efinstaller.exe

Express Files Installer

Faglaro Enterprises Limited

The application efinstaller.exe by Faglaro Enterprises Limited has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the SimpleFiles installer. It uses the ExpressFiles installer to bundle additional adware offers such as toolbars and web browser addons. The file has been seen being downloaded from www.bytesendclear.com and multiple other hosts.
Publisher:
http://www.express-files.com/  (signed by Faglaro Enterprises Limited)

Product:
Express Files Installer

Version:
2,0,0,0

MD5:
b28532ffff940f1b5df4e206f04b31c8

SHA-1:
802ec4f86783b38801abdc0c818bb15396ad429c

SHA-256:
3d9eb0e10028b771937f6ecb45a64bb5bcae442c3e57e977517d8e00396e7193

Scanner detections:
5 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/24/2024 7:51:53 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.747
9.0.1.0219

ESET NOD32
Win32/ExpressFiles (variant)
8.9646

G Data
Win32.Application.ExpressFiles
14.4.24

Reason Heuristics
PUP.Installer.FaglaroEnterprisesLimited.L
14.8.7.22

VIPRE Antivirus
ExpressFiles Installer
28115

File size:
4.1 MB (4,312,696 bytes)

Product version:
2,0,0,0

Copyright:
Copyright http://www.express-files.com/ (C) 2012

Original file name:
ExpressFilesInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SimpleFiles

Language:
Lingua predefinita

Common path:
C:\users\{user}\downloads\efinstaller.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/16/2011 1:00:00 AM

Valid to:
12/16/2012 12:59:59 AM

Subject:
CN=Faglaro Enterprises Limited, O=Faglaro Enterprises Limited, STREET="Konstantinoupoleos, 22", L=Nicosia, S=Aglantzia/Cyprus, PostalCode=2107, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DD2A4BBB66262A8FB4E084560573E908

File PE Metadata
Compilation timestamp:
3/27/2012 7:36:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:y6nv37qiCcUSrhmOJFjTfHqQUReYNa17Iy7nDsP/R:rIhSNmOjXfTU3Na18ycPJ

Entry address:
0x9857

Entry point:
E8, 29, 58, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, A0, 43, 42, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 5E, 4B, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, E0, 99, 40, 00, 8B, C7, BA, 03, 00, 00, 00...
 
[+]

Code size:
90 KB (92,160 bytes)

The file efinstaller.exe has been seen being distributed by the following 50 URLs.

http://www.bytesendclear.com/gsBOglc6Yz7Xl_LcIPwbZnZV3O5wTMH3OgPoUKZvvLKbq_ EbCEgO4gorYFMHQzIXFvBJuFmBxX2EPZl0cX82wWOKCuIbfYncxYVF33nM7pOgLnasTZA4ZihVnYmo9jiNfH3qaeBUa5W5_eTJ_zbfMN7Uld1b1 RvMgO 4fxtTAvllRnGAsZBBbmutAYwLC33jMCybsUzrMp0S6NI1iCIuOWmlysbwvnP Z GNeydQ_Hnwt3UVQItYJpIgAqeDNYxNHHgyFvA17nCXpdL SGegdW0XNrSKjj9KlHnNmlK_A_ptKjNPh5xkk97QScG1fORCVuEAlsrCXFuXbE9NAYlHAqQZnCldmza6kSOncCZNmN8u3TAjlkTC9PfS _p1TZslGGCsrKNabHeO8fdCpu0ri Jxy_SkfboJWn5Peq6Brmni9zKfXJbIOZK sbZb8rGtnjJgM7yv2wh4hitMiKSFMgOu_QY8je eM6uqj7AU13OATQqUrXFtY0OGWC ZGa2xi6f6wVzNFgVxnr5LKyOYQWaS1Ij7JtobIduXZHyNWU2q9hAk=-G2EAAMTcVkxuJSnYHgxpvIccipOV951yqrm3JAgskUD0bgcPWanfBRKtMRMl4R7L8bC ObuP OUsfQ9AbcRLbZcN28SzOP3TfO1cSNVcWjcIwQU=

http://download.softpedia.com/dl/d4752127e4da43ca9bf49036a66aef5d/562e2306/100209043/software/internet/.../EFinstaller.exe

http://www.farmupdatebits.com/c?x=S2cllSPVDPfcC226y6axvHrSMd/cF7DuyDPC0SWLitU=&c=LPwAzXtC0RNi5EWDHlOjXFXyMFFJqk7sWp0hdh9xLSo81/jHtCCcbIssXCe8oJR/rX 2xjJxxMFQw/N3KmLqfvBsOA6zwztgBm/a ZwRddQ5CN/.../l

http://download.softpedia.com/dl/934d1fba85cc689743392929692a7ada/559b21dc/100209043/software/internet/.../EFinstaller.exe

http://www.farmupdatebits.com/c?x=Q PotzGIgX06XHxVryUSmSL4tYmLPEhcglIOsPGObuo=&c=YMPjuXuY6rF1/SvAF8Y/.../3dnDO48rNCWnr1kWmV3DrmqPxC8mHh7WxYCCqoKEVx4

