free-downloadable-minecraft-games-for-nintendo-dsi-xl_downloader.exe

GoForFiles Installer

Faglaro Enterprises Limited

The application free-downloadable-minecraft-games-for-nintendo-dsi-xl_downloader.exe by Faglaro Enterprises Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SimpleFiles installer. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars. The file has been seen being downloaded from dw901.fansfile.biz.
Publisher:
http://goforfiles.com  (signed by Faglaro Enterprises Limited)

Product:
GoForFiles Installer

Version:
1, 0, 464, 1

MD5:
7fe9dc6986181c8b00ef365f4e94dbf9

SHA-1:
c2704325bbbf02f4b5f85ffa062882943c0a8206

SHA-256:
94e5f6d4a15d0d715d346a71ab93b1185536c17cecd2c3100da3d137d58f3b59

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 5:17:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Blisbury (M)
16.8.6.6

File size:
4.1 MB (4,247,424 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://goforfiles.com (C) 2014

Original file name:
GoForFilesInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SimpleFiles

Language:
English

Common path:
C:\users\{user}\downloads\free-downloadable-minecraft-games-for-nintendo-dsi-xl_downloader.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/12/2012 10:00:00 PM

Valid to:
12/13/2015 9:59:59 PM

Subject:
CN=Faglaro Enterprises Limited, O=Faglaro Enterprises Limited, STREET=Boumpoulinas 11, L=Nicosia, S=Nicosia, PostalCode=1060, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
37B080A790663B8AF63D05448AD0343B

File PE Metadata
Compilation timestamp:
12/12/2014 8:49:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:dgflL3wb3TEe8Tv0GTN1SntgOtpe9VmKUot9xI0qLGQurnPCKg0m21yf:dX0e8gG7CZtM9VRLq6QUPCKg0m2E

Entry address:
0x78D375

Entry point:
68, E5, 6B, 0D, C9, C6, 04, 24, 16, C7, 04, 24, 1A, 14, C8, B7, E9, 80, 73, C6, FF, 9C, C7, 44, 24, 24, BE, E5, C7, B7, 60, C7, 44, 24, 40, AD, 83, 70, A9, 68, 74, 01, C4, DC, FF, 34, 24, 50, 68, CB, 17, 13, AF, 8D, 64, 24, 50, E9, B7, 55, 00, 00, 26, 06, 94, 72, 61, 7C, 21, D9, F9, 37, 53, F5, 95, 8B, 24, EC, C3, 69, 21, 07, 83, C9, E6, 32, 7D, C3, EC, 34, 7B, 99, 16, F6, 2F, A7, 2C, FE, 9C, C3, 38, BD, F9, 44, 64, CC, BE, 7A, 59, E5, A7, 13, 0C, 12, 4A, 45, CB, BF, 51, 3D, B3, AA, EA, F9, 79, C6, A2, 9C...
 
[+]

Code size:
785 KB (803,840 bytes)

The file free-downloadable-minecraft-games-for-nintendo-dsi-xl_downloader.exe has been seen being distributed by the following URL.