» eGdpSvc.exe
Overview
Analysis
File Details
Programs (2)
Downloads (1)
Network (2)

eGdpSvc.exe

eSafe Security Control

Banyan Tree Technology Limited

The application eGdpSvc.exe, “eSafe Security Control 1.0.0.2522” by Banyan Tree Technology Limited has been detected as adware by 11 anti-malware scanners. Additionally, the file is typically installed by a number of programs including eSafe Security Control 1.0.0.2522 by Banyan Tree Technology Limited and Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited, both potentially unwanted software. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).

File name:

eGdpSvc.exe

Publisher:

eSafe Security Co., Ltd. (signed by Banyan Tree Technology Limited)

Product:

eSafe Security Control

Description:

eSafe Security Control 1.0.0.2522

Version:

1.0.0.2522

MD5:

7d8dd3520a5b113a248b4867492e7dfe

SHA-1:

8157d0c50cdad9f608fcc1698d945a9c16114b35

SHA-256:

c22379672bf9062d10a197b93046d5c8bf18edb26f9e654699f840c91b6c6edb

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:

5/27/2024 7:17:17 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Staser

2013.10.25

AVG

Win32/DH{AB41DCcoXSAiJQ}

2014.0.3616

Dr.Web

Adware.Mutabaha.14

9.0.1.0357

ESET NOD32

Win32/ELEX (variant)

7.8963

Fortinet FortiGate

W32/Staser.FV!tr

12/23/2013

IKARUS anti.virus

Trojan.Win32.Staser

t3scan.2.0.127

K7 AntiVirus

Trojan

13.173.9980

Kaspersky

Trojan.Win32.Staser

14.0.0.4577

McAfee

PUP-FCT!7D8DD3520A5B

5600.7272

Reason Heuristics

PUP.BanyanTreeTechnologyLimited.H

14.3.3.12

VIPRE Antivirus

Elex Installer

22702

File size:

353.1 KB (361,536 bytes)

Product version:

1.0.0.2522

Original file name:

eGdpSvc.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\egdpsvc.exe

Digital Signature

Signed by:

Banyan Tree Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

1/9/2013 9:18:54 PM

Valid to:

1/10/2015 9:18:54 PM

Subject:

CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata

Compilation timestamp:

6/19/2013 8:20:30 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:iN9HqEh3SI7EgX5MbM0VVfmxuIpcksZMkTOHpY+V6nI0gZ4oXTMN3NEDRELL:iN9HqEhC25Mo0zf6jsMHerneFXECCn

Entry address:

0x1F01B

Entry point:

E8, DD, B8, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, CC, 47, 00, 00, 6A, 16, 5E, 89, 30, E8, D2, 69, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 88, 47, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 83, EC, 10, 56, 89, 55, FC... 
[+]

Entropy:

5.9755

Code size:

223.5 KB (228,864 bytes)

The file eGdpSvc.exe has been discovered within the following programs.

eSafe Security Control 1.0.0.2522 by Banyan Tree Technology Limited

eSafe is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

83% remove it

Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited

Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

68% remove it

The file eGdpSvc.exe has been seen being distributed by the following URL.

http://www.twonext.com/download/.../eGdpSvc.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a9.a2.a86c.ip4.static.sl-reverse.com (108.168.162.169:80)

TCP (HTTP):

Connects to 7d.a0.a86c.ip4.static.sl-reverse.com (108.168.160.125:80)

Remove eGdpSvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.