home

eGdpSvc.exe

Wsys Control

Banyan Tree Technology Limited

The application eGdpSvc.exe, “Wsys Control 1.0.0.2598” by Banyan Tree Technology Limited has been detected as adware by 29 anti-malware scanners. This is a setup program which is used to install the application. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).
Publisher:
Wsys Co., Ltd.  (signed by Banyan Tree Technology Limited)

Product:
Wsys Control

Description:
Wsys Control 1.0.0.2598

Version:
1.0.0.2598

MD5:
0acf3e8f9f84b1007e4da72e8fa4eb96

SHA-1:
6f2eac4f7f818f4c8da47004d44e721b1af22e21

SHA-256:
cbb814b25c9fd25361cdfd2a3a826cf6453ccada9970a0b575685f628f9b970e

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
5/19/2024 6:36:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
MemScan:Application.ExqPage.C
1137

Agnitum Outpost
Trojan.Wysotot
7.1.1

AhnLab V3 Security
Trojan/Win32.Staser
2013.12.29

Avira AntiVirus
SPR/Tool.302765
7.11.122.154

avast!
Win32:Rootkit-gen [Rtk]
2014.9-131225

AVG
Generic34
2014.0.3615

Baidu Antivirus
Trojan.Win32.StartPage
4.0.3.131225

Bitdefender
MemScan:Application.ExqPage.C
1.0.20.1795

Bkav FE
W32.Clod45a.Trojan
1.3.0.4613

Boost by Reason
Optional.BanyanTreeTechnologyLimited.H
188163

Comodo Security
Application.Win32.Elex.A
17513

Dr.Web
Adware.Mutabaha.20
9.0.1.0359

ESET NOD32
Win32/ELEX (variant)
7.9190

F-Secure
MemScan:Application.ExqPage.C
11.2013-25-12_4

G Data
MemScan:Application.ExqPage
13.12.22

IKARUS anti.virus
Application.ExqPage
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10656

Kaspersky
Trojan.Win32.Staser
14.0.0.4568

Malwarebytes
PUP.Optional.Wsys.A
v2013.12.25.09

Microsoft Security Essentials
Trojan:Win32/Wysotot.A
1.165.247.01

MicroWorld eScan
MemScan:Application.ExqPage.C
14.0.0.1077

NANO AntiVirus
Trojan.Win32.ZAccess.crkyvu
0.28.0.57029

Reason Heuristics
PUP.BanyanTreeTechnologyLimited.H
14.2.20.20

SUPERAntiSpyware
Trojan.Agent/Gen-Wysotot
10886

Trend Micro House Call
TROJ_GEN.R0CBH07JR13
7.2.359

Trend Micro
TROJ_SPNV.03JK13
10.465.25

Vba32 AntiVirus
Backdoor.ZAccess
3.12.24.3

VIPRE Antivirus
Elex Installer
24844

ViRobot
Trojan.Win32.S.Staser.303168
2011.4.7.4223

File size:
296.1 KB (303,168 bytes)

Product version:
1.0.0.2598

Copyright:
Copyright (C) 2013

Original file name:
eGdpSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\e48da9d3fc8e4d50910e0717c0d68ffb\egdpsvc.exe

Digital Signature
Signed by:
Banyan Tree Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/10/2013 6:18:54 AM

Valid to:
1/11/2015 6:18:54 AM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
8/14/2013 4:32:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:8zix8aBZUg9bS4KJlWgEyO+BFoqjHH6oHI4C/mUJqkywsSl:8ziSaBWgw8gFFnHztoD

Entry address:
0x1000

Entry point:
68, 01, 10, 46, 00, E8, 01, 00, 00, 00, C3, C3, D8, B5, 84, 85, E0, AF, 5B, A3, DB, 55, AF, 43, 13, 31, C3, D7, 70, E4, 85, DD, 82, AB, 8B, D3, EE, 26, 48, C4, 6D, B3, 73, E6, 1C, 51, 79, 42, DA, C2, B1, 4C, 98, B6, 4F, 30, 8D, 6B, C9, A5, E5, 7A, EB, 95, AC, 92, 35, 9D, E7, 49, 26, 62, F9, CF, C5, 2F, DD, 2E, 51, 0B, AE, 01, 6A, 7D, 27, 7A, F9, DE, EC, B1, 70, 22, E5, CB, AD, D6, 82, 06, D8, 31, CD, 0C, 6E, BA, BD, D0, 22, 73, 25, 4B, 3E, 2D, 13, B6, 16, 70, 27, 87, BE, 65, B8, 23, C0, 65, CD, 47, AA, 8D...
 
[+]

Code size:
234.5 KB (240,128 bytes)

The file eGdpSvc.exe has been seen being distributed by the following URL.

http://www.twonext.com/download/.../eGdpSvc.exe

Remove eGdpSvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.