× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e801983081c6645428a7b5eb7bd4de51cd3442a0b30482f04355d144e4898656
File name: e801983081c6645428a7b5eb7bd4de51cd3442a0b30482f04355d144e4898656.bin
Detection ratio: 36 / 57
Analysis date: 2017-01-24 15:10:08 UTC ( 1 year, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Application.BitCoinMiner.40 20170124
Antiy-AVL GrayWare[RiskTool:not-a-virus]/Win32.BitCoinMiner.xrd 20170124
Arcabit PUP.RiskTool.BitCoinMiner 20170124
Avast Win32:EpicScale-B [PUP] 20170124
AVG EpicScale.348 20170124
Avira (no cloud) PUA/EpicScale.Gen 20170124
AVware Trojan.Win32.Generic!BT 20170124
BitDefender Gen:Variant.Application.BitCoinMiner.40 20170124
CAT-QuickHeal PUA.Epicscale.Gen 20170124
ClamAV Win.Trojan.Epicscale-3 20170124
Comodo Application.Win32.EpicScale.A 20170124
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20161024
Cyren W32/S-f4486186!Eldorado 20170124
DrWeb Program.EpicScale.1 20170124
Emsisoft Gen:Variant.Application.BitCoinMiner.40 (B) 20170124
ESET-NOD32 Win32/EpicScale.A potentially unwanted 20170124
F-Prot W32/S-f4486186!Eldorado 20170124
F-Secure Gen:Variant.Application.BitCoinMiner 20170124
GData Gen:Variant.Application.BitCoinMiner.40 20170124
Ikarus PUA.EpicScale 20170124
Sophos ML virus.win32.chir.b@mm 20170111
Jiangmin Trojan/Generic.bevgr 20170124
K7AntiVirus Unwanted-Program ( 004b578c1 ) 20170124
K7GW Unwanted-Program ( 004b578c1 ) 20170124
Kaspersky Trojan.Win32.Scar.pizz 20170124
Malwarebytes PUP.Optional.EpicScale 20170124
eScan Gen:Variant.Application.BitCoinMiner.40 20170124
NANO-Antivirus Riskware.Win32.BitCoinMiner.dpffln 20170124
nProtect Trojan/W32.Scar.339848 20170124
Panda Generic Suspicious 20170123
Rising Malware.Generic!P9Qxtk6ObWG@5 (thunder) 20170124
SUPERAntiSpyware Hack.Tool/Gen-BitCoinMiner 20170124
VBA32 Trojan.Scar 20170124
VIPRE Trojan.Win32.Generic!BT 20170124
Yandex Riskware.BitCoinMiner! 20170123
Zillya Trojan.ScarCRTD.Win32.2211 20170124
AegisLab 20170124
AhnLab-V3 20170124
Alibaba 20170122
ALYac 20170124
Baidu 20170124
Bkav 20170123
CMC 20170124
Fortinet 20170124
Kingsoft 20170124
McAfee 20170124
McAfee-GW-Edition 20170124
Microsoft 20170124
Qihoo-360 20170124
Sophos AV 20170124
Symantec 20170124
Tencent 20170124
TheHacker 20170123
TotalDefense 20170124
TrendMicro 20170124
TrendMicro-HouseCall 20170124
Trustlook 20170124
ViRobot 20170124
WhiteArmor 20170123
Zoner 20170124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) EpicScale Inc. All rights reserved.

