uninstall3824551.exe

Express Downloader Installer

Faglaro Enterprises Limited

The application uninstall3824551.exe by Faglaro Enterprises Limited has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the SimpleFiles installer. This file is typically installed with the program ExpressDownloader by Express Solutions. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from express-downloader.com and multiple other hosts.
Publisher:
http://www.express-downloader.com/  (signed by Faglaro Enterprises Limited)

Product:
Express Downloader Installer

Version:
1, 0, 0, 4

MD5:
c12d46ff47d03c1b3f679e9adf1eadf8

SHA-1:
0ad000116d8242a385e2b0854cb77438a1a224ad

SHA-256:
ba87543162ee50ac1377aead8cc93915f1509bdb397013deee2d962d50876496

Scanner detections:
3 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/27/2024 2:54:10 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.747
9.0.1.0104

G Data
Win32.Application.ExpressFiles
14.4.24

Reason Heuristics
PUP.Installer.FaglaroEnterprisesLimited.Q
14.8.7.22

File size:
10.7 MB (11,249,832 bytes)

Product version:
2,0,0,0

Copyright:
Copyright http://www.express-downloader.com/ (C) 2012

Original file name:
ExpressDownloaderInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SimpleFiles

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\uninstall3824551.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/15/2011 7:00:00 PM

Valid to:
12/15/2012 6:59:59 PM

Subject:
CN=Faglaro Enterprises Limited, O=Faglaro Enterprises Limited, STREET="Konstantinoupoleos, 22", L=Nicosia, S=Aglantzia/Cyprus, PostalCode=2107, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DD2A4BBB66262A8FB4E084560573E908

File PE Metadata
Compilation timestamp:
10/25/2012 10:07:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:1Y5I62/7Jl0oU0W4JfTU3Na1oMSHyZijuTb23/yJogVhhJFpiVDDvBv4OimOFpSW:1Jpl0x0/fQdaKqbI/yJThJ+VnBZOFpSW

Entry address:
0xA6C5

Entry point:
E8, 2D, 49, 00, 00, E9, 89, FE, FF, FF, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, E0, 89, 42, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 57, 3C, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, A8, 40, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8, FF, 24, 85, 54...
 
[+]

Entropy:
7.9726  (probably packed)

Code size:
90.5 KB (92,672 bytes)

The file uninstall3824551.exe has been discovered within the following program.

ExpressDownloader  by Express Solutions
Publisher's description - “It's all-in-one product. Easy to use instant built-in search tool usefully sorts your results and download manager is so handy. With our prod- uct you can find any content of any subject that interests you.”
www.express-downloader.com
50% remove it
 
Powered by Should I Remove It?

The file uninstall3824551.exe has been seen being distributed by the following 2 URLs.

Remove uninstall3824551.exe - Powered by Reason Core Security