home

egdpsvc.exe

Wsys Control

Skytouch Technology Co., Limited

The application egdpsvc.exe, “Wsys Control 10.2.1.2652” by Skytouch Technology Co., Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
Wsys Co., Ltd.  (signed by Skytouch Technology Co., Limited)

Product:
Wsys Control

Description:
Wsys Control 10.2.1.2652

Version:
10.2.1.2652

MD5:
f78e7c36df13b70123fd943ea0d68625

SHA-1:
9072f5e5a16947b98451a2b1e6645677fda18b8b

SHA-256:
87dc892e832a6b308b8d1e553d7e5727273fde33f0ae4361995720b352ee3842

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 8:19:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.8.17.9

File size:
1.7 MB (1,775,768 bytes)

Product version:
10.2.1.2652

Copyright:
Copyright (C) 2013

Original file name:
Wsys.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\egdpsvc.exe

Digital Signature
Signed by:
Skytouch Technology Co., Limited

Authority:
GlobalSign nv-sa

Valid from:
10/24/2013 1:52:17 AM

Valid to:
7/9/2014 4:29:59 AM

Subject:
CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112192933BC5C496F760FA568CA9D16C72F2

File PE Metadata
Compilation timestamp:
10/8/2013 6:45:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:NX9xZP8h7sbnOXfHfcrlwulWg5R7jdcgQ17uIjjy2lrV/7kaRBpED:rEhqMwGufDcgQkIiYZj3RPu

Entry address:
0x1E83E8

Entry point:
E8, 32, E6, FF, FF, 22, 2E, 8A, D1, A9, FE, 86, 4F, AC, AC, B3, 24, A8, B0, 98, 20, 50, B0, 48, 58, 4C, 70, DF, 12, D7, D6, 7E, BD, 37, 40, BF, 78, 90, DB, 10, A9, 76, 3C, 1A, 7C, 53, 22, D7, 56, FE, EF, 90, FD, 5C, 34, 9E, 36, 39, F9, 78, 99, F2, 5F, 9F, 04, 25, D2, B0, 90, 39, 44, 7C, 0D, 63, A3, 51, C0, FA, 31, B6, 42, E3, 17, FB, EF, 14, 13, 9C, 97, 16, 17, A3, C5, 35, DE, 46, 72, 99, 90, 98, 7A, 72, C0, 16, 4C, 9B, C6, A6, DD, 04, BB, 16, AD, 20, FF, 8E, 51, 83, 33, 2E, 5D, 5E, 0F, B1, ED, C6, 23, 81...
 
[+]

Code size:
235 KB (240,640 bytes)

Remove egdpsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.