» eGdpSvc.exe
Overview
Analysis
File Details
Programs (3)
Downloads (1)
Network (1)

eGdpSvc.exe

eSafe Security Control

Banyan Tree Technology Limited

The application eGdpSvc.exe, “eSafe Security Control 1.0.0.2359” by Banyan Tree Technology Limited has been detected as adware by 20 anti-malware scanners. This is a setup program which is used to install the application. Additionally, the file is typically installed by a number of programs including eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd. and Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).

File name:

eGdpSvc.exe

Publisher:

eSafe Security Co., Ltd. (signed by Banyan Tree Technology Limited)

Product:

eSafe Security Control

Description:

eSafe Security Control 1.0.0.2359

Version:

1.0.0.2359

MD5:

f31572c8035eeb5cfecfe406925ebadd

SHA-1:

086f56fa97a392ae2113718e2b3a71b1874927bb

SHA-256:

3f502030ae1fbd66b033bf236dbe65acac526a203cb7be1594e21de486c2558e

Scanner detections:

20 / 68

Status:

Adware

Explanation:

Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:

4/24/2024 1:21:30 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Staser

7.1.1

AhnLab V3 Security

Trojan/Win32.Staser

2014.01.13

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.132.250

AVG

Skodna.Generic_c

2015.0.3582

Baidu Antivirus

Adware.Win32.ElexInstall

4.0.3.14126

Bkav FE

W32.Cloda2b.Trojan

1.3.0.4613

Dr.Web

Adware.Siggen.25992

9.0.1.026

ESET NOD32

Win32/ELEX (variant)

8.9280

K7 AntiVirus

Trojan

13.175.10814

Kaspersky

Trojan.Win32.Staser

14.0.0.4406

McAfee

PUP-FCT!F31572C8035E

5600.7238

Microsoft Security Essentials

Trojan:Win32/Wysotot.C

1.165.247.01

NANO AntiVirus

Trojan.Win32.Staser.crhlsy

0.28.0.57029

nProtect

Trojan/W32.Staser.360512

14.01.10.01

Reason Heuristics

PUP.BanyanTreeTechnologyLimited.H

14.2.25.6

Total Defense

Win32/Wysotot.A!generic

37.0.10498

Trend Micro House Call

TROJ_GEN.R0CBB02LO13

7.2.26

Trend Micro

TROJ_GEN.R0CBC0EIM13

10.465.26

Vba32 AntiVirus

Trojan.Staser

3.12.24.3

VIPRE Antivirus

Elex Installer

25356

File size:

352.1 KB (360,512 bytes)

Product version:

1.0.0.2359

Original file name:

eGdpSvc.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\esafe\egdpsvc.exe

Digital Signature

Signed by:

Banyan Tree Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

1/10/2013 5:18:54 AM

Valid to:

1/11/2015 5:18:54 AM

Subject:

CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata

Compilation timestamp:

4/24/2013 7:43:34 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:lZcXGietd80ieEmfDeCy7JhFO307XvZTkbhpEbdpSox3rY+bEel4UYWw2XTMN1T7:lZcretZfDAXU307v5TSoGTYhTXeqUuG

Entry address:

0x1EB5A

Entry point:

E8, AE, BC, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 95, 4B, 00, 00, 6A, 16, 5E, 89, 30, E8, A3, 6D, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 51, 4B, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 83, EC, 10, 56, 89, 55, FC... 
[+]

Code size:

222.5 KB (227,840 bytes)

The file eGdpSvc.exe has been discovered within the following programs.

eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd.

Publisher's description - “eSafe provides content security, data control, and data leak prevention (DLP) solutions for incoming and outgoing Internet traffic through the edge of the network, including web surfing (web security gateway) and messaging (mail security gateway).”

www.safenet-inc.com/data-protection/content-security-esafe

About 9% of users remove it

eSafe Security Control 1.0.0.2522 by Banyan Tree Technology Limited

eSafe is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

83% remove it

Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited

Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

68% remove it

The file eGdpSvc.exe has been seen being distributed by the following URL.

http://www.twonext.com/download/.../eGdpSvc.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 1a.2d.6132.ip4.static.sl-reverse.com (50.97.45.26:80)

Remove eGdpSvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.