home

GoforFiles.exe

GoforFiles Application

http://goforfiles.com/

The application GoforFiles.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This file is typically installed with the program GoforFiles by Righway Technologies, Inc which is a potentially unwanted software program.
Publisher:
http://goforfiles.com/

Product:
GoforFiles Application

Version:
3, 0, 0, 1

MD5:
4ce42d5cf5d556a4d429e95b474f413c

SHA-1:
d6f88eb58efc026ce32ecdda1540011f74c40ae8

SHA-256:
f775bc29079a342496975e9229835f9008fbb7b8f877211470e4be083d2140e2

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:26:57 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.YourFileDownloader
4.0.3.14121

ESET NOD32
Win32/YourFileDownloader (variant)
8.9318

herdProtect (fuzzy)
variant of uninstall2787332.exe (PUP)
2014.1.27.8

McAfee
Artemis!4CE42D5CF5D5
5600.7243

Reason Heuristics
PUP.httpgoforfiles.K
14.2.22.2

Trend Micro House Call
TROJ_GEN.F47V0119
7.2.21

File size:
2.3 MB (2,370,560 bytes)

Product version:
3,0,0,0

Copyright:
Copyright http://goforfiles.com/ (C) 2013

Original file name:
GoforFiles.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\goforfiles\goforfiles.exe

File PE Metadata
Compilation timestamp:
1/16/2014 6:17:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:VsLG2Cc3UTCFUq1x+WfG9Cw0NbLNHUJnDWymkLCzflHHuVNzo:2LGbckTCFUqk4ZR0JiymLKNzo

Entry address:
0x1B77E

Entry point:
E8, 9D, AC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 58, 45, 44, 00, 00, 75, 18, E8, 34, A2, 00, 00, 6A, 1E, E8, 7E, A0, 00, 00, 68, FF, 00, 00, 00, E8, 93, 82, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 58, 45, 44, 00, FF, 15, 1C, 11, 43, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 98, 4C, 44, 00, 74, 0D, 53, E8, 63, 25, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 6A, 01, 00, 00, 89, 30, E8, 63, 01, 00, 00, 89...
 
[+]

Entropy:
7.2043

Code size:
192 KB (196,608 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files\GoforFiles\GoforFiles.exe


The file GoforFiles.exe has been discovered within the following programs.

GoforFiles  by Righway Technologies, Inc
GoforFiles bundles various adware toolbars including the Delta Search Toolbar (an adware toolbar that modifies the user's web browser home page, search settings and other settings).
www.goforfiles.com
70% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to torrentz.eu  (85.195.102.28:80)

TCP (HTTP):
Connects to ec2-54-208-93-4.compute-1.amazonaws.com  (54.208.93.4:80)

TCP (HTTP):
Connects to 206.190.150.98.static.midphase.com  (206.190.150.98:80)

Remove GoforFiles.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.