» eupdate_17.8.0.3297.exe
Overview
Analysis
File Details
Programs (1)

eupdate_17.8.0.3297.exe

Cherished Technology Limited

The application eupdate_17.8.0.3297.exe by Cherished Technology Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd..

File name:

Publisher:

Cherished Technology Limited (signed and verified)

MD5:

813fb5a836187c4deb0b2aac5054afe5

SHA-1:

74881c940ec8633bda229fd2e8d23b3d5c877601

SHA-256:

6dffb91b7461683f6c97b6af59ea081c32095df4eafad1d7360278d0f07a6640

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 1:34:35 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.CherishedTechnologyLimited.Q

14.2.22.19

File size:

1.5 MB (1,529,968 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\esafe\eupdate_17.8.0.3297.exe

Digital Signature

Signed by:

Cherished Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

10/30/2013 9:56:37 AM

Valid to:

10/31/2014 9:56:37 AM

Subject:

CN=Cherished Technology Limited, O=Cherished Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11210CA3D3C040F38E7317C765ABB45E0BCB

File PE Metadata

Compilation timestamp:

1/2/2014 11:37:45 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:RjG42iuf4WOjZXTyC1GSnl43aopAJp9YYSkjYiIgEJw7+xaSl0QQnCWePkdQyc:Rjx2iRVz13GbGZYYSkjXIDA+HNQ6sdpc

Entry address:

0x1540C

Entry point:

E8, B7, 97, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 3C, 83, 7D, 08, 00, 75, 13, E8, FF, 0C, 00, 00, 6A, 16, 5E, 89, 30, E8, BB, 73, 00, 00, 8B, C6, EB, 25, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 09, E8, E1, 0C, 00, 00, 6A, 22, EB, E0, 50, FF, 75, 10, FF, 75, 08, E8, 96, EB, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 6D, 8F, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D... 
[+]

Code size:

257 KB (263,168 bytes)

The file eupdate_17.8.0.3297.exe has been discovered within the following program.

eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd.

Publisher's description - “eSafe provides content security, data control, and data leak prevention (DLP) solutions for incoming and outgoing Internet traffic through the edge of the network, including web surfing (web security gateway) and messaging (mail security gateway).”

www.safenet-inc.com/data-protection/content-security-esafe

About 9% of users remove it

Remove eupdate_17.8.0.3297.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.