» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

GoForFiles Installer

Righway Technologies, Inc

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application uninstall.exe by Righway Technologies, Inc has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. This is the uninstaller utility registered in the Windows Control Panel for the program Update Service GoForFiles by http://www.goforfiles.org.

File name:

uninstall.exe

Publisher:

http://goforfiles.com (signed by Righway Technologies, Inc)

Product:

GoForFiles Installer

Version:

1, 0, 262, 1

MD5:

21a24c120a7811af8d7abd0374afca78

SHA-1:

62900e441b7aaa52ba4fcf3c7f8444a5871352e8

SHA-256:

c33d32ab4a09a295d2c4ac3ebd51cd2143d84679faf551db9844751374db8e12

Scanner detections:

22 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 1:37:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.63674

838

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Generic

2014.09.24

Avira AntiVirus

APPL/Downloader.Gen8

7.11.173.236

avast!

Win32:Adware-gen [Adw]

141003-0

AVG

Adware BundleApp_r

2015.0.3316

Bitdefender

Gen:Variant.Strictor.63674

1.0.20.1460

Comodo Security

Application.Win32.NoGoFiles.A

19849

Dr.Web

Adware.Downware.4798, Adware.Downware.8715

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Strictor.63674

8.14.10.19.06

ESET NOD32

Win32/ExpressDownloader.J potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Strictor.63674

11.2014-19-10_1

G Data

Gen:Variant.Strictor.63674

14.10.24

IKARUS anti.virus

PUA.Expressdownloader

t3scan.1.7.8.0

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.3076

Malwarebