» MAGIX_VIDEO_EASY_4_HD_dwnload_serial_number_downloader.exe
Overview
Analysis
File Details
Downloads (1)

MAGIX_VIDEO_EASY_4_HD_dwnload_serial_number_downloader.exe

GoforFiles

Righway Technologies, Inc

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application MAGIX_VIDEO_EASY_4_HD_dwnload_serial_number_downloader.exe by Righway Technologies, Inc has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

http://www.goforfiles.com/ (signed by Righway Technologies, Inc)

Product:

GoforFiles

Version:

1, 0, 0, 464

MD5:

5c788e3c2cb46a59337521f15b1673f0

SHA-1:

54e06c2359d3bc66207b90c3299f8be8f04f9963

SHA-256:

dd4ab5f83feba2dfc806b3425220118e7aac443cbc8a0d9b3abd2326e4fa8bb1

Scanner detections:

28 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/4/2024 8:58:20 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Kazy.133001

5690745

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.ExpressFiles

2013.12.14

avast!

Win32:PUP-gen [PUP]

150423-1

AVG

Righway Technologies

2016.0.3129

Bitdefender

Gen:Variant.Application.Kazy.133001

1.0.20.570

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.EDown.FTVP

21882

Dr.Web

Adware.Downware.4798

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Kazy.133001

9.0.0.4799

ESET NOD32

Win32/YourFileDownloader (variant)

9.9171

F-Secure

Riskware.Gen:Variant.Application.Kazy

5.13.68

G Data

Gen:Variant.Application.Kazy.133001

15.4.25

herdProtect (fuzzy)

variant of uninstall.exe (Adware)

2015.7.25.22

IKARUS anti.virus

AdWare.Win32.YourFileDownloader

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.174.10509

Malwarebytes

PUP.Optional.GoForFiles.A

v2015.04.24.08

McAfee

Artemis!7B998F57FCBC

5600.6693

Microsoft Security Essentials

Threat.Undefined

1.197.478.0

MicroWorld eScan

Gen:Variant.Application.Kazy.133001

16.0.0.342

NANO AntiVirus

Trojan.Nsis.BrowseFox.dnxihk

0.30.20.1219

Norman

Gen:Variant.Application.Kazy.133001

03.12.2014 13:20:04

Reason Heuristics

Threat.RighwayTechnologies

15.4.24.15

Sophos

Go For Files

4.96

Trend Micro House Call

TROJ_GEN.F47V0430

7.2.206

Vba32 AntiVirus

Signed-Downware.ExpressDownloader

3.12.26.3

VIPRE Antivirus

Yontoo

24330

Zillya! Antivirus

Trojan.Black.Win32.21975

2.0.0.2153

File size:

6.9 MB (7,205,456 bytes)

Product version:

2,0,0,0

Original file name:

GoforFiles.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

YourFile Downloader

Language:

Turkish (Turkey)

Common path:

C:\users\onur\magix_video_easy_4_hd_dwnload_serial_number_downloader.exe

Digital Signature

Signed by:

Righway Technologies, Inc

Authority:

COMODO CA Limited

Valid from:

8/22/2012 3:00:00 AM

Valid to:

8/23/2015 2:59:59 AM

Subject:

CN="Righway Technologies, Inc", O="Righway Technologies, Inc", STREET="1740 H Dell Range Blvd #281", L=Cheyenne, S=Wyoming, PostalCode=82009, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0089B8C147F063769F8D685962C161E027

File PE Metadata

Compilation timestamp:

5/22/2014 11:12:40 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

196608:mvRb95J4jTYWraDWj6SD0rBfPg8d55rimJyTg6:mvRbXbnWj6DhX5Wiyn

Entry address:

0x3C7AF

Entry point:

E8, A0, EF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, DE, 46, 00, E8, 2B, 78, 00, 00, E8, C2, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, 33, EF, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 79, B5, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

356 KB (364,544 bytes)

The file MAGIX_VIDEO_EASY_4_HD_dwnload_serial_number_downloader.exe has been seen being distributed by the following URL.

http://t.go-for-files.com/j5GIdkX5kRBQ/Yl6RZOUAl3l/nM5iJ1gcrOzI3WphXhtqZc Q7zCNVO5jzpY/.../coOqPLPQzml2Bd7phgRtGZbFOT2w0c1odQTd6IULbBiVyjh7Af7Y6lANKWrkWiJbpB8SGm8PU2sg==

Remove MAGIX_VIDEO_EASY_4_HD_dwnload_serial_number_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.