» eGdpSvc.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (1)
Network (1)

eGdpSvc.exe

eSafe Security Control

Banyan Tree Technology Limited

The application eGdpSvc.exe, “eSafe Security Control 1.0.0.1982” by Banyan Tree Technology Limited has been detected as adware by 10 anti-malware scanners. This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “eSafe Service”. This file is typically installed with the program eSafe Security Control 1.0.0.1982 by eSafe Security Co., Ltd. which is a potentially unwanted software program. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).

File name:

eGdpSvc.exe

Publisher:

eSafe Security Co., Ltd. (signed by Banyan Tree Technology Limited)

Product:

eSafe Security Control

Description:

eSafe Security Control 1.0.0.1982

Version:

1.0.0.1982

MD5:

a048327067d7bab53402b0cdc5a11754

SHA-1:

17dc98e507152360afae4ce4889edfa880ddeb99

SHA-256:

a2ce3c318d4280281e2b5e029fab980470cf88d2d17274b01b83fedfe09a41d0

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:

5/19/2024 5:57:21 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.TPM

7.1.1

AhnLab V3 Security

Trojan/Win32.Staser

2013.12.30

AVG

MalSign.Generic

2014.0.3608

Comodo Security

TrojWare.Win32.Agent.COC

17517

ESET NOD32

Win32/ELEX

7.9190

Kaspersky

Trojan.Win32.Staser

14.0.0.4537

Reason Heuristics

PUP.Service.BanyanTreeTechnologyLimited.H

14.2.17.4

Rising Antivirus

PE:Backdoor.Zegost!1.6AA6

23.00.65.131229

Vba32 AntiVirus

Trojan.Staser

3.12.24.3

VIPRE Antivirus

Elex Installer

24872

File size:

946.6 KB (969,280 bytes)

Product version:

1.0.0.1982

Original file name:

eGdpSvc.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\esafe\egdpsvc.exe

Digital Signature

Signed by:

Banyan Tree Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

1/10/2013 6:18:54 AM

Valid to:

1/11/2015 6:18:54 AM

Subject:

CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata

Compilation timestamp:

3/6/2013 10:37:11 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:2t5OxI2P+W9p60nf4E7enZVPijUnglubQlAZ:O5Oxxz6/EIeUglmZ

Entry address:

0x212000

Entry point:

83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 90, 0C, 00, 2D, 1C, 8A, 09, 10, 05, 11, 8A, 09, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 79, 50, 27, 4F, 68, D1, AB, 17, 69, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, EC, 95, DF, 3C, B8, 51, 0F, 7A, F7, 47, F7, 44, 6B, 67... 
[+]

Code size:

222 KB (227,328 bytes)

Service

Display name:

eSafe Service

Service name:

eSafeSvc

Description:

System eSafe update service

Type:

Win32OwnProcess

Group:

SchedulerGroup

The file eGdpSvc.exe has been discovered within the following program.

eSafe Security Control 1.0.0.1982 by eSafe Security Co., Ltd.

eSafe Security Control, also known as Delta-Home is a web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

66% remove it

The file eGdpSvc.exe has been seen being distributed by the following URL.

http://www.twonext.com/download/.../eGdpSvc.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 1a.2d.6132.ip4.static.sl-reverse.com (50.97.45.26:80)

Remove eGdpSvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.