home

EpicScale64.exe

EpicScale

Epic Scale, Inc.

The application EpicScale64.exe by Epic Scale has been detected as a potentially unwanted program by 5 anti-malware scanners. This file is typically installed with the program EpicScale Application by EpicScale, Inc.. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address ip-149-202-169.eu on port 7777.
Publisher:
EpicScale Inc.  (signed by Epic Scale, Inc.)

Product:
EpicScale

Description:
EpicScale module

Version:
1.0.0.0

MD5:
bf4c7677d95b28546dfa6761e5e52846

SHA-1:
e69c38c8191d150983c271285450cdd40fc02195

SHA-256:
4d87b530b0ddcfd492bd56ec64d67fbae048b6a20f988dab9e5e13754b9f25ec

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/23/2024 12:32:47 PM UTC  (today)

Scan engine
Detection
Engine version

Kaspersky
not-a-virus:RiskTool.Win64.BitCoinMiner
14.0.0.2437

Panda Antivirus
Generic Suspicious
15.02.24.12

Qihoo 360 Security
Win32/Virus.RiskTool.e98
1.0.0.1015

Reason Heuristics
PUP.Optional.EpicScale
15.2.24.12

Trend Micro House Call
TROJ_GEN.R0C1H07BF15
7.2.55

File size:
362.2 KB (370,936 bytes)

Product version:
1.0.0.0

Copyright:
(c) EpicScale Inc. All rights reserved.

Original file name:
EpicScale64.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\application data\epicscale\1\epicscale64.exe

Digital Signature
Signed by:
Epic Scale, Inc.

Authority:
VeriSign, Inc.

Valid from:
5/14/2014 2:00:00 AM

Valid to:
5/15/2015 1:59:59 AM

Subject:
CN="Epic Scale, Inc.", O="Epic Scale, Inc.", L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
605C2C8521EE66CBD7D05A757E3EEBC1

File PE Metadata
Compilation timestamp:
2/24/2015 5:11:03 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:RrrwG88Cc6ao82UCc2M13QTl83ANedXJxyy2i+vVFxx8izAn:RoG88Ccr2UCcHAsTdD+tFwizG

Entry address:
0x1C060

Entry point:
48, 83, EC, 28, E8, B3, 61, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 09, 25, 03, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 39, 21, 00, 00, CC, 48, 83, EC, 38, 4C, 89, 4C, 24, 20, 45, 33, C9, E8, 07, 00, 00, 00, 48, 83, C4, 38, C3, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 70, 10, 48, 89, 78, 18, 4C, 89, 70, 20, 55, 48, 8B, EC, 48...
 
[+]

Code size:
204.5 KB (209,408 bytes)

The file EpicScale64.exe has been discovered within the following program.

EpicScale Application  by EpicScale, Inc.
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to static.94.62.63.178.clients.your-server.de  (178.63.62.94:2555)

TCP:
Connects to ip241.ip-144-217-61.net  (144.217.61.241:8050)

TCP:
Connects to ip-149-202-169.eu  (149.202.169.14:7777)

TCP:
Connects to static.243.47.9.176.clients.your-server.de  (176.9.47.243:45590)

TCP:
Connects to static.178.147.9.176.clients.your-server.de  (176.9.147.178:45660)

TCP:
Connects to ns377151.ip-94-23-55.eu  (94.23.55.211:8005)

TCP:
Connects to lb-182-223.above.com  (103.224.182.223:7777)

TCP (HTTP SSL):
Connects to 163-172-38-13.rev.poneytelecom.eu  (163.172.38.13:443)

TCP:
Connects to static.47.206.201.138.clients.your-server.de  (138.201.206.47:8888)

TCP:
Connects to 195-154-181-121.rev.poneytelecom.eu  (195.154.181.121:45590)

TCP:
Connects to static.78.147.9.176.clients.your-server.de  (176.9.147.78:45560)

TCP:
Connects to static.13.31.201.138.clients.your-server.de  (138.201.31.13:3334)

TCP:
Connects to static.12.31.201.138.clients.your-server.de  (138.201.31.12:3336)

TCP:
Connects to ip217.ip-178-32-196.eu  (178.32.196.217:8050)

TCP:
Connects to ip20.ip-144-217-101.net  (144.217.101.20:8005)

TCP (HTTP):
Connects to ip106.ip-79-137-57.eu  (79.137.57.106:8080)

TCP:
Connects to xmr-tmp8.crypto-pool.fr  (212.129.34.121:8888)

TCP:
Connects to xmr-tmp4.crypto-pool.fr  (212.129.46.191:6666)

TCP:
Connects to xmr7.crypto-pool.fr  (212.129.44.157:7777)

TCP:
Connects to xmr6.crypto-pool.fr  (212.129.44.156:7777)

Remove EpicScale64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.