» eUpdate.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

eUpdate.exe

Banyan Tree Technology Limited

The application eUpdate.exe by Banyan Tree Technology Limited has been detected as adware by 26 anti-malware scanners. This file is typically installed with the program eSafe Security Control 1.0.0.2522 by Banyan Tree Technology Limited which is a potentially unwanted software program. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).

File name:

eUpdate.exe

Publisher:

Banyan Tree Technology Limited (signed and verified)

Version:

2.1.0.2548

MD5:

ceb4a5b0c484514b61b290ca82b1ba68

SHA-1:

109a68643a521d42dacf974edb41e686425c297e

SHA-256:

e15977256b0157b5239aa2d3af7a0c690ac4baac299a1120b9f8fa2923bbc958

Scanner detections:

26 / 68

Status:

Adware

Explanation:

Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:

4/21/2025 4:08:33 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Sisproc

7.1.1

AhnLab V3 Security

Trojan/Win32.Swisyn

2013.11.09

Avira AntiVirus

SPR/Tool.ExqPage.D.4

7.11.112.90

avast!

Win32:Malware-gen

2014.9-131126

AVG

Generic_r

2014.0.3643

Baidu Antivirus

Adware.Win32.ElexInstall

4.0.3.131126

Bitdefender

Application.ExqPage.D

1.0.20.1650

Boost by Reason

Adware.BanyanTreeTechnologyLimited.H

2013.8.27.13

Comodo Security

TrojWare.Win32.Trojan.Agent.Gen

17240

Dr.Web

Trojan.Click2.60353

9.0.1.0239

ESET NOD32

Win32/ELEX (variant)

7.9025

Fortinet FortiGate

W32/ELEX.N

8/27/2013

F-Secure

Application.ExqPage.D

11.2013-26-11_3

G Data

Application.ExqPage

13.11.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.0.127

Malwarebytes

PUP.Optional.ESafe.A

v2013.11.26.02

McAfee

RDN/Generic.dx!c2c

5600.7180

Microsoft Security Essentials

Trojan:Win32/Wysotot.A

1.163.1557.3

MicroWorld eScan

Application.ExqPage.D

14.0.0.990

NANO AntiVirus

Trojan.Win32.Staser.ccmxbd

0.26.0.56179

Panda Antivirus

Trj/Genetic.gen

13.08.27.01

Reason Heuristics

PUP.BanyanTreeTechnologyLimited.H

14.3.1.0

Sophos

Mal/Generic-S

4.94

Trend Micro House Call

TROJ_GEN.R0CBH01HB13

7.2.239

VIPRE Antivirus

Elex Installer

23186

ViRobot

Trojan.Win32.S.Swisyn.399416

2011.4.7.4223

File size:

390.1 KB (399,416 bytes)

Product version:

2.1.0.2548

Original file name:

eUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\eupdate.exe

Digital Signature

Signed by:

Banyan Tree Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

1/9/2013 9:18:54 PM

Valid to:

1/10/2015 9:18:54 PM

Subject:

CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata

Compilation timestamp:

7/10/2013 11:51:56 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:K1hMXUWqii8Sy/t6X1FbtahsfhIJ52m9NOMa0Bp1qRQOH:UmUFii8SGt6X1ba2avNO/yHqz

Entry address:

0x130F4

Entry point:

E8, 07, 52, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 3C, 83, 7D, 08, 00, 75, 13, E8, 67, 33, 00, 00, 6A, 16, 5E, 89, 30, E8, 72, 24, 00, 00, 8B, C6, EB, 25, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 09, E8, 49, 33, 00, 00, 6A, 22, EB, E0, 50, FF, 75, 10, FF, 75, 08, E8, 4E, EE, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 55, 8B, EC, 5D, E9, 2F, 53, 00, 00, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, F0, 23, 43, 00, FF, 15, C0, 11, 42, 00, 85, C0, 75, 18, 56, E8, 04... 
[+]

Entropy:

7.3104

Code size:

126 KB (129,024 bytes)

The file eUpdate.exe has been discovered within the following program.

eSafe Security Control 1.0.0.2522 by Banyan Tree Technology Limited

eSafe is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.

83% remove it

The file eUpdate.exe has been seen being distributed by the following URL.

http://file.soft365.com/Public/softs/eGdp/1.0.0.2599/.../_eUpdate_20138213415.exe

Remove eUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.