» eUpdate.exe
Overview
Analysis
File Details
Programs (3)
Downloads (1)

eUpdate.exe

The executable eUpdate.exe has been detected as malware by 26 anti-virus scanners. Additionally, the file is typically installed by a number of programs including eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd. and Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited. The file has been seen being downloaded from file.soft365.com.

File name:

eUpdate.exe

Version:

2.1.0.2548

MD5:

613bfac9f7acc4f2d65d310c31c12e34

SHA-1:

76e7c329222f4ecdf842753d058e62eefce7195f

SHA-256:

847ee76da5d5ea5ddb9cd93acdb5c763df1f77063bb9f488e5fd4ea909d27562

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/23/2024 8:03:48 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Sisproc

7.1.1

AhnLab V3 Security

Trojan/Win32.Swisyn

2013.10.29

Avira AntiVirus

SPR/Tool.ExqPage.D.5

7.11.109.244

avast!

Win32:Malware-gen

2014.9-131126

AVG

Generic_r

2014.0.3643

Baidu Antivirus

HackTool.Win32.RiskTool

4.0.3.131126

Bitdefender

Application.ExqPage.D

1.0.20.1650

Comodo Security

TrojWare.Win32.Trojan.Agent.Gen

17175

Dr.Web

Trojan.Click2.60353

9.0.1.0240

ESET NOD32

Win32/ELEX (variant)

7.8978

Fortinet FortiGate

W32/Agent.ACUL!tr

11/26/2013

F-Secure

Application.ExqPage.D

11.2013-26-11_3

G Data

Application.ExqPage

13.11.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.0.127

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.4525

Malwarebytes

Trojan.Clicker

v2013.08.28.03

McAfee

RDN/Generic PUP.x!b2r

5600.7181

MicroWorld eScan

Application.ExqPage.D

14.0.0.990

Norman

Suspicious_Gen4.EMEYJ

11.20130828

nProtect

Trojan/W32.Staser.387072

13.10.29.01

Panda Antivirus

Trj/OCJ.D

13.08.28.03

Quick Heal

Trojan.Agent.gen

11.13.12.00

Sophos

Generic PUA HG

4.94

Trend Micro House Call

TROJ_GEN.RFFFH05I113

7.2.240

Trend Micro

TROJ_GEN.R0CBC0OH613

10.465.28

VIPRE Antivirus

Trojan.Win32.Generic

22820

File size:

378 KB (387,072 bytes)

Product version:

2.1.0.2548

Original file name:

eUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\eupdate.exe

File PE Metadata

Compilation timestamp:

7/10/2013 11:51:56 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:n1hMXUWqii8Sy/t6X1Fbt6awYxBLy4zmznhpCTp7fhIK52JO+UfjWvGiIbqQOH:1mUFii8SGt6X1b6a1xG/Cpf5ISivfIE

Entry address:

0x130F4

Entry point:

E8, 07, 52, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 3C, 83, 7D, 08, 00, 75, 13, E8, 67, 33, 00, 00, 6A, 16, 5E, 89, 30, E8, 72, 24, 00, 00, 8B, C6, EB, 25, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 09, E8, 49, 33, 00, 00, 6A, 22, EB, E0, 50, FF, 75, 10, FF, 75, 08, E8, 4E, EE, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 55, 8B, EC, 5D, E9, 2F, 53, 00, 00, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, F0, 23, 43, 00, FF, 15, C0, 11, 42, 00, 85, C0, 75, 18, 56, E8, 04... 
[+]

Entropy:

7.2824

Code size:

126 KB (129,024 bytes)

The file eUpdate.exe has been discovered within the following programs.

eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd.

Publisher's description - “eSafe provides content security, data control, and data leak prevention (DLP) solutions for incoming and outgoing Internet traffic through the edge of the network, including web surfing (web security gateway) and messaging (mail security gateway).”

www.safenet-inc.com/data-protection/content-security-esafe

About 9% of users remove it

eSafe Security Control 1.0.0.2522 by Banyan Tree Technology Limited

eSafe is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

83% remove it

Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited

Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

68% remove it

The file eUpdate.exe has been seen being distributed by the following URL.

http://file.soft365.com/Public/softs/eGdp/1.0.0.2558/.../_eUpdate_2013719133531.exe

Remove eUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.