home

up.exe

Banyan Tree Technology Limited

The application up.exe by Banyan Tree Technology Limited has been detected as adware by 25 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).
Publisher:
Banyan Tree Technology Limited  (signed and verified)

Version:
2.0.2.2580

MD5:
feae1df9eead37ca821f293c16b36462

SHA-1:
86c11410ba925ef7b2d01dbe95db73da88bc0c63

SHA-256:
bfaf85b5c98bc8710a9f40abd150ed099472614844c7b5a3c40e2afcebcf7355

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
4/26/2024 7:47:21 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.ExqPage.3
870

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.152.214

avast!
Win32:Adware-BGR [PUP]
2014.9-140917

AVG
Generic_r
2015.0.3348

Baidu Antivirus
Adware.Win32.ElexInstall
4.0.3.14917

Bitdefender
Gen:Variant.Application.ExqPage.3
1.0.20.1300

Comodo Security
UnclassifiedMalware
18424

Dr.Web
Adware.Mutabaha.21
9.0.1.0260

ESET NOD32
Win32/ELEX (variant)
8.9888

F-Prot
W32/Startpage.CA.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Application.ExqPage
11.2014-17-09_4

G Data
Gen:Variant.Application.ExqPage
14.9.24

IKARUS anti.virus
AdWare.Gen2
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.178.12292

Malwarebytes
PUP.Optional.Elex
v2014.09.17.09

McAfee
PUP-FDW!FEAE1DF9EEAD
5600.7004

MicroWorld eScan
Gen:Variant.Application.ExqPage.3
15.0.0.780

Panda Antivirus
Trj/Genetic.gen
14.09.17.09

Qihoo 360 Security
HEUR/Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.BanyanTreeTechnologyLimited.C
14.9.17.21

Sophos
Elex
4.98

Total Defense
Win32/Wysotot.A!generic
37.0.10977

Trend Micro House Call
TROJ_GEN.F47V0601
7.2.260

VIPRE Antivirus
Elex Installer
29902

File size:
815.1 KB (834,640 bytes)

Product version:
2.0.2.2580

Copyright:
Copyright (C) 2013

Original file name:
iXB.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\edownload\up.exe

Digital Signature
Signed by:
Banyan Tree Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/10/2013 1:18:54 PM

Valid to:
1/11/2015 1:18:54 PM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
8/14/2013 10:46:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:JQfSxdN+RaOvBIFJU4EDyRcn7/NuFDyiAiJytCYbIOBe8JFnHLFkj:cSxfGp6We+NutyiAjCYb48JNyj

Entry address:
0x1000

Entry point:
68, 01, E0, 50, 00, E8, 01, 00, 00, 00, C3, C3, 84, EB, 84, 63, 7F, 5D, ED, 2D, 4D, 31, B0, 47, 55, 28, 15, 44, A8, A4, 3E, F4, 93, F6, 74, 57, BA, 3E, 90, 60, B9, D4, A1, C7, E8, 01, 0D, 52, 48, 5F, 86, 56, B1, DD, 3D, FC, 90, 95, E8, 08, 2A, 00, 03, 29, 61, DC, 34, 67, 61, C7, F4, 3F, 7B, 3D, B3, 7A, 55, E5, BE, 1E, 39, D6, 25, 2A, C7, A1, 1B, 76, 49, 59, 3A, 21, 21, 62, 88, 8F, BB, 0A, B5, FA, 4A, 8E, 8D, 22, 97, D2, 3C, 37, 50, DC, 31, 82, 86, A7, F2, AB, A8, 7F, D7, 85, 8A, 95, BA, 8B, 8F, EF, E2, 93...
 
[+]

Entropy:
7.9818

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
492 KB (503,808 bytes)

Remove up.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.