» eUpdate.exe
Overview
Analysis
File Details
Programs (3)
Downloads (1)

eUpdate.exe

Banyan Tree Technology Limited

The application eUpdate.exe by Banyan Tree Technology Limited has been detected as adware by 27 anti-malware scanners. This is a setup program which is used to install the application. Additionally, the file is typically installed by a number of programs including eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd. and Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).

File name:

eUpdate.exe

Publisher:

Banyan Tree Technology Limited (signed and verified)

Version:

2.1.0.2548

MD5:

38d46b35ed893d426adc090fb5474127

SHA-1:

8c27a033d0c79f7ced4a19f766c667b3e4a2de98

SHA-256:

f5c86bb6fc57dff55ba329d192c6a9cc055212df60466a9461060a860b8a7924

Scanner detections:

27 / 68

Status:

Adware

Explanation:

Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:

4/24/2024 8:01:09 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Sisproc

7.1.1

AhnLab V3 Security

Trojan/Win32.Swisyn

2013.10.01

AVG

Generic_r

2014.0.3543

Bitdefender

Application.ExqPage.D

1.0.20.1200

Boost by Reason

Adware.BanyanTreeTechnologyLimited.H

2013.8.28.15

Comodo Security

TrojWare.Win32.Trojan.Agent.Gen

17026

Dr.Web

Trojan.Click2.60353

9.0.1.0240

ESET NOD32

Win32/ELEX (variant)

7.8859

Fortinet FortiGate

W32/Dloadr.DSY!tr

8/28/2013

F-Secure

Application.ExqPage.D

11.2013-26-11_3

G Data

Application.ExqPage

13.8.22

IKARUS anti.virus

Application.ExqPage

t3scan.2.0.127

K7 AntiVirus

Trojan

13.172.9720

Kaspersky

Trojan.Win32.Staser

14.0.0.4525

Malwarebytes

PUP.Optional.ESafe.A

v2013.11.26.02

McAfee

Artemis!38D46B35ED89

5600.7181

Microsoft Security Essentials

Trojan:Win32/Sisproc

1.163.1557.0

MicroWorld eScan

Application.ExqPage.D

14.0.0.720

NANO AntiVirus

Trojan.Win32.Staser.ccmxbd

0.26.0.55041

nProtect

Trojan/W32.Agent.1096760

13.09.30.03

Panda Antivirus

Trj/Genetic.gen

13.08.28.03

Quick Heal

Trojan.Sisproc

11.13.12.00

Reason Heuristics

PUP.BanyanTreeTechnologyLimited.H

14.3.1.0

Sophos

Troj/Dloadr-DSY

4.93

Trend Micro House Call

TROJ_GEN.R0CBH0AHI13

7.2.240

Trend Micro

TROJ_GEN.R0CBC0OIB13

10.465.28

VIPRE Antivirus

Elex Installer

21966

File size:

1 MB (1,096,760 bytes)

Product version:

2.1.0.2548

Original file name:

eUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\eupdate.exe

Digital Signature

Signed by:

Banyan Tree Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

1/9/2013 9:18:54 PM

Valid to:

1/10/2015 9:18:54 PM

Subject:

CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata

Compilation timestamp:

7/10/2013 11:51:56 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:JmUmSBtq/0QktPLFazflp7vNYT53l1DetDEyoIRHe/:JmzSBtqMQsLB3XetDhXHe/

Entry address:

0x130F4

Entry point:

E8, 07, 52, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 3C, 83, 7D, 08, 00, 75, 13, E8, 67, 33, 00, 00, 6A, 16, 5E, 89, 30, E8, 72, 24, 00, 00, 8B, C6, EB, 25, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 09, E8, 49, 33, 00, 00, 6A, 22, EB, E0, 50, FF, 75, 10, FF, 75, 08, E8, 4E, EE, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 55, 8B, EC, 5D, E9, 2F, 53, 00, 00, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, F0, 23, 43, 00, FF, 15, C0, 11, 42, 00, 85, C0, 75, 18, 56, E8, 04... 
[+]

Entropy:

7.8470 (probably packed)

Code size:

126 KB (129,024 bytes)

The file eUpdate.exe has been discovered within the following programs.

eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd.

Publisher's description - “eSafe provides content security, data control, and data leak prevention (DLP) solutions for incoming and outgoing Internet traffic through the edge of the network, including web surfing (web security gateway) and messaging (mail security gateway).”

www.safenet-inc.com/data-protection/content-security-esafe

About 9% of users remove it

eSafe Security Control 1.0.0.2522 by Banyan Tree Technology Limited

eSafe is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

83% remove it

Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited

Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

68% remove it

The file eUpdate.exe has been seen being distributed by the following URL.

http://file.soft365.com/Public/softs/eGdp/1.0.0.2598/.../_eUpdate_20138714150.exe

Remove eUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.