home

autosoft_downloader_ru_133.exe

Express Files Installer

Faglaro Enterprises Limited

The application autosoft_downloader_ru_133.exe by Faglaro Enterprises Limited has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the SimpleFiles installer. It uses the ExpressFiles installer to bundle additional adware offers such as toolbars and web browser addons. The file has been seen being downloaded from inst.express-files.com and multiple other hosts.
Publisher:
http://www.express-files.com/  (signed by Faglaro Enterprises Limited)

Product:
Express Files Installer

Version:
1, 0, 0, 114

MD5:
0e615db0cf7d718b75d4f1d92f26a861

SHA-1:
1d1982c6ea3335cb671540c1db953beb43d17584

SHA-256:
b11d024cb8077db2e5d56a3a3ef5e8036fea956b2d4abeda44bc8db5eb17dbd6

Scanner detections:
7 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/24/2024 7:21:21 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Downloader-TSH [PUP]
2014.9-140711

AVG
MalSign.Faglaro Enterprises Limited
2015.0.3417

Dr.Web
Adware.Downware.747
9.0.1.0192

ESET NOD32
Win32/ExpressFiles (variant)
8.9551

G Data
Win32.Application.ExpressFiles
14.7.24

Reason Heuristics
PUP.Installer.FaglaroEnterprisesLimited.AA
14.8.7.22

VIPRE Antivirus
ExpressFiles Installer
27468

File size:
3.3 MB (3,477,752 bytes)

Product version:
2,0,0,0

Copyright:
Copyright http://www.express-files.com/ (C) 2012

Original file name:
ExpressFilesInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SimpleFiles

Common path:
C:\users\{user}\downloads\autosoft_downloader_ru_133.exe

Digital Signature
Signed by:
Faglaro Enterprises Limited

Authority:
COMODO CA Limited

Valid from:
12/13/2012 6:00:00 AM

Valid to:
12/14/2015 5:59:59 AM

Subject:
CN=Faglaro Enterprises Limited, O=Faglaro Enterprises Limited, STREET=Boumpoulinas 11, L=Nicosia, S=Nicosia, PostalCode=1060, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
37B080A790663B8AF63D05448AD0343B

File PE Metadata
Compilation timestamp:
12/19/2012 6:34:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:/X3DMje+qRp+cyI89lYt3fHqQUReYNa1rlj:f3Dl+q18UfTU3Na1rlj

Entry address:
0xAB65

Entry point:
E8, 2C, 49, 00, 00, E9, 89, FE, FF, FF, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, E0, 89, 42, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 57, 3C, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, E0, AC, 40, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8, FF, 24, 85, F4...
 
[+]

Code size:
92 KB (94,208 bytes)

The file autosoft_downloader_ru_133.exe has been seen being distributed by the following 7 URLs.

http://inst.express-files.com/.../Sn8=

http://inst.express-files.com/.../A7nmLqO2Qksm81Lrc=

http://inst.express-files.com/j5GhQWabvUlz16YUb9z6cT6N53Yg66kkYaGvZHO hDBx6pEkH Habh/.../VyVoQl4gNTYVoFwPVPU5wxg==

http://inst.express-files.com/j5G9UW3Cql4t36hGbd2/aG/JoShxob1gJPTsfDH 1Xh8pZF8RKKMPg2wgihEtJ4CSvqBFA/.../xTlKYId4HT2VeOdzxSy3azY=

http://inst.express-files.com/j5H1GkbRsBBF26BWaZOGJmvX/.../fwfyjl02Q4uJZqE PfaR7i3Wsb6NcUQ7WRWgfQyE1FkZ8YV4FlTgfVN0B7

http://inst.express-files.com/.../dZhEujRbhLs2HldtZgHE nFVhSTjAlBiZQLB9E4QwzU

http://inst.express-files.com/j5GkQnbfulRgwOtLeYXgcDiN538j O17MLOwJn711GMv6pYiQKeEMkLp3GwZ

Remove autosoft_downloader_ru_133.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.