home

eGdpSvc.exe

Wsys Control

Banyan Tree Technology Limited

The application eGdpSvc.exe, “Wsys Control 1.0.0.2539” by Banyan Tree Technology Limited has been detected as adware by 20 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.twonext.com.
Publisher:
Wsys Co., Ltd.  (signed by Banyan Tree Technology Limited)

Product:
Wsys Control

Description:
Wsys Control 1.0.0.2539

Version:
1.0.0.2539

MD5:
640d75dc77f6d0cfe654f7ea5bfe1421

SHA-1:
e57a50583700651988e3659c5c608b191ffe1dbe

SHA-256:
f5a809d066d21365dff7d62434ee17a2b9ef43475c0e086ad76d226ef0f892a4

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
5/19/2024 4:36:28 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Staser
2013.10.10

AVG
Generic34
2014.0.3617

Bitdefender
Adware.Generic.561930
1.0.20.1780

Boost by Reason
Optional.BanyanTreeTechnologyLimited.H
188163

Comodo Security
Application.Win32.Agent.~WY
17076

Dr.Web
Adware.Mutabaha.15
9.0.1.0356

Emsisoft Anti-Malware
Adware.Generic.561930
8.13.12.22.04

ESET NOD32
Win32/ELEX (variant)
7.8895

Fortinet FortiGate
Adware/Agent
12/22/2013

F-Prot
W32/Clicker.CI
v6.4.7.1.166

F-Secure
Adware.Generic.561930
11.2013-22-12_1

G Data
Adware.Generic.561930
13.12.22

Kaspersky
Trojan.Win32.Staser
14.0.0.4581

Malwarebytes
Adware.Elex
v2013.12.22.04

McAfee
PUP-FCT!640D75DC77F6
5600.7273

MicroWorld eScan
Adware.Generic.561930
14.0.0.1068

Reason Heuristics
PUP.BanyanTreeTechnologyLimited.H
14.3.3.11

Vba32 AntiVirus
Trojan.Staser
3.12.24.3

VIPRE Antivirus
Elex Installer
22224

ViRobot
Trojan.Win32.S.Agent.386112
2011.4.7.4223

File size:
377.1 KB (386,112 bytes)

Product version:
1.0.0.2539

Copyright:
Copyright (C) 2013

Original file name:
eGdpSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\egdpsvc.exe

Digital Signature
Signed by:
Banyan Tree Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/10/2013 5:18:54 AM

Valid to:
1/11/2015 5:18:54 AM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
7/4/2013 8:16:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:IDj3Zk+I21yP/C05c0Ebt7y8ltvy8XL12ng9:uDNIzPXGp7/ltvyMAng9

Entry address:
0x2280B

Entry point:
E8, DD, B8, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, CC, 47, 00, 00, 6A, 16, 5E, 89, 30, E8, D2, 69, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 88, 47, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 83, EC, 10, 56, 89, 55, FC...
 
[+]

Entropy:
5.9807

Code size:
240 KB (245,760 bytes)

The file eGdpSvc.exe has been seen being distributed by the following URL.

http://www.twonext.com/download/.../eGdpSvc.exe

Remove eGdpSvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.