home

eGdpSvc.exe

Wsys Control

Banyan Tree Technology Limited

The application eGdpSvc.exe, “Wsys Control 1.0.0.2598” by Banyan Tree Technology Limited has been detected as adware by 36 anti-malware scanners. This is a setup program which is used to install the application. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).
Publisher:
Wsys Co., Ltd.  (signed by Banyan Tree Technology Limited)

Product:
Wsys Control

Description:
Wsys Control 1.0.0.2598

Version:
1.0.0.2598

MD5:
dd8227b330a018de8e8a92dbd66f7912

SHA-1:
f70d4b55feef7c4ed7f913741829e047503fa820

SHA-256:
0a7d8bc5853237b9d2c5a687fcbed5eb9fef484108ef2f2d1c621375511b5c78

Scanner detections:
36 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
5/19/2024 5:07:31 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
MemScan:Application.ExqPage.C
1105

Agnitum Outpost
Trojan.Wysotot
7.1.1

AhnLab V3 Security
Trojan/Win32.Staser
2013.12.29

Avira AntiVirus
SPR/Tool.302765
7.11.122.154

avast!
Win32:Rootkit-gen [Rtk]
2014.9-140126

AVG
Generic34
2015.0.3583

Baidu Antivirus
Trojan.Win32.StartPage
4.0.3.14126

Bitdefender
MemScan:Application.ExqPage.C
1.0.20.130

Bkav FE
W32.Clod45a.Trojan
1.3.0.4613

Boost by Reason
Optional.BanyanTreeTechnologyLimited.H
188756

Comodo Security
Application.Win32.Elex.A
17513

Dr.Web
Adware.Mutabaha.20
9.0.1.026

Emsisoft Anti-Malware
Adware.Agent.NRQ
8.14.01.26.01

ESET NOD32
Win32/ELEX (variant)
8.9190

Fortinet FortiGate
W32/Staser.FV!tr
1/26/2014

F-Secure
MemScan:Application.ExqPage.C
11.2014-26-01_1

G Data
MemScan:Application.ExqPage
14.1.22

IKARUS anti.virus
Application.ExqPage
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10656

Kaspersky
Trojan.Win32.Staser
14.0.0.4410

Malwarebytes
PUP.Optional.Wsys.A
v2014.01.26.01

McAfee
Artemis!3E08DD78844C
5600.7239

Microsoft Security Essentials
Trojan:Win32/Wysotot.A
1.165.247.01

MicroWorld eScan
MemScan:Application.ExqPage.C
15.0.0.78

NANO AntiVirus
Trojan.Win32.ZAccess.crkyvu
0.28.0.57029

nProtect
Trojan/W32.Agent.380992.B
13.10.09.02

Panda Antivirus
Trj/CI.A
14.01.26.01

Quick Heal
Trojan.Agent.gen
1.14.12.00

Reason Heuristics
PUP.BanyanTreeTechnologyLimited.H
14.3.4.6

Sophos
Mal/Generic-S
4.93

SUPERAntiSpyware
Trojan.Agent/Gen-Wysotot
10823

Trend Micro House Call
TROJ_GEN.R0CBH07JR13
7.2.26

Trend Micro
TROJ_SPNV.03JK13
10.465.26

Vba32 AntiVirus
Backdoor.ZAccess
3.12.24.3

VIPRE Antivirus
Elex Installer
24844

ViRobot
Trojan.Win32.S.Staser.303168
2011.4.7.4223

File size:
870.6 KB (891,456 bytes)

Product version:
1.0.0.2598

Copyright:
Copyright (C) 2013

Original file name:
eGdpSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\egdpsvc.exe

Digital Signature
Signed by:
Banyan Tree Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/10/2013 10:48:54 AM

Valid to:
1/11/2015 10:48:54 AM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
8/2/2013 2:10:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:2G9J2fE/sTdFr5Cz4LvQqtkN9AGTYPUt1dIXfs1k:2G9J50TdFrgz3qxdct3us6

Entry address:
0x11450D

Entry point:
9C, C7, 04, 24, 22, BB, FE, EF, E9, 09, 34, 0C, 00, C6, 04, 24, 63, 8D, 64, 24, 40, 0F, 85, 85, 37, FF, FF, E9, 47, 29, FF, FF, 5E, 2C, 74, B3, AE, 03, 71, 6B, 48, 1D, 0A, C8, 60, 3A, F8, 90, 07, E9, B7, 20, 9E, CC, FC, 75, 57, 25, 55, 44, 96, 1B, 81, 33, F9, 6F, 41, 12, 0B, D8, A1, 86, 83, 48, 3D, 32, 00, B8, AE, C7, 13, 22, 44, A6, 6E, 45, 15, 89, FE, 75, 5F, 2D, D4, B2, 70, EC, 26, E8, B6, B0, A7, 12, BB, C8, 3F, 01, B2, 94, 6D, DD, AC, AF, 8B, 84, D2, A4, 86, 67, E3, DD, 31, 8E, DB, 54, C1, 2A, 6F, B8...
 
[+]

Code size:
234.5 KB (240,128 bytes)

The file eGdpSvc.exe has been seen being distributed by the following URL.

http://www.twonext.com/download/.../eGdpSvc.exe

Remove eGdpSvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.