home

qtypesetup.exe

eDownload Module

Banyan Tree Technology Limited

The application qtypesetup.exe by Banyan Tree Technology Limited has been detected as adware by 18 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).
Publisher:
Banyan Tree Technology Limited  (signed and verified)

Product:
eDownload Module

Version:
5.1.8.2217

MD5:
ec442604e425f5755dbb82e135d8439a

SHA-1:
b5598554985c8568dedd1665fa6c2068e6e3432b

SHA-256:
42cb952803b4f7bcbb64551e26ff97b6c8a63b48c32c7960281a21d599e0bf54

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
4/19/2024 9:58:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.64090
357

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.200.24

avast!
Adware-BEN [Adw]
2014.9-160212

AVG
Generic
2017.0.2835

Baidu Antivirus
Adware.Win32.ElexInstall
4.0.3.16212

Bitdefender
Gen:Variant.Adware.Strictor.64090
1.0.20.215

Dr.Web
Adware.Mutabaha.43
9.0.1.043

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.64090
8.16.02.12.04

ESET NOD32
Win32/ELEX.C potentially unwanted application
10.7.0.302.0

F-Secure
Gen:Variant.Adware.Strictor.64090
11.2016-12-02_6

G Data
Gen:Variant.Adware.Strictor.64090
16.2.24

K7 AntiVirus
Unwanted-Program
13.190.14585

MicroWorld eScan
Gen:Variant.Adware.Strictor.64090
17.0.0.129

Norman
Gen:Variant.Adware.Strictor.64090
11.20160212

Qihoo 360 Security
Malware.QVM01.Gen
1.0.0.1015

Reason Heuristics
PUP.BanyanTreeTechnology.Installer (M)
16.2.12.16

Sophos
Virus 'Mal/Cleaman-B'
59

VIPRE Antivirus
Elex Installer
36480

File size:
262.1 KB (268,384 bytes)

Product version:
5.1.8.2217

Copyright:
Copyright 2013

Original file name:
eDownload.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\qtypesetup.exe

Digital Signature
Signed by:
Banyan Tree Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/10/2013 6:18:54 AM

Valid to:
1/11/2015 6:18:54 AM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
4/10/2013 11:51:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:6EtcWgSgUF1OePeWZydZnvqubdgqc10iTzo:vzDlPeWSnv3bd8Hz

Entry address:
0xB4ED0

Entry point:
60, BE, 00, 70, 47, 00, 8D, BE, 00, A0, F8, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
252 KB (258,048 bytes)

Remove qtypesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.