» eUpdate.exe
Overview
Analysis
File Details
Programs (3)
Downloads (1)

eUpdate.exe

Banyan Tree Technology Limited

The application eUpdate.exe by Banyan Tree Technology Limited has been detected as adware by 13 anti-malware scanners. This is a setup program which is used to install the application. Additionally, the file is typically installed by a number of programs including eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd. and Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).

File name:

eUpdate.exe

Publisher:

Banyan Tree Technology Limited (signed and verified)

Version:

2.1.0.2548

MD5:

38cd1bfe088b990ae17f9e8467bb54f3

SHA-1:

964904507ab453e42faaffb03c2b826da7c30e87

SHA-256:

99b96699db0e686e4794aae7e1188a642009f83e2b650687d4a5ab0960418959

Scanner detections:

13 / 68

Status:

Adware

Explanation:

Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:

4/19/2024 11:47:59 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AVG

Generic_r

2014.0.3539

Comodo Security

TrojWare.Win32.Trojan.Agent.Gen

17045

Dr.Web

Adware.Mutabaha.20

9.0.1.0236

ESET NOD32

Win32/ELEX (variant)

7.8873

Fortinet FortiGate

Packed!tr

8/24/2013

Kaspersky

Trojan.Win32.Staser

14.0.0.3773

Malwarebytes

PUP.Optional.ESafe.A

v2013.11.26.01

McAfee

Generic Packed

5600.7177

Panda Antivirus

Suspicious file

13.08.24.02

Reason Heuristics

PUP.BanyanTreeTechnologyLimited.H

14.3.1.0

Trend Micro House Call

TROJ_GEN.R047H0AI213

7.2.236

Trend Micro

TROJ_GEN.R0CBC0PIU13

10.465.26

VIPRE Antivirus

Elex Installer

20816

File size:

530.1 KB (542,776 bytes)

Product version:

2.1.0.2548

Original file name:

eUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\eupdate.exe

Digital Signature

Signed by:

Banyan Tree Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

1/9/2013 9:18:54 PM

Valid to:

1/10/2015 9:18:54 PM

Subject:

CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata

Compilation timestamp:

8/14/2013 2:05:02 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:yuDaLZtQIjLEsDb2CQyUAiM7FE48/+IkdWFnH:eZtDjxbhQmTk+ICW

Entry address:

0x1000

Entry point:

68, 01, 20, 48, 00, E8, 01, 00, 00, 00, C3, C3, 7F, 61, F2, A9, 28, AA, AD, B8, E4, 4D, 2D, 56, 20, 05, C1, 8E, F2, D9, BA, 07, EC, EE, C6, FB, B3, 3E, CB, F7, B9, 94, 77, 9E, D7, F6, 80, B7, DE, 5A, 2A, 1C, E9, 50, F9, 9F, 97, E4, 30, 02, F6, D9, 97, 93, 9F, 92, 4A, BC, 09, B8, 8D, 6B, 35, D5, EA, DB, 89, D8, E0, 54, 44, D3, 6D, 49, 11, 1B, 7A, 87, 98, 98, D6, 3E, 4E, 78, EB, 73, 17, 82, F2, F1, 15, 2F, 9A, 42, 2C, 5E, 21, DD, C9, D4, B3, 0D, 73, CD, A0, 34, C9, AF, 59, B5, 2F, 6A, 2D, A4, 51, 6B, 7D, 35... 
[+]

Entropy:

7.9725

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

126 KB (129,024 bytes)

The file eUpdate.exe has been discovered within the following programs.

eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd.

Publisher's description - “eSafe provides content security, data control, and data leak prevention (DLP) solutions for incoming and outgoing Internet traffic through the edge of the network, including web surfing (web security gateway) and messaging (mail security gateway).”

www.safenet-inc.com/data-protection/content-security-esafe

About 9% of users remove it

eSafe Security Control 1.0.0.2522 by Banyan Tree Technology Limited

eSafe is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

83% remove it

Wsys Control 1.0.0.2557 by Banyan Tree Technology Limited

Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

68% remove it

The file eUpdate.exe has been seen being distributed by the following URL.

http://file.soft365.com/Public/softs/eGdp/1.0.0.2598/.../_eUpdate_2598.exe

Remove eUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.