home

covert_affairs_season_1_-_4_downloader.exe

GoforFiles

Righway Technologies, Inc

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application covert_affairs_season_1_-_4_downloader.exe by Righway Technologies, Inc has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
http://www.goforfiles.com/  (signed by Righway Technologies, Inc)

Product:
GoforFiles

Version:
1, 0, 0, 464

MD5:
004c2b986193e6b3a087e1e70782fc6f

SHA-1:
223ebb08f6adfc2ec692dc656cfa63d3c4de8fab

SHA-256:
036392e1fba0399189663c4aeb414fe819d7aac013a35d45a84e826c1369f5ea

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 9:28:37 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/BrowseFox.apa
8.3.1.6

avast!
Win32:PUP-gen [PUP]
150525-2

AVG
Righway Technologies
2016.0.3094

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.EDown.FTVP
22268

Dr.Web
Adware.Downware.4798, Adware.Downware.3112
9.0.1.05190

ESET NOD32
Win32/ExpressDownloader.H potentially unwanted application
7.0.302.0

G Data
Win32.Application.Expressdownloader
15.5.25

IKARUS anti.virus
PUA.Expressdownloader
t3scan.1.9.2.0

K7 AntiVirus
Unwanted-Program
13.204.16076

Malwarebytes
PUP.Optional.GoForFiles.A
v2015.05.29.03

Microsoft Security Essentials
Threat.Undefined
1.199.1123.0

NANO AntiVirus
Riskware.Win32.Amonetize.cvaajw
0.30.24.1636

Reason Heuristics
PUP.RighwayTechnologies
15.5.29.11

Sophos
PUA 'Go For Files'
5.14

Vba32 AntiVirus
Signed-Downware.ExpressDownloader
3.12.26.4

VIPRE Antivirus
Threat.4925438
40552

File size:
8.3 MB (8,660,216 bytes)

Product version:
2,0,0,0

Copyright:
Copyright http://www.goforfiles.com/ (C) 2012

Original file name:
GoforFiles.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
YourFile Downloader

Common path:
C:\users\{user}\downloads\covert_affairs_season_1_-_4_downloader.exe

Digital Signature
Signed by:
Righway Technologies, Inc

Authority:
COMODO CA Limited

Valid from:
8/22/2012 2:00:00 AM

Valid to:
8/23/2015 1:59:59 AM

Subject:
CN="Righway Technologies, Inc", O="Righway Technologies, Inc", STREET="1740 H Dell Range Blvd #281", L=Cheyenne, S=Wyoming, PostalCode=82009, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0089B8C147F063769F8D685962C161E027

File PE Metadata
Compilation timestamp:
1/31/2014 4:28:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:KazwZD0rBfPg8d55riRJ4jTYtpNmq3CwD9JyTgj:KackhX5WRbtSEye

Entry address:
0x2BF76

Entry point:
E8, D8, C8, 00, 00, E9, 89, FE, FF, FF, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, E4, 8B, 45, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, CF, 5C, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, F0, C0, 42, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8, FF, 24, 85, 04, C0...
 
[+]

Code size:
270.5 KB (276,992 bytes)

The file covert_affairs_season_1_-_4_downloader.exe has been seen being distributed by the following URL.

http://t.go-for-files.com/j5GmWHTVu08t1atZa9GjMCXPsCZhr7dgPfX2YjH8xydt8dRkG HdbRXt2GkMq4QBWbGcAw/ZwF0A0dscT4poFwPVPEF0xS8LJ4Z5ES KTuoqwSahJW1w72s9Lbx8fFjjOzFC9g91Wr0SZkz5DHFS/.../fS0YbzBZBIthDHWPH8F8tzuVAEtbuBWLl kw5 vA=

Remove covert_affairs_season_1_-_4_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.