» sclc.exe
Overview
Analysis
File Details
Network (1)

sclc.exe

Smart Compute Ltd

The application sclc.exe by Smart Compute has been detected as adware by 5 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

sclc.exe

Publisher:

Smart Compute Ltd (signed and verified)

MD5:

28b8fbd6f855222bba8ffbdecf710a80

SHA-1:

e1194a70c0feadaa39f0194591ef5b6fb989e16b

SHA-256:

3287f4390a82dcb0184232e31524e89051eef21922e042058112253605e66cd3

Scanner detections:

5 / 68

Status:

Adware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/26/2024 10:47:32 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:BitCoinMiner-FA [PUP]

2014.9-140108

G Data

Win32.Trojan.Agent.MWWLB9

14.1.22

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.2.2.29

Reason Heuristics

PUP.SmartCompute.E

14.8.31.22

Trend Micro House Call

TROJ_GEN.F47V1120

7.2.8

File size:

363.4 KB (372,104 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\smart compute\researcher\sclc.exe

Digital Signature

Signed by:

Smart Compute Ltd

Authority:

COMODO CA Limited

Valid from:

7/5/2013 1:00:00 AM

Valid to:

7/6/2014 12:59:59 AM

Subject:

CN=Smart Compute Ltd, O=Smart Compute Ltd, POBox=Suite LP21498, STREET=145-157 St John Street, L=Clerkenwell, S=London, PostalCode=EC1V 4PW, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00CB9E4160189018A02F5EC6ABCEC74C32

File PE Metadata

Compilation timestamp:

11/14/2013 7:05:16 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.23

CTPH (ssdeep):

3072:UHm++GNkARlcMvIch3L21RMYzAc0Cv8O5qJUnsJ2X4fvlw8EGXqz8kd96xlWDgOz:MjRRvIcFLeMmv8MqGRidw8EGXvWlUj1A

Entry address:

0x1570

Entry point:

83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, 08, 23, 43, 00, E8, FB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 08, 23, 43, 00, E8, DB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 50, 23, 43, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 34, 23, 43, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, B0, 42, 00, E8, 2E, 73, 02, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44... 
[+]

Code size:

160.5 KB (164,352 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to ec2-54-243-211-103.compute-1.amazonaws.com (54.243.211.103:3333)

Remove sclc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.