s)File SizeFile HashAlias
1 %AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\chrome\eptextlinks.jar 1,577 bytes MD5: 0xC340B5B976C894DE82476A3D4FD72E89
SHA-1: 0x9ABC7C2956BF00CEC542AFBB84A3A0A91498E9A6
(not available)
2 %AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\chrome.manifest 608 bytes MD5: 0x7B93195B7154946E77297DD8B269EB55
SHA-1: 0x046B545F1678F48968F1FDE8EFF7EC7B7FA46CFC
(not available)
3 %AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\components\epicplay.js 4,862 bytes MD5: 0xD7B69B0CA6635B49A6691C734C51E77A
SHA-1: 0xDCC83EE9C08B7F4B0DEDFF947D56E62C20F59B2D
(not available)
4 %AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\components\epicPlayGames.dll 95,232 bytes MD5: 0x5767D36512FCDE7C784A382B49215839
SHA-1: 0x6866B1D845B4A855B01BC528B0D091ED13DA9B22
Adware:Win32/GameVance [Microsoft]
5 %AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\components\epicPlayGames.xpt 142 bytes MD5: 0x32F1359C9431B9B31C2B1F49D9C3239E
SHA-1: 0x0C65F8400876F4F903EF00D043674D1B2EABB47B
(not available)
6 %AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\install.rdf 861 bytes MD5: 0x61177626A7DBAA286D3A2EF25B9B1C95
SHA-1: 0x82B80DF13CCEE08EE1951F53052E8221B02BA069
(not available)
7 %ProgramFiles%\EpicPlay\epicHost.dll 129,024 bytes MD5: 0xEED9E219CA1FBB945976C101EBEFE06C
SHA-1: 0x710A25C192C8E912F48BAFE857137B4312E66614
(not available)
8 %ProgramFiles%\EpicPlay\epicPlayFrame.dll 147,456 bytes MD5: 0xB0315DC3C2CEC3599908FD187CE97873
SHA-1: 0x1471DA84456A43379210E664C84BFECD61E8BE76
(not available)
9 %ProgramFiles%\EpicPlay\epicPlayGames.dll 134,144 bytes MD5: 0x67CD250E87264D5108E63E22CF7096E4
SHA-1: 0xBDE37F27AEB57C39DAD5629CD98F206A3A2DD47F
not-a-virus:AdWare.Win32.EpicGames.b [Kaspersky Lab]
Adware:Win32/GameVance [Microsoft]
10 %ProgramFiles%\EpicPlay\epicRemoval.exe 368,128 bytes MD5: 0x05B031D7ED53E68298F0024122D29B47
SHA-1: 0x46ECA39952B6AE1EAB3E5043D5B76594BD2504E2
Adware:Win32/GameVance [Microsoft]
AdWare.Win32.ArcadeWeb [Ikarus]
11 %ProgramFiles%\EpicPlay\npEpicHost.dll 61,952 bytes MD5: 0x88BE2C927063E01B77137B921E77E832
SHA-1: 0x2E44B5334C8386AF286DF307EDB32708955C7AE8
(not available)


Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]1,753,088 bytes


Registry Modifications


Other details

Remote HostPort Number



All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2015 ThreatExpert. All rights reserved.