» egdpsvc.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (1)

egdpsvc.exe

Wsys Control

Skytouch Technology Co., Limited

The application egdpsvc.exe, “Wsys Control 10.2.1.2634” by Skytouch Technology Co., Limited has been detected as adware by 34 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Wsys Service”. This file is typically installed with the program DProtect by DProtect Lab which is a potentially unwanted software program.

File name:

egdpsvc.exe

Publisher:

Wsys Co., Ltd. (signed by Skytouch Technology Co., Limited)

Product:

Wsys Control

Description:

Wsys Control 10.2.1.2634

Version:

10.2.1.2634

MD5:

d0f52960ae4f2b30008f7ce7f115095d

SHA-1:

a0e294473a319f3e43049e743fb37fe52d73d92a

SHA-256:

e09b54d488667bbe1e4edc14cd631aa69ae7777304161664888ebe84c14ef866

Scanner detections:

34 / 68

Status:

Adware

Analysis date:

4/25/2024 7:18:48 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.ExqPage.I

1142

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Staser

2013.12.16

Avira AntiVirus

TR/Crypt.cfi.56

7.11.119.226

AVG

Crypt_c

2014.0.3620

Baidu Antivirus

Adware.Win32.ELEX

4.0.3.14226

Bitdefender

Application.ExqPage.I

1.0.20.1765

Bkav FE

W32.SharagolK.Trojan

1.3.0.4613

Boost by Reason

Optional.Service.SkytouchTechnologyCoLimited.H

188861

Comodo Security

TrojWare.Win32.Staser.RPV

17448

Dr.Web

Trojan.Siggen5.58631

9.0.1.0353

ESET NOD32

Win32/ELEX

7.9177

Fortinet FortiGate

W32/STASER.A!tr

12/19/2013

F-Secure

Application.ExqPage.I

11.2013-19-12_5

G Data

Application.ExqPage

13.12.22

IKARUS anti.virus

Trojan.Win32.Staser

t3scan.2.2.29

K7 AntiVirus

Riskware

13.174.10509

Kaspersky

Trojan.Win32.Staser

14.0.0.4595

Malwarebytes

PUP.Optional.Wsys.A

v2013.12.19.11

McAfee

RDN/Generic.dx!crf

5600.7276

Microsoft Security Essentials

Trojan:Win32/Wysotot.A

1.163.1557.0

MicroWorld eScan

Application.ExqPage.I

14.0.0.1059

NANO AntiVirus

Trojan.Win32.Cfi.cgvqke

0.28.0.56692

Norman

Suspicious_Gen4.FBMAJ

11.20131219

Panda Antivirus

Trj/OCJ.D

13.12.19.11

Quick Heal

Trojan.Agent.gen

12.13.12.00

Reason Heuristics

PUP.Service.SkytouchTechnologyCoLimited.H

14.3.20.14

Rising Antivirus

PE:Trojan.Staser!6.54D

23.00.65.131217

Sophos

Mal/VMProtBad-A

4.96

SUPERAntiSpyware

Trojan.Agent/Gen-Wysotot

10897

Trend Micro House Call

TROJ_GEN.R0CBB01JG13

7.2.353

Trend Micro

TROJ_FRS.BMA000IR13

10.465.19

Vba32 AntiVirus

Trojan.Staser

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

24416

File size:

469.1 KB (480,376 bytes)

Product version:

10.2.1.2634

Original file name:

Wsys.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\b3bf3e87264c4672887bf446d80f5c48\egdpsvc.exe

Digital Signature

Signed by:

Skytouch Technology Co., Limited

Authority:

GlobalSign nv-sa

Valid from:

7/8/2013 9:29:59 AM

Valid to:

7/9/2014 9:29:59 AM

Subject:

CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216078022FA91C0EB61326E0E8FDBE9C30

File PE Metadata

Compilation timestamp:

9/23/2013 9:04:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:x40gMyjFtZT9UJ/ESSIPDgwwoRteHNUvW4DEyXGW6fA/OC:xaM4FtlGJldbgwwoHeHLyBR

Entry address:

0x11F94E

Entry point:

56, C7, 04, 24, 0E, F8, 52, 79, 60, C7, 44, 24, 1C, F3, 83, 43, 55, 9C, 53, FF, 74, 24, 04, 88, 64, 24, 10, 8D, 64, 24, 28, E9, 88, 2E, 00, 00, 8D, 64, 24, 10, 0F, 82, 5A, 50, FD, FF, 3C, B7, 83, F9, 0A, 57, 53, 0F, B6, C0, B8, 03, 00, 00, 00, E9, 42, 71, FF, FF, 60, 9C, 89, 44, 24, 24, 68, 99, B9, 80, 72, E8, 03, 4F, FD, FF, F9, 01, C2, FF, 74, 24, 04, 51, 9C, 54, 8D, 64, 24, 34, E9, 5D, 61, FD, FF, 4C, 22, B1, 28, 58, F9, DC, 0E, 53, 93, EB, 2F, 73, CA, 20, 66, A2, E0, 1F, 84, FE, C0, 2A, 45, E0, 59, 82... 
[+]

Code size:

235 KB (240,640 bytes)

Service

Display name:

Wsys Service

Service name:

WsysSvc

Description:

Wsys update service

Type:

Win32OwnProcess

Windows Firewall Allowed Program

Name:

C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe

The file egdpsvc.exe has been discovered within the following program.

DProtect by DProtect Lab

DProtect is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings.

78% remove it

Remove egdpsvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.