update59327.exe

GoForFiles Installer

Faglaro Enterprises Limited

The application update59327.exe by Faglaro Enterprises Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SimpleFiles installer. It is also typically executed from the user's temporary directory.
Publisher:
http://goforfiles.com  (signed by Faglaro Enterprises Limited)

Product:
GoForFiles Installer

Version:
1, 0, 512, 1

MD5:
15a3cc3b2655c7f9b6713272e1896adb

SHA-1:
e77f03031592a138a2897325b8e060ba9b005154

SHA-256:
d0a4808751985b8dae9557d43b2c097c3e79072b5951367199cea349760abb64

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 4:27:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Blisbury (M)
17.3.14.12

File size:
4.1 MB (4,302,792 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://goforfiles.com (C) 2014

Original file name:
GoForFilesInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SimpleFiles

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\update59327.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/13/2012 8:00:00 AM

Valid to:
12/14/2015 7:59:59 AM

Subject:
CN=Faglaro Enterprises Limited, O=Faglaro Enterprises Limited, STREET=Boumpoulinas 11, L=Nicosia, S=Nicosia, PostalCode=1060, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
37B080A790663B8AF63D05448AD0343B

File PE Metadata
Compilation timestamp:
1/24/2015 6:59:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x7CAD40

Entry point:
E8, 0E, 06, 00, 00, 90, 56, BB, 3E, 3E, 15, 54, E5, FD, 9F, EF, 18, 79, CF, 87, 26, 14, A8, 7C, F7, 3A, 2B, 27, E9, 6B, 5E, C1, 65, B9, 76, 5A, 01, 13, 69, 7B, E3, D1, 26, 56, F1, 03, 2C, 80, DF, 7B, 91, E3, 78, 19, 76, 63, 4C, 96, C9, 8E, 61, DB, E7, 31, 7A, BB, 59, 2A, 1D, 5D, 0C, 62, 2B, 80, 66, D8, 7C, 70, 9C, 6B, 79, 58, 18, E9, 76, DF, 9D, 4D, 23, F0, F6, 30, 59, F1, 02, B9, 18, 61, A3, 73, 17, 6B, AD, 02, 9F, D6, 10, D4, B5, FE, AB, 47, 1D, 9B, 8E, A4, A7, 19, 44, 54, 68, 4A, 24, 5B, 42, 75, 75, E0...
 
[+]

Entropy:
7.7023  (probably packed)

Code size:
786 KB (804,864 bytes)

Remove update59327.exe - Powered by Reason Core Security