» EpicScale.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (2)

EpicScale.exe

EpicScale

Epic Scale, Inc.

The application EpicScale.exe by Epic Scale has been detected as a potentially unwanted program by 18 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘EpicScale’. This file is typically installed with the program EpicScale Application by EpicScale, Inc.. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

EpicScale.exe

Publisher:

EpicScale Inc. (signed by Epic Scale, Inc.)

Product:

EpicScale

Description:

EpicScale module

Version:

1.0.0.0

MD5:

e386d9ab5a8906e43dbfd440d9889601

SHA-1:

f4f4554c84d913abcff679a642d49279399c5fc0

SHA-256:

e85895f440c5b24f4dff8c30c31e014edecdb1b4ef30981019a91b8b1744c409

Scanner detections:

18 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

12/27/2024 11:28:40 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

PUA/EpicScale.Gen

8.3.1.6

avast!

Win32:EpicScale-A [PUP]

2014.9-151207

Baidu Antivirus

Hacktool.Win32.BitCoinMiner

4.0.3.15127

Comodo Security

Application.Win32.EpicScale.A

22384

Dr.Web

Program.EpicScale.23

9.0.1.0341

ESET NOD32

Win32/EpicScale.A potentially unwanted (variant)

9.11754

Fortinet FortiGate

Riskware/EpicScale

12/7/2015

G Data

Win32.Application.Agent.4XZ7L9

15.12.25

K7 AntiVirus

Adware

13.205.16221

Malwarebytes

PUP.Optional.EpicScale

v2015.12.07.02

McAfee

Artemis!A2150F925531

5600.6559

Panda Antivirus

Trj/Genetic.gen

15.12.07.02

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.EpicScale.Optional.Meta (L)

15.12.7.2

Sophos

Generic PUA EK

4.98

Trend Micro House Call

TROJ_GEN.R047H05F615

7.2.341

VIPRE Antivirus

Trojan.Win32.Generic

40948

File size:

350.5 KB (358,928 bytes)

Product version:

1.0.0.0

Original file name:

EpicScale.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\epicscale\6\epicscale.exe

Digital Signature

Signed by:

Epic Scale, Inc.

Authority:

Symantec Corporation

Valid from:

4/19/2015 7:00:00 PM

Valid to:

6/18/2016 6:59:59 PM

Subject:

CN="Epic Scale, Inc.", O="Epic Scale, Inc.", L=Oakland, S=California, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

732B10C8A5DBD0D56B01F5A5AAE63571

File PE Metadata

Compilation timestamp:

5/30/2015 9:39:19 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:SuahkOKyQO62aV05jbr81slyeQ+wtrVEYIsga:HaVla2jbQwyeQztwsga

Entry address:

0x1DC10

Entry point:

E8, DC, 75, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 20, C6, 44, 00, 75, 02, F3, C3, E9, E5, 26, 00, 00, 55, 8B, EC, FF, 75, 14, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 05, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 83, EC, 20, 53, 57, 33, DB, 8D, 7D, E4, 6A, 07, 33, C0, 89, 5D, E0, 59, F3, AB, 39, 45, 10, 75, 18, E8, 28, 2F, 00, 00, C7, 00, 16, 00, 00, 00, E8, 45, 7C, 00, 00, 83, C8, FF, E9, 9B, 00, 00, 00, 8B, 45, 0C, 56, 8B, 75, 08, 85, C0, 74, 19, 85, F6, 75, 15, E8, 01, 2F, 00, 00, C7, 00, 16, 00... 
[+]

Entropy:

6.3542

Code size:

225 KB (230,400 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

EpicScale

Command:

C:\ProgramData\epicscale\6\epicscale.exe epicscale startminimized

The file EpicScale.exe has been discovered within the following program.

EpicScale Application by EpicScale, Inc.

About 8% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to a23-208-196-46.deploy.static.akamaitechnologies.com (23.208.196.46:443)

TCP (HTTP SSL):

Connects to a104-105-128-171.deploy.static.akamaitechnologies.com (104.105.128.171:443)

Remove EpicScale.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.