» eUpdate.exe
Overview
Analysis
File Details
Programs (3)
Downloads (1)

eUpdate.exe

Banyan Tree Technology Limited

The application eUpdate.exe by Banyan Tree Technology Limited has been detected as adware by 22 anti-malware scanners. This is a setup program which is used to install the application. Additionally, the file is typically installed by a number of programs including eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd. and Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).

File name:

eUpdate.exe

Publisher:

Banyan Tree Technology Limited (signed and verified)

Version:

10.2.0.2610

MD5:

c4406df1bfa8b79854a3900fb21a6ae8

SHA-1:

14afd9b0311538faac3bbc0485dc7bd0fd28256f

SHA-256:

718ac9a7cf1901064dea12ca4883af14d4652c5f805c8208d5964d23f7d92010

Scanner detections:

22 / 68

Status:

Adware

Explanation:

Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:

4/26/2024 8:30:43 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Staser

2013.08.28

Bitdefender

Application.ExqPage.D

1.0.20.1650

Boost by Reason

Adware.BanyanTreeTechnologyLimited.H

2013.8.28.15

Comodo Security

TrojWare.Win32.Trojan.Agent.Gen

17049

Dr.Web

Adware.Mutabaha.20

9.0.1.0240

ESET NOD32

Win32/ELEX (variant)

7.8875

Fortinet FortiGate

W32/Staser.FV!tr

11/26/2013

F-Secure

Application.ExqPage.D

11.2013-26-11_3

G Data

Application.ExqPage

13.11.22

IKARUS anti.virus

Trojan.Win32.Staser

t3scan.2.0.127

Kaspersky

Trojan.Win32.Staser

14.0.0.3805

Malwarebytes

Trojan.Staser

v2013.08.28.03

McAfee

Generic PUP.u

5600.7181

MicroWorld eScan

Application.ExqPage.D

14.0.0.990

nProtect

Trojan/W32.Staser.541760

13.10.04.03

Panda Antivirus

Suspicious file

13.08.28.03

Quick Heal

Trojan.Staser.fv

11.13.12.00

Reason Heuristics

PUP.BanyanTreeTechnologyLimited.H

14.3.1.0

Trend Micro House Call

TROJ_GEN.R047H08I713

7.2.240

Vba32 AntiVirus

Trojan.Staser

3.12.24.3

VIPRE Antivirus

Elex Installer

22088

ViRobot

Trojan.Win32.S.Staser.541760

2011.4.7.4223

File size:

529.1 KB (541,760 bytes)

Product version:

10.2.0.2610

Original file name:

eUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\eupdate.exe

Digital Signature

Signed by:

Banyan Tree Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

1/9/2013 9:18:54 PM

Valid to:

1/10/2015 9:18:54 PM

Subject:

CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata

Compilation timestamp:

8/16/2013 1:49:45 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:FCaOixBSAYyGyzmdHBoT9nWdmO4DJpaiSizjNHmor1pFnHojEk:FvPBSArGyzmBBw9npOUpaitjN5rHmj

Entry address:

0x1000

Entry point:

68, 01, 20, 48, 00, E8, 01, 00, 00, 00, C3, C3, 52, C2, 8E, 9B, AC, 8E, 4B, 2D, D0, C0, 05, B2, C8, C4, 40, 98, BC, FB, 19, EF, 57, E3, 67, 47, A9, A4, A1, AA, 95, DA, 56, 90, 58, 34, 1A, 67, BA, 0E, BC, 77, EA, 95, DD, FB, A6, 78, 1B, F1, A9, EB, 4D, 21, 29, 61, 8C, CF, B6, 19, 04, E7, 1F, 39, B7, 03, 99, FB, 68, 60, E0, 9E, F5, A1, A4, EE, 60, 2C, 11, AB, 22, 07, 31, 1F, 99, 19, 3B, D3, 25, 6B, 83, A9, B9, A8, A0, 67, 58, 53, A5, 68, 47, 7D, 6D, 80, B4, FD, E2, 2A, 31, AB, 98, E6, 52, 86, 5F, 1B, 20, D6... 
[+]

Entropy:

7.9720

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

128.5 KB (131,584 bytes)

The file eUpdate.exe has been discovered within the following programs.

eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd.

Publisher's description - “eSafe provides content security, data control, and data leak prevention (DLP) solutions for incoming and outgoing Internet traffic through the edge of the network, including web surfing (web security gateway) and messaging (mail security gateway).”

www.safenet-inc.com/data-protection/content-security-esafe

About 9% of users remove it

eSafe Security Control 1.0.0.2522 by Banyan Tree Technology Limited

eSafe is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

83% remove it

Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited

Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

68% remove it

The file eUpdate.exe has been seen being distributed by the following URL.

http://file.soft365.com/Public/softs/eGdp/10.2.1.2609/.../_eUpdate_10.2.1.2609.exe

Remove eUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.