http://download.softpedia.com/dl/ff2287fc06418d414c1f5a64e454d4d4/55eaff9f/100209043/software/internet/.../EFinstaller.exe

http://www.farmupdatebits.com/c?x=kaimNJNntQiG/3s FbWvfrPrKJztydvtN9M8A4KwIWE=&c=mojc4aBwU9o/RgV6yj Lgt3f2zmESHADY0b1H0a7Z8VnAtfiQO5pLOW37wOUhn/.../Yh tXQx3L ht30o

http://www.farmupdatebits.com/c?x=f5M1kPti/kHjNoU99BJXE2xoQsK2c68Gia3uLdQxqJk=&c=zMdx0zKreNqyrW9o9NFW1yubJBEYkduyDAJtFGy4TcGfG/qaq3QsqG07jOQwT8QkBN3axmawT9Mr20ZI0IMm Y/.../h8ssBbdHBV3E8xfQIOzqsoGY1EXXfjDmuAnCpd04=

http://www.farmupdatebits.com/c?x=jN46wyotmIV2iAdqNEvLVYurINVqOV0bEPJwAFaXeTU=&c=jdPyLw4dyPGD5XZpCJeq5hVJo1ociCr2fZCeQYhoncNs/NaOg4/.../YUqzurnyVaaicImrtUlTW6H1EgqA17

http://www.farmupdatebits.com/c?x=6HfNYAX6Z/xZ51HstQQQ4ml7eKWyYXVygtTNBQEzyeA=&c=ORdoEOqr1dXZ2D06WNc3tj9kZSRJdPrk2wc11TkXPHl/Z0u2LIhG8XPslV3MeLLmzgxp9/.../QVvA8YzF0ca513pU1B0PpIViiTchkuOZGhiNg7nxTcBEfUGF6H8k967G8XjIuHb47ARfPUBk81CK075T4POx16KIwsVQ1bcCA9s=

http://download.softpedia.com/dl/f04066938c6f5fffea5acfd9410c12b6/56095bde/100209043/software/internet/.../EFinstaller.exe

http://www.farmupdatebits.com/c?x=cqS9prJ/dSLwQ9Z1 2w60t2ESX0IJdVXpWUb5jRbt7A=&c=JD ObOeDr6ZxyX4Re6zu/GOwVvdYx7cRnXgo5ZqXq LgolzuBNhf/.../S tXdulPNPCk6v2KNgeYciRwYFmcZs=

http://www.farmupdatebits.com/c?x=M4Dooq8ihpw2KEOSApG CP5a/.../abpUAJKjeCJsDBzjsRizxMXj2cYTRG7pNaQRxu1IxH7HY1iFo6oOaGq ZP6YpatHV9gFIYYMaj1qnQuFUH

http://www.farmupdatebits.com/c?x=cz7wUps3mUbVlBZtceyVkBimgnUCxz6WSIBVM7HFL1E=&c=KBxBHcJVynBdNOZfoGjpk5LPyfmawfILU8QGzHLHXORGgljx0uHHq06YU70N/.../5hFqKQQ2MPXQ6Uq2djoNCs=

http://www.farmupdatebits.com/.../RzTz9hLe 02rtzpUk8Kn0jGqlEwWno23NNLzvDIfnjcv9ocxAFvgnVuhXj7hJ9qjUJrMmPFPpOH

http://pr2.rapidgator.net//.../index&session_id=3AN62fBAPXXIFRYrQEVmpFboFZbgxm7k

http://www.farmupdatebits.com/c?x=Yrl/kqDVbO4FzKH/TJyHagSi sG5kgjqF33aJzjX0Js=&c=JwNadAyzK3 COU18WsF/43Asm9cFJ0NPHvIf3d3V1VJ9zyMSpVtVxnOrswqz/.../dZWYT7izSOyJ81wFcLcFxaXxHcTj6qA=

http://www.farmupdatebits.com/c?x=3Bj0HOpUHM5OK 44XP7ois7fHLiPdDXErRe2Pl2rlfY=&c=udpJB4f6lJq/VUIG6kpKuliVwden1tGy/QbZ 643zdkvA7zeO8gQUP2C/.../LQ2nRL YMfgg95JVdjYnMcbphJagQ20kblpN

http://download.softpedia.com/dl/47d2ee970f956e8b411574a1452208e2/550d873f/100209043/software/internet/.../EFinstaller.exe

http://www.farmupdatebits.com/c?x=wTZlpXliGnhDc6KXK2hpt7aKn9o7dO VIJGaLei FHk=&c=AbZAtqEN0zj/vAKNv4KBCDPZprd1n 3oJPh3K4js6jMbRgmkpx2Yz6gtZmeZQfUyBChdViVsMmgV9meVybbHPK/OohN//XWHG7KL/cmRG 4F9xctCrAOoNv5UNbjojsfWfJWQ7 8AzWawG/.../nqMNTIbLV8L84J5ndw1QdU1sI=

http://localhost:37848/continue?TiCredToken=14013&Source=WTP&Score=49&siteowner=0&email=Email address&description=Provide a description of the site&URL=http://www.tucows.com/download/windows/.../EFinstaller.exe&Permanent=1

Latest 30 of 58 download URLs

Remove efinstaller.exe - Powered by Reason Core Security