» eGdpSvc.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

eGdpSvc.exe

eSafe Security Control

Banyan Tree Technology Limited

The application eGdpSvc.exe, “eSafe Security Control 1.0.0.2405” by Banyan Tree Technology Limited has been detected as adware by 15 anti-malware scanners. This file is typically installed with the program eSafe Security Control 1.0.0.2522 by Banyan Tree Technology Limited which is a potentially unwanted software program. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).

File name:

eGdpSvc.exe

Publisher:

eSafe Security Co., Ltd. (signed by Banyan Tree Technology Limited)

Product:

eSafe Security Control

Description:

eSafe Security Control 1.0.0.2405

Version:

1.0.0.2405

MD5:

e536d1cde3f600f49d606aded29a50e2

SHA-1:

7e717e51a164deca6b12555d900341b01dc34e1a

SHA-256:

92379f3a8c3dfb0b35360714c34947daeeb086eb45262215899e05aaff388c59

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:

5/27/2024 2:02:15 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Staser

2013.11.25

AVG

Banan.B

2015.0.3604

Baidu Antivirus

Adware.Win32.ElexInstall

4.0.3.1415

Dr.Web

Adware.Siggen.25992

9.0.1.05

ESET NOD32

Win32/ELEX (variant)

8.9091

Fortinet FortiGate

W32/Staser.FV!tr

1/5/2014

IKARUS anti.virus

Trojan.Win32.Staser

t3scan.2.2.29

K7 AntiVirus

Trojan

13.174.10294

Kaspersky

Trojan.Win32.Staser

14.0.0.4514

McAfee

PUP-FCT!E536D1CDE3F6

5600.7260

Microsoft Security Essentials

Trojan:Win32/Wysotot.C

1.163.1557.0

nProtect

Trojan/W32.Staser.360512

13.11.25.02

Reason Heuristics

PUP.BanyanTreeTechnologyLimited.H

14.2.21.4

Sophos

Elex

4.95

VIPRE Antivirus

Elex Installer

23700

File size:

352.1 KB (360,512 bytes)

Product version:

1.0.0.2405

Original file name:

eGdpSvc.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\egdpsvc.exe

Digital Signature

Signed by:

Banyan Tree Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

1/10/2013 8:18:54 AM

Valid to:

1/11/2015 8:18:54 AM

Subject:

CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata

Compilation timestamp:

5/29/2013 5:46:45 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:6lcXOWeCw/DLa0u8E3aOP7JhIJr06XUTX3h6OL/S8zuu3pY+bEel4UYmwyXTMN1U:6lc/eCh33xX4r0G4ndzu1TYVfXejxu0g

Entry address:

0x1EB5A

Entry point:

E8, AE, BC, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 95, 4B, 00, 00, 6A, 16, 5E, 89, 30, E8, A3, 6D, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 51, 4B, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 83, EC, 10, 56, 89, 55, FC... 
[+]

Entropy:

5.9695

Code size:

222.5 KB (227,840 bytes)

The file eGdpSvc.exe has been discovered within the following program.

eSafe Security Control 1.0.0.2522 by Banyan Tree Technology Limited

eSafe is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

83% remove it

The file eGdpSvc.exe has been seen being distributed by the following URL.

http://www.twonext.com/download/.../eGdpSvc.exe

Remove eGdpSvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.