eSpeedGames Start
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 11,502 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 12 |
| First Seen: | June 7, 2023 |
| Last Seen: | April 8, 2026 |
| OS(es) Affected: | Windows |
The eSpeedGames Start software is published by espeedcheck.com on Chrome.google.com/webstore/detail/espeedgames-start/fpogacjnhfdbdkdiccegfoinkddppenj. The eSpeedGames Start app is promoted to provide Web surfers with a quick game click-and-visit experience via Cantstopplaying.com. The eSpeedGames Start program is packed as a browser extension for Google Chrome, which you can install and use for free. The app may modify your new tab page settings in Chrome and offer links to games at Cantstopplaying.com. The new tab powered by eSpeedGames Start includes a search box powered by Searchalgo.com that is a search aggregator associated with browser hijacking cases in the past. Search operations performed via the eSpeedGames Start New Tab trigger a browser redirect via Games.searchalgo.com to Search.yahoo.com. The same redirect-gateway is used by mixGames Search, GamesMuze, iGames Search and gamesZone Search as well. Installing the eSpeedGames Start app means you chose to grant it the following privileges:
- Read and change all your data online.
- Replace the page you see when opening a new tab.
The eSpeedGames Start browser extension is recognized as a Potentially Unwanted Program (PUP) by espeedcheck.com, which collects Web usage statistics to help the company behind Searchalgo.com collect ad revenue from tailor-suited Yahoo Ads. You may want to know that eSpeedGames Start functions the same way as many extensions published by Medianetnow.com, Mymedianet.now, Superappbox.com, Mixplugin.com, Ienjoyapps.com, Bettersearchtools.com, Theappjunkies.com, Bettersearchtools.com, Goamuze.com, Playmediacenter.com, Myappline.com, Searchalgo.com, Friendlyappz.com, Myappline.com, Getappsonline.com, Playmediacenter.com, Iezbrowsing.com, Friendlyappz.com, Espeedcheck.com, and Iezbrowsing.com on the Chrome Web Store. eSpeedGames Start has the same marketing pitch and very similar code as the following products, which are supposed to be the product of non-related companies:
- gamesPro Search by Mymedianetnow.com and Chrome.google.com/webstore/detail/gamespro-search/pgdbomlcailbhihagccohnopmpglcbji
- getGames Start by Getapponline.com and Chrome.google.com/webstore/detail/getgames-start/koaejgofaegnifpbkeldkehnbnomldbd
- gamingZone Start by Medianetnow.com and Chrome.google.com/webstore/detail/gamingzone-start/nhhboodmfnbbdoibnnikbchlocibjhbh
- gamesJunkie Home by Theappjunkies.com and Chrome.google.com/webstore/detail/gamesjunkie-home/bfjillpbgjlgfhklcgbgkildcophgmlo
- playNet Start by medianetnow.com and Chrome.google.com/webstore/detail/playnet-start/gnpphmgipfaoobhhkcfcbllckjjkddlg
- browserGames Now by Njoyapps.com and Chrome.google.com/webstore/detail/browsergames-now/koadafnlijadikflcccnekcehikbdoe
- browserGamer Now by Njoyapps.com and Chrome.google.com/webstore/detail/browsergamer-now/gllnfhbnopmjpifodjcgcbfcandfkjoj
In reality, there appears to be a connection between Eanswers.com and Searchalgo.com judging by the use of almost identical code and redirects to customized versions of Search.yahoo.com. Marketers associated with both domains may collect data like your Internet history, downloads log and list of installed third-party extensions to customize the commercials shown via Search.yahoo.com, Games.searchalgo.com, and Eanswers.com. PC users who may not be comfortable with sharing their Internet history with an extensive network of ad publishers may choose to uninstall the eSpeedGames Start extension and stay away from the apps mentioned above. You can find the Privacy Policy and EULA associated with espeedcheck.com at espeedcheck.com/privacy.php?cid=5049 and espeedcheck.com/eula.php?cid=5049.
Table of Contents
Analysis Report
General information
| Family Name: | Filecoder.DDC Ransomware |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
c7806eed04288b3699bf4658a70fc344
SHA1:
66fe231345f2fae68758a40a556f323e40c2e4a0
SHA256:
5E31EEE8370FA389FC7425A6DF38C8D4A80E463F526EA292286B5AD406AB96A3
File Size:
2.65 MB, 2645803 bytes
|
|
MD5:
2f32ac0fe40ca637aba5b26e62ba6f9d
SHA1:
8b495a553aabd81a2ad7d4abf4de89639690c10a
SHA256:
ACE8FFB6EB7508CF0BD62CE2A9096CBCEA314A15C7B67CDDA91D10D391E629EA
File Size:
2.62 MB, 2616427 bytes
|
|
MD5:
8cdd4130a32540fa6a7848e7f5641395
SHA1:
1ef03a126d868171c9774daa3182563e1a5c8955
SHA256:
77025650CF486972A0E6B867FB89C70A15C70522D932D9F4495A95D6CB90F0A0
File Size:
1.67 MB, 1674240 bytes
|
|
MD5:
e48b6974c7a985dcd1bae3d93fd270c3
SHA1:
15c14eb1486c83d45a85200d6bb7a228732f851b
SHA256:
77C0236A75DA60F9078CE82F37448B069DC984FE024432A89F6EA92771A61D2B
File Size:
1.59 MB, 1590784 bytes
|
|
MD5:
0750f20a0048c5dbe0e2248560ea1f2b
SHA1:
fb09b797f1606aa5c7b9cf2109d013425182bbb4
SHA256:
88EB000ED3352FE0B752D40991E3736B0E86F53B5D0436B35E13109951E811C3
File Size:
1.65 MB, 1654784 bytes
|
Show More
|
MD5:
a31f8b57e557d1b45fe70f2c1ad9b1ca
SHA1:
1427bdbe035c0fbfa46ac9c5961344d2d9b294b1
SHA256:
C8A2E450A86862F7BBFE9E7ECD23DF6702BE6982ECC9533F2B8A8749C3EF8FAE
File Size:
2.02 MB, 2022400 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- big overlay
- dll
- golang
- No Version Info
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 829 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 828 |
| Unknown Blocks: | 0 |
Visual Map
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- CobaltStrike.DWA
- CobaltStrike.XAD
- CobaltStrike.XZ
- Filecoder.DDC
- Filecoder.KEF
Show More
- ReverseShell.B
- Rozena.BVB
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Network Winhttp |
|
