eGdpSvc.exe

Wsys Control

Banyan Tree Technology Limited

The application eGdpSvc.exe, “Wsys Control 10.2.1.2612” by Banyan Tree Technology Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Wsys Service”. This file is typically installed with the program DProtect by DProtect Lab which is a potentially unwanted software program.
Publisher:
Wsys Co., Ltd.  (signed by Banyan Tree Technology Limited)

Product:
Wsys Control

Description:
Wsys Control 10.2.1.2612

Version:
10.2.1.2612

MD5:
6ff3cfb85b18c032af8f242498dfc8d9

SHA-1:
9e625283bf3f07382a50d87776689f64854835ed

SHA-256:
40cbe211d1058cbb5af43186ad83f8af9855314d6e4e2e71d5ceb8d490170844

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/23/2024 11:44:22 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.5.14

File size:
296.6 KB (303,680 bytes)

Product version:
10.2.1.2612

Copyright:
Copyright (C) 2013

Original file name:
eGdpSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\esafe\egdpsvc.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/10/2013 3:18:54 AM

Valid to:
1/11/2015 3:18:54 AM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
8/22/2013 1:02:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x1000

Entry point:
68, 01, 10, 46, 00, E8, 01, 00, 00, 00, C3, C3, 6B, 51, 73, 33, 2F, C2, C9, 20, 08, FB, 14, B9, C8, 02, 80, 85, CB, B6, EB, 8B, 4F, 73, 46, 95, FA, 5E, CE, 12, 8B, 21, BC, 43, B5, 98, ED, 83, E9, 1A, A8, 01, CF, 40, DD, 0D, A2, A4, CA, 62, 65, 99, BA, D3, 06, B1, 51, F7, A6, C7, D7, E0, AC, A6, B9, DD, EB, C6, DA, E6, A1, A7, AD, F7, 5F, 51, B3, 6C, 3A, EC, C8, 9E, 61, DF, F1, 5F, D7, 3E, 01, 3A, F0, D8, 9F, 95, D9, 68, C5, 01, FE, 03, 15, 75, 64, 29, 21, AA, 6D, E0, 69, 81, DA, EC, 79, 26, B9, BE, 66, E6...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
235 KB (240,640 bytes)

Service
Display name:
Wsys Service

Service name:
WsysSvc

Description:
Wsys update service

Type:
Win32OwnProcess

Group:
SchedulerGroup


The file eGdpSvc.exe has been discovered within the following program.

DProtect  by DProtect Lab
DProtect is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings.
78% remove it
 
Powered by Should I Remove It?

Remove eGdpSvc.exe - Powered by Reason Core Security