home

iXB.exe

Banyan Tree Technology Limited

The application iXB.exe by Banyan Tree Technology Limited has been detected as adware by 29 anti-malware scanners. This is a setup program which is used to install the application. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).The file has been seen being downloaded from cdn.airdlr4.com.
Publisher:
Banyan Tree Technology Limited  (signed and verified)

Version:
2.0.2.2627

MD5:
c67c56f6b5cd399e2976f57a1472a107

SHA-1:
8ce2ccc49c4dd7af56afcd8f9754f9d6aebe7760

SHA-256:
d0737fed7e006782378fc622b68ed4001f4dc3fe450a0ac978161113e5c263d5

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
4/26/2024 3:31:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.ExqPage.3
1020

AhnLab V3 Security
PUP/Win32.Wysotot
2014.03.05

Avira AntiVirus
APPL/ExqPage.3.6
7.11.134.192

avast!
Win32:Adware-BGR [PUP]
2014.9-140420

AVG
Generic_r
2015.0.3506

Bitdefender
Gen:Variant.Application.ExqPage.3
1.0.20.550

Bkav FE
W32.Clod6e6.Trojan
1.3.0.4261

Comodo Security
ApplicUnwnt.Win32.ELEX.A
17886

Dr.Web
Adware.Mutabaha.30
9.0.1.0103

ESET NOD32
Win32/ELEX (variant)
8.8945

Fortinet FortiGate
W32/Badur.ACLW!tr
4/13/2014

F-Prot
W32/Startpage.CA.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Application.ExqPage
11.2014-20-04_1

G Data
Gen:Variant.Application.ExqPage
14.4.24

IKARUS anti.virus
Trojan.Win32.Badur
t3scan.2.0.127

K7 AntiVirus
Unwanted-Program
13.176.11337

Kaspersky
Backdoor.Win32.ZAccess
14.0.0.4023

Malwarebytes
PUP.Optional.Elex
v2014.04.13.09

McAfee
PUP-FDW!C67C56F6B5CD
5600.7162

Microsoft Security Essentials
TrojanDownloader:Win32/Wysotot.A
1.10302

MicroWorld eScan
Gen:Variant.Application.ExqPage.3
15.0.0.330

Panda Antivirus
Trj/Genetic.gen
14.04.20.07

Qihoo 360 Security
HEUR/Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.BanyanTreeTechnologyLimited.D
14.4.13.9

Sophos
Elex
4.98

Total Defense
Win32/Wysotot.A!generic
37.0.10799

Trend Micro House Call
TROJ_GEN.R0CBH07JI13
7.2.103

Vba32 AntiVirus
Trojan.Badur
3.12.24.3

VIPRE Antivirus
Elex Installer
22594

File size:
404.1 KB (413,776 bytes)

Product version:
2.0.2.2627

Copyright:
Copyright (C) 2013

Original file name:
iXB.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ixb.exe

Digital Signature
Signed by:
Banyan Tree Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/10/2013 12:18:54 AM

Valid to:
1/11/2015 12:18:54 AM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
9/16/2013 1:52:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:Eyq4JCZfJW/zpkpJorG+zhdreQVobbz7DIvV9isz8rKpbZX+BFoqjHH6oHI4CGm8:EfeCZf4bSpBo/VoPHUVojOZ6FnH2q2l2

Entry address:
0x1000

Entry point:
68, 01, 90, 4A, 00, E8, 01, 00, 00, 00, C3, C3, 69, C8, 91, FA, 68, 79, 17, 04, 52, 50, 49, E8, 65, AA, FD, BB, 24, DF, CE, 47, 07, 60, 12, BB, 58, 68, 32, 7D, 6E, 39, 46, 31, CF, 1E, 07, 9D, CC, B5, 78, 4D, 6D, 57, C1, 96, 1D, 58, A7, DC, 14, 69, DB, 3F, AB, 4F, DD, 86, 8C, 69, C2, 75, F1, 3C, AE, F6, 66, 02, CD, EF, 99, 49, 39, 01, 14, 01, 19, D8, 88, 69, E5, B0, B2, D7, 1C, BE, 52, FA, 40, 0A, 81, 6E, 51, DE, 98, F6, AD, A1, AF, 2E, 99, C3, DA, E0, 8C, DA, DA, DF, DE, E9, D3, C8, FF, AD, 35, 26, DD, 64...
 
[+]

Entropy:
7.9447

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
494.5 KB (506,368 bytes)

The file iXB.exe has been seen being distributed by the following URL.

http://cdn.airdlr4.com/downloads/offers/.../air_ar_qone8.exe

Remove iXB.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.