Should I block it?
60% of PCs block this file from running.
Possible reason:
Performance resource utilization
Additional versions
(Note, Hefei Feiqiu Info Tech Ltd publishes each variation of this file with the same version, but the hashes are unique.)
egdpsvc.exe
Wsys Control by Hefei Feiqiu Info Tech Ltd (Signed)
| Version: | 10.2.1.2652 |
| MD5: | 97a1b2c9f75ad1e47264779240c90090 |
| SHA1: | f7910db30eed14b2040edee82e119422f8cdd235 |
Overview
egdpsvc.exe runs as a service under the name Wsys Service (WsysSvc) with extensive SYSTEM privileges (full administrator access). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This is typically installed with the program Wsys Control 10.2.1.2652 published by Banyan Tree Technology Limited and is most likely removed by most users once installed (80% removed). The file is digitally signed by Hefei Feiqiu Info Tech Ltd which was issued by the GlobalSign nv-sa certificate authority (CA).
Details
| File name: | egdpsvc.exe |
| Publisher: | Wsys Co., Ltd. |
| Product name: | Wsys Control |
| Description: | Wsys Control 10.2.1.2652 |
| Typical file path: | C:\ProgramData\esafe\egdpsvc.exe |
| Original name: | Wsys.exe |
| File version: | 10.2.1.2652 |
| Size: | 1.63 MB (1,706,100 bytes) |
| Build date: | 10/8/2013 3:45 PM |
| Certificate |
| Issued to: | Hefei Feiqiu Info Tech Ltd |
| Authority (CA): | GlobalSign nv-sa |
| Effective date: | Thursday, January 24, 2013 |
| Expiration date: | Monday, January 25, 2016 |
| Digital DNA |
| File packed: | Yes |
| .NET CLR: | No |
More details
Programs
The following program will install this file
|
Banyan Tree Technology Limited |
|
Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser. In addition it will modify the user's browser home and search pages as well as 'New Tab' pages to push advertising and search. It is typically defined as a unwanted application by various malware vendors.
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'WsysSvc' (Wsys Service)
- WsysSvc
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Documents and Settings\user\Application Data\eSafe\eGdpSvc.exe'
Network connections
Access through an approved Windows firewall exception
[TCP] 65.255.35.143:80
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00712919% | |
| Kernel CPU: | 0.00092342% | |
| User CPU: | 0.00620578% | |
| Kernel CPU time: | 1,094 ms/min | |
| Memory |
| Private memory: | 8 MB | |
| Private (maximum): | 15.16 MB | |
| Private (minimum): | 10.52 MB | |
| Non-paged memory: | 8 MB | |
| Virtual memory: | 87.86 MB | |
| Virtual memory (peak): | 96.69 MB | |
| Working set: | 14.95 MB | |
| Working set (peak): | 15.17 MB | |
| Page faults: | 5,367/min | |
| Resource allocations |
| Threads: | 13 | |
| Handles: | 258 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 64-bit |
| Command line: | C:\ProgramData\esafe\egdpsvc.exe |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | WsysSvc |
| Display name: | Wsys Service |
| Description: | “Wsys update service” |
| Type: | Win32OwnProcess |
| Parent process: | services.exe (by Microsoft) |
Distribution by Windows OS
| OS version | distribution |
| Windows 8 |
33.33% |
|
| Microsoft Windows XP |
22.22% |
|
| Windows 8 Pro |
22.22% |
|
| Windows 7 Ultimate |
11.11% |
|
| Windows 7 Professional |
11.11% |
|
Distribution by country
Vietnam installs about 22.22% of Wsys Control.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Toshiba |
26.67% |
|
| Compaq |
26.67% |
|
| Intel |
26.67% |
|
| Lenovo |
13.33% |
|
| Hewlett-Packard |
6.67% |
|
