home

eUpdate.exe

Banyan Tree Technology Limited

The application eUpdate.exe by Banyan Tree Technology Limited has been detected as adware by 24 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).The file has been seen being downloaded from file.soft365.com.
Publisher:
Banyan Tree Technology Limited  (signed and verified)

Version:
2.1.0.2548

MD5:
a19b0f3f08bb89cccfddcff0fc3ed783

SHA-1:
0e45e219443046ab10e2666c86dccc93418fec86

SHA-256:
7a6a048d38df7443675014a2aa871cb3d6ee44e8d0ff63af182bdd33cc06ce41

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
4/19/2024 4:16:30 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Sisproc
7.1.1

AhnLab V3 Security
Trojan/Win32.Swisyn
2013.10.01

Avira AntiVirus
TR/Comisproc.A.2101
7.11.105.76

AVG
Generic_r
2014.0.3542

Bitdefender
Application.ExqPage.D
1.0.20.1195

Boost by Reason
Adware.BanyanTreeTechnologyLimited.H
2013.8.27.13

Comodo Security
TrojWare.Win32.Trojan.Agent.Gen
17029

Dr.Web
Trojan.Click2.60353
9.0.1.0239

ESET NOD32
Win32/ELEX (variant)
7.8861

Fortinet FortiGate
W32/Dloadr.DSY!tr
8/27/2013

F-Secure
Application.ExqPage.D
11.2013-27-08_3

G Data
Application.ExqPage
13.8.22

IKARUS anti.virus
Application.ExqPage
t3scan.2.0.127

K7 AntiVirus
Riskware
13.172.9737

Malwarebytes
PUP.Optional.ESafe.A
v2013.08.27.01

McAfee
RDN/Generic PUP.x!b2v
5600.7180

MicroWorld eScan
Application.ExqPage.D
14.0.0.717

NANO AntiVirus
Trojan.Win32.Staser.ccmxbd
0.26.0.55041

Panda Antivirus
Trj/Genetic.gen
13.08.27.01

Reason Heuristics
PUP.BanyanTreeTechnologyLimited.H
14.3.1.0

Sophos
Troj/Dloadr-DSY
4.93

Trend Micro House Call
TROJ_GEN.R0C1H0AIA13
7.2.239

VIPRE Antivirus
Elex Installer
21986

ViRobot
Trojan.Win32.S.Swisyn.399416.B
2011.4.7.4223

File size:
390.1 KB (399,416 bytes)

Product version:
2.1.0.2548

Copyright:
Copyright (C) 2013

Original file name:
eUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\eupdate.exe

Digital Signature
Signed by:
Banyan Tree Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/9/2013 9:18:54 PM

Valid to:
1/10/2015 9:18:54 PM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
7/10/2013 11:51:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:AmUFii8SGt6X1bXQCZN3DuI5zUcx5UpTSmnt:AmUmSB9CO/x5jut

Entry address:
0x130F4

Entry point:
E8, 07, 52, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 3C, 83, 7D, 08, 00, 75, 13, E8, 67, 33, 00, 00, 6A, 16, 5E, 89, 30, E8, 72, 24, 00, 00, 8B, C6, EB, 25, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 09, E8, 49, 33, 00, 00, 6A, 22, EB, E0, 50, FF, 75, 10, FF, 75, 08, E8, 4E, EE, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 55, 8B, EC, 5D, E9, 2F, 53, 00, 00, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, F0, 23, 43, 00, FF, 15, C0, 11, 42, 00, 85, C0, 75, 18, 56, E8, 04...
 
[+]

Entropy:
7.3111

Code size:
126 KB (129,024 bytes)

The file eUpdate.exe has been seen being distributed by the following URL.

http://file.soft365.com/Public/softs/eGdp/1.0.0.2601/.../_eUpdate_201387112516.exe

Remove eUpdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.