Product EpicScale
Original name EpicScale.exe
Internal name EpicScale.exe
File version 1.0.0.0
Description EpicScale module
Signature verification Certificate out of its validity period
Signers
[+] Epic Scale
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 5/14/2014
Valid to 12:59 AM 5/15/2015
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 45D4649DC20F0B9548A712BFBA751F727D228107
Serial number 60 5C 2C 85 21 EE 66 CB D7 D0 5A 75 7E 3E EB C1
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-20 16:59:02
Entry Point 0x0001B385
Number of sections 5
PE sections
Overlays
MD5 e8d275294df0fd633e4754057910d5f9
File type data
Offset 334336
Size 5512
Entropy 7.22
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegGetValueW
RegOpenKeyExW
RegOpenKeyW
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CryptMsgClose
CertGetNameStringW
CryptMsgGetParam
CryptDecodeObject
SetMapMode
TextOutW
SaveDC
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
lstrcmpiA
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
MoveFileW
GetFullPathNameW
OutputDebugStringA
SetLastError
GlobalFindAtomW
lstrcpynW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
WriteProcessMemory
LoadLibraryA
LoadLibraryExA
SetThreadPriority
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
CreateEventW
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
Module32NextW
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
InitializeCriticalSectionEx
RtlUnwind
CopyFileW
UnlockFile
GetFileSize
LCMapStringW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
CompareStringW
lstrcpyW
GetFileSizeEx
GlobalReAlloc
lstrcmpA
GetModuleHandleA
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
SetEvent
ReadConsoleW
GetTimeZoneInformation
CreateFileW
GetConsoleWindow
CreateEventA
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
GlobalDeleteAtom
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
LockFile
Module32FirstW
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
HeapQueryInformation
WideCharToMultiByte
HeapSize
SuspendThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
GetTempPathW
VirtualQuery
Sleep
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantClear
VariantInit
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
PathIsUNCW
PathStripToRootW
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
RedrawWindow
GetForegroundWindow
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
IsWindow
GrayStringW
ClientToScreen
GetMessageTime
SetMenuItemInfoW
DispatchMessageW
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
UnregisterClassW
GetClassInfoW
DrawTextW
CallNextHookEx
GetActiveWindow
GetWindowTextW
GetTopWindow
GetMenuItemID
DestroyWindow
GetClassInfoExW
UpdateWindow
GetPropW
GetMessageW
ShowWindow
SetPropW
GetDesktopWindow
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
EnableMenuItem
GetSubMenu
CopyRect
GetSysColorBrush
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
PtInRect
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
DefWindowProcW
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
PostMessageW
CreateDialogParamW
CheckMenuItem
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
RemovePropW
ScreenToClient
GetMenuItemCount
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
GetDC
SetForegroundWindow
DrawTextExW
EndDialog
FindWindowW
GetCapture
GetWindowThreadProcessId
MessageBoxW
SendMessageW
UnhookWindowsHookEx
DialogBoxParamW
AdjustWindowRectEx
GetSysColor
SetDlgItemTextW
GetKeyState
IsWindowVisible
WinHelpW
MonitorFromWindow
CallWindowProcW
GetClassNameW
GetClientRect
GetFocus
SetMenu
GetMenuCheckMarkDimensions
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetSetStatusCallbackW
InternetQueryDataAvailable
InternetConnectW
InternetCanonicalizeUrlW
InternetCloseHandle
InternetWriteFile
InternetCrackUrlW
InternetGetLastResponseInfoW
HttpSendRequestW
InternetErrorDlg
InternetReadFile
InternetSetFilePointer
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
ImageDirectoryEntryToData
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_DIALOG 2
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.63

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
135168

EntryPoint
0x1b385

OriginalFileName
EpicScale.exe

MIMEType
application/octet-stream

LegalCopyright
(c) EpicScale Inc. All rights reserved.

FileVersion
1.0.0.0

TimeStamp
2014:11:20 17:59:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
EpicScale.exe

ProductVersion
1.0.0.0

FileDescription
EpicScale module

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
EpicScale Inc.

CodeSize
215040

ProductName
EpicScale

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2a0ba6d117d79e2d63b8ac87f4608e09
SHA1 1e2d71f4591b1557a8b69e7679268e174a65a861
SHA256 e801983081c6645428a7b5eb7bd4de51cd3442a0b30482f04355d144e4898656
ssdeep
6144:QD2nT5hLggksLfkhzhOQX3sic3cDSsDda8QPyOVKt:HT70gXfihOQX3sdsDSsSPrVU

authentihash df0aa48b54ce1648571b65fd8c750cb2cf111c70f0ae8d14b07ced81c8c84719
imphash a61496357474a1712ccf223d159e08ea
File size 331.9 KB ( 339848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-12-03 07:25:03 UTC ( 3 years, 9 months ago )
Last submission 2017-01-24 15:10:08 UTC ( 1 year, 7 months ago )
File names EpicScale.exe
e801983081c6645428a7b5eb7bd4de51cd3442a0b30482f04355d144e4898656.bin
EpicScale.v
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!