» ewdd_rar_downloader.exe
Overview
Analysis
File Details

ewdd_rar_downloader.exe

Express Files Installer

Faglaro Enterprises Limited

The application ewdd_rar_downloader.exe by Faglaro Enterprises Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SimpleFiles installer.

File name:

Publisher:

http://www.express-files.com/ (signed by Faglaro Enterprises Limited)

Product:

Express Files Installer

Version:

2,0,0,0

MD5:

02596c77f67c670d839fff5230ef7bdf

SHA-1:

2aedc0642c05ddf61378e037e5590236fd92dbbb

SHA-256:

b9f6d3fade3716f97e115b42f26bf7b05fffeca9c2210444868aa21312091f34

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 10:17:26 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Blisbury.FaglaroEnterprises.Bundler (M)

16.1.31.7

File size:

4.5 MB (4,757,624 bytes)

Product version:

2,0,0,0

Original file name:

ExpressFilesInstaller.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

SimpleFiles

Common path:

C:\users\{user}\downloads\ewdd_rar_downloader.exe

Digital Signature

Signed by:

Faglaro Enterprises Limited

Authority:

COMODO CA Limited

Valid from:

12/16/2011 1:00:00 AM

Valid to:

12/16/2012 12:59:59 AM

Subject:

CN=Faglaro Enterprises Limited, O=Faglaro Enterprises Limited, STREET="Konstantinoupoleos, 22", L=Nicosia, S=Aglantzia/Cyprus, PostalCode=2107, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DD2A4BBB66262A8FB4E084560573E908

File PE Metadata

Compilation timestamp:

3/2/2012 12:13:12 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:IEqfRnCBxLIDX3poWf8PqBhCaAZ6A6HT8I+rFzoMw6L/nH:I+IDHRfc5pZoh+NoMjH

Entry address:

0x452024

Entry point:

57, C7, 04, 24, 2D, 72, 52, 25, E8, 76, E4, FF, FF, 38, CF, 68, 60, 24, EF, 15, 0F, BA, E4, 15, 85, FF, 9C, 56, 55, E8, 89, D0, FF, FF, 00, 00, 47, 65, 74, 53, 74, 72, 69, 6E, 67, 54, 79, 70, 65, 57, 00, 78, 34, 9C, D9, 60, 82, 51, 39, 5C, 41, 4B, 47, F7, 1B, 32, 48, 7F, C5, 6D, 92, 39, 43, DA, 31, C8, 02, 59, D4, 3B, D5, 5C, 02, 79, 07, EE, 69, D0, 46, 15, 40, 79, E0, B0, A2, 8E, 12, 73, 4B, B3, 7C, 68, F0, FD, 6C, 96, 2A, F1, 56, 17, 2E, 04, EB, 2F, F8, 97, 7F, EC, 64, 2E, 06, CB, A3, 76, 30, 17, 76, A0... 
[+]

Code size:

89 KB (91,136 bytes)

Remove ewdd_rar_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.