home

EpicScale64.exe

EpicScale

Epic Scale, Inc.

The application EpicScale64.exe by Epic Scale has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address static.14.31.201.138.clients.your-server.de on port 3336.
Publisher:
EpicScale Inc.  (signed by Epic Scale, Inc.)

Product:
EpicScale

Description:
EpicScale module

Version:
1.0.0.0

MD5:
a568e853fa7cc6fc9710677e31ada073

SHA-1:
a1f42a0231d28a698195b4f8d6fa05eca008fbc6

SHA-256:
eb0aedbde7bb7a9eaa1c8278ae1ee9b47ab4f1e9d08e69f533f54f4d84360e7d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 6:47:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.EpicScale.Optional.Meta (L)
16.1.4.20

File size:
362 KB (370,656 bytes)

Product version:
1.0.0.0

Copyright:
(c) EpicScale Inc. All rights reserved.

Original file name:
EpicScale64.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\epicscale\21\x64\epicscale64.exe

Digital Signature
Signed by:
Epic Scale, Inc.

Authority:
Symantec Corporation

Valid from:
4/20/2015 2:00:00 AM

Valid to:
6/19/2016 1:59:59 AM

Subject:
CN="Epic Scale, Inc.", O="Epic Scale, Inc.", L=Oakland, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
732B10C8A5DBD0D56B01F5A5AAE63571

File PE Metadata
Compilation timestamp:
5/23/2015 8:33:15 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:aD3rm7tjGF+MI30Ve/5VeT0SzCy7JsPfsw5n/PrPkOD8Av/51:au7dGF630VwTrtPv/

Entry address:
0x1C0C0

Entry point:
48, 83, EC, 28, E8, B3, 61, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, A9, 24, 03, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 39, 21, 00, 00, CC, 48, 83, EC, 38, 4C, 89, 4C, 24, 20, 45, 33, C9, E8, 07, 00, 00, 00, 48, 83, C4, 38, C3, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 70, 10, 48, 89, 78, 18, 4C, 89, 70, 20, 55, 48, 8B, EC, 48...
 
[+]

Code size:
204.5 KB (209,408 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to static.13.31.201.138.clients.your-server.de  (138.201.31.13:3336)

TCP:
Connects to static.14.31.201.138.clients.your-server.de  (138.201.31.14:3336)

TCP:
Connects to ip106.ip-79-137-57.eu  (79.137.57.106:8005)

TCP:
Connects to 163-172-38-13.rev.poneytelecom.eu  (163.172.38.13:5555)

Remove EpicScale64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.