home

smilefiles_downloader.exe

SmileFiles Installer

Faglaro Enterprises Limited

The application smilefiles_downloader.exe by Faglaro Enterprises Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SimpleFiles installer. The file has been seen being downloaded from d.failsmail.com.
Publisher:
http://smile-files.com  (signed by Faglaro Enterprises Limited)

Product:
SmileFiles Installer

Version:
1, 0, 602, 1

MD5:
526e53b7c2135550eac8efecdaadf852

SHA-1:
243560d8c8da75ef6c33ef21a1df9dce63c07af8

SHA-256:
6138718279fd1badd17d33357d215b509f3edad479bbdb85feec5aee3c01c08a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/14/2024 9:15:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Blisbury.FaglaroE.Bundler (M)
16.6.4.9

File size:
3.8 MB (3,935,368 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://smile-files.com (C) 2014

Original file name:
SmileFiles.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SimpleFiles

Language:
English

Common path:
C:\users\{user}\downloads\smilefiles_downloader.exe

Digital Signature
Signed by:
Faglaro Enterprises Limited

Authority:
COMODO CA Limited

Valid from:
12/12/2012 7:00:00 PM

Valid to:
12/13/2015 6:59:59 PM

Subject:
CN=Faglaro Enterprises Limited, O=Faglaro Enterprises Limited, STREET=Boumpoulinas 11, L=Nicosia, S=Nicosia, PostalCode=1060, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
37B080A790663B8AF63D05448AD0343B

File PE Metadata
Compilation timestamp:
3/20/2015 1:40:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:Np9h7gfrQ5/wKgrqcDO/ymKv7CeCiuXr5Zrp:NlmKohrtDkRKv7GFr55p

Entry address:
0x48492A

Entry point:
E8, 3F, F4, 30, 00, 1C, 5C, 0F, 9F, 00, 6F, D5, 84, 03, 85, 59, FB, 4F, A0, 81, 33, AB, FD, E9, 0A, 60, A1, 4E, 2E, E5, E7, E3, C5, 5D, 2F, 5F, 51, 69, BA, FC, 9C, A7, C2, 58, 82, 7A, 90, 7E, AF, DC, 4C, BB, A5, 05, 42, 86, A5, 32, A1, D5, 91, 44, 18, 06, 66, FC, 6C, AF, B4, 8E, 5F, 57, 13, 3D, 29, 47, 27, F5, 97, 0E, FC, DC, 1F, 50, AB, 8A, 3A, 9E, C4, F4, A6, C6, 61, 33, F7, DB, 7C, 45, 6B, ED, BB, A9, BB, 3C, 2C, F6, 17, CC, CC, AA, DA, 10, C1, 2F, 31, ED, 7F, 68, 38, 1A, EB, E4, 74, 5F, D1, EA, 0B, 10...
 
[+]

Entropy:
7.9938  (probably packed)

Code size:
791.5 KB (810,496 bytes)

The file smilefiles_downloader.exe has been seen being distributed by the following URL.

http://d.failsmail.com/j5HjQ3GN A80g/8PPo7mcSjPoCV7pOR6JvTufyv7xyN/vpE5R6K2MkLp3nleqpAFSLWWOEaZiQ4L1cxJWYRoEFXRNFE2lHokLpt C3eMeeYvmGbpN3Q36DlpO/s e37wMXlL4xBpFM41Ml/6C3RuwAJ1VswtTlaWRgJJywl3KMNDGXWZsAV8lbcBeZG Dne272M9puEoZKmvcj6roy5Z4Kx0UuGUYQvil2BV7ZJqQtbIa0GFhFlOzcMFQKzyTu2Ugwnr0aER/.../yGbX tBB3arRE8KR2EjCkNgez8z1V8jPo1Mx1PleZNX7C2ueoSx8yOh2Ifnucg==

Remove smilefiles_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.