Should I block it?
60% of PCs block this file from running.
Possible reason:
Performance resource utilization
Additional versions
(Note, Hefei Feiqiu Info Tech Ltd publishes each variation of this file with the same version, but the hashes are unique.)
 PE file structure
|
Show functions |
Import table
advapi32.dll
CreateServiceW
kernel32.dll
EnumSystemLocalesW, GetModuleFileNameW, GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess
ole32.dll
CoUninitialize
psapi.dll
EnumProcesses
sensapi.dll
IsNetworkAlive
shell32.dll
SHGetFolderPathW
shlwapi.dll
SHDeleteKeyW
user32.dll
MessageBoxW
userenv.dll
CreateEnvironmentBlock
version.dll
GetFileVersionInfoSizeW
winhttp.dll
WinHttpConnect
wininet.dll
InternetOpenW
egdpsvc.exe
Wsys Control by Hefei Feiqiu Info Tech Ltd (Signed)
| Version: | 10.2.1.2652 |
| MD5: | b4f54911fd477012fdabf5ef7efaa945 |
| SHA1: | 0f6beea50dd6a26313ad06f7f077c0fd48a40c4f |
Overview
egdpsvc.exe runs as a service under the name Wsys Service (WsysSvc) with extensive SYSTEM privileges (full administrator access). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This is typically installed with the program Wsys Control 10.2.1.2652 published by Banyan Tree Technology Limited and is most likely removed by most users once installed (80% removed). The file is digitally signed by Hefei Feiqiu Info Tech Ltd which was issued by the GlobalSign nv-sa certificate authority (CA).
Details
| File name: | egdpsvc.exe |
| Publisher: | Wsys Co., Ltd. |
| Product name: | Wsys Control |
| Description: | Wsys Control 10.2.1.2652 |
| Typical file path: | C:\ProgramData\esafe\egdpsvc.exe |
| Original name: | Wsys.exe |
| File version: | 10.2.1.2652 |
| Size: | 1.63 MB (1,706,064 bytes) |
| Build date: | 10/8/2013 6:45 AM |
| Certificate |
| Issued to: | Hefei Feiqiu Info Tech Ltd |
| Authority (CA): | GlobalSign nv-sa |
| Effective date: | Thursday, January 24, 2013 |
| Expiration date: | Monday, January 25, 2016 |
| Digital DNA |
| File packed: | Yes |
| .NET CLR: | No |
More details
Programs
The following program will install this file
|
Banyan Tree Technology Limited |
|
Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser. In addition it will modify the user's browser home and search pages as well as 'New Tab' pages to push advertising and search. It is typically defined as a unwanted application by various malware vendors.
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'WsysSvc' (Wsys Service)
- WsysSvc
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Documents and Settings\user\Application Data\eSafe\eGdpSvc.exe'
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00204350% | |
| Kernel CPU: | 0.00028701% | |
| User CPU: | 0.00175649% | |
| Kernel CPU time: | 125 ms/min | |
| Memory |
| Private memory: | 5.59 MB | |
| Private (maximum): | 11.67 MB | |
| Private (minimum): | 9.66 MB | |
| Non-paged memory: | 5.59 MB | |
| Virtual memory: | 69.66 MB | |
| Virtual memory (peak): | 87.03 MB | |
| Working set: | 11.61 MB | |
| Working set (peak): | 11.99 MB | |
| Resource allocations |
| Threads: | 13 | |
| Handles: | 223 | |
Process properties
| Integrety level: | System |
| Platform: | 32-bit |
| Command line: | C:\ProgramData\esafe\egdpsvc.exe |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | WsysSvc |
| Display name: | Wsys Service |
| Description: | “Wsys update service” |
| Type: | Win32OwnProcess |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| eGdpSvc.exe (main module) |
| Total CPU: | 0.00129025% | |
| Kernel CPU: | 0.00014336% | |
| User CPU: | 0.00114688% | |
| CPU cycles: | 35,745/sec | |
| Memory: | 3.49 MB | |
| sechost.dll |
| Total CPU: | 0.00007168% | |
| Kernel CPU: | 0.00007168% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 1,489/sec | |
| Memory: | 208 KB | |
Distribution by Windows OS
| OS version | distribution |
| Windows 8 |
33.33% |
|
| Microsoft Windows XP |
22.22% |
|
| Windows 8 Pro |
22.22% |
|
| Windows 7 Ultimate |
11.11% |
|
| Windows 7 Professional |
11.11% |
|
Distribution by country
Vietnam installs about 22.22% of Wsys Control.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Toshiba |
26.67% |
|
| Compaq |
26.67% |
|
| Intel |
26.67% |
|
| Lenovo |
13.33% |
|
| Hewlett-Packard |
6.67% |
|
