» eDownload.exe
Overview
Analysis
File Details
Downloads (1)

eDownload.exe

eDownload Module

Banyan Tree Technology Limited

The application eDownload.exe by Banyan Tree Technology Limited has been detected as adware by 3 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).The file has been seen being downloaded from www.goplayer.cc.

File name:

eDownload.exe

Publisher:

Banyan Tree Technology Limited (signed and verified)

Product:

eDownload Module

Version:

5.1.8.2321

MD5:

9036633ddab776596321eb96685444d5

SHA-1:

9667a1a8b0b9b5c0ff2240ac04c80f5a7501c1ec

SHA-256:

1f1bf3aca9bc030283616a564cefe0d6a62670654ebdd5123aeebe142cef71da

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:

4/25/2024 4:16:32 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/ELEX (variant)

8.8697

Reason Heuristics

PUP.BanyanTreeTechnologyLimited.J

14.4.13.9

VIPRE Antivirus

Elex Installer

20584

File size:

487.1 KB (498,784 bytes)

Product version:

5.1.8.2321

Original file name:

eDownload.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\edownload.exe

Digital Signature

Signed by:

Banyan Tree Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

1/10/2013 12:18:54 AM

Valid to:

1/11/2015 12:18:54 AM

Subject:

CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata

Compilation timestamp:

4/27/2013 3:23:52 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:/y0hyl2GLApjwwdrr43LzDY/zlc4TyO4g2cHFhTa2eyK:6Qyl2GLuM3DfiyOrHFhzK

Entry address:

0xEA270

Entry point:

60, BE, 00, 70, 49, 00, 8D, BE, 00, A0, F6, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.4900

Packer / compiler:

UPX 2.90LZMA]

Code size:

336 KB (344,064 bytes)

The file eDownload.exe has been seen being distributed by the following URL.

http://www.goplayer.cc/.../HDfilm.exe

Remove eDownload.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.