home

update63149.exe

GoForFiles Installer

Faglaro Enterprises Limited

The application update63149.exe by Faglaro Enterprises Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SimpleFiles installer. It is also typically executed from the user's temporary directory.
Publisher:
http://goforfiles.com  (signed by Faglaro Enterprises Limited)

Product:
GoForFiles Installer

Version:
1, 0, 512, 1

MD5:
775f426d22c91d87250b67bc5c34eea3

SHA-1:
d3323d66099b71ecf7aecd58697d9886d1409ea8

SHA-256:
1f23c739d40452c7a08bd8639e38b0204f336e676b99c2bceab4c459a836aba9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/5/2024 9:58:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Blisbury (M)
17.3.14.12

File size:
4.1 MB (4,300,848 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://goforfiles.com (C) 2014

Original file name:
GoForFilesInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SimpleFiles

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\update63149.exe

Digital Signature
Signed by:
Faglaro Enterprises Limited

Authority:
COMODO CA Limited

Valid from:
12/13/2012 8:00:00 AM

Valid to:
12/14/2015 7:59:59 AM

Subject:
CN=Faglaro Enterprises Limited, O=Faglaro Enterprises Limited, STREET=Boumpoulinas 11, L=Nicosia, S=Nicosia, PostalCode=1060, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
37B080A790663B8AF63D05448AD0343B

File PE Metadata
Compilation timestamp:
1/24/2015 6:59:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x7CAD40

Entry point:
E8, 0E, 06, 00, 00, 90, 56, BB, 3E, 3E, 15, 54, E5, FD, 9F, EF, 18, 79, CF, 87, 26, 14, A8, 7C, F7, 3A, 2B, 27, E9, 6B, 5E, C1, 65, B9, 76, 5A, 01, 13, 69, 7B, E3, D1, 26, 56, F1, 03, 2C, 80, DF, 7B, 91, E3, 78, 19, 76, 63, 4C, 96, C9, 8E, 61, DB, E7, 31, 7A, BB, 59, 2A, 1D, 5D, 0C, 62, 2B, 80, 66, D8, 7C, 70, 9C, 6B, 79, 58, 18, E9, 76, DF, 9D, 4D, 23, F0, F6, 30, 59, F1, 02, B9, 18, 61, A3, 73, 17, 6B, AD, 02, 9F, D6, 10, D4, B5, FE, AB, 47, 1D, 9B, 8E, A4, A7, 19, 44, 54, 68, 4A, 24, 5B, 42, 75, 75, E0...
 
[+]

Entropy:
7.7022  (probably packed)

Code size:
786 KB (804,864 bytes)

Remove update63149.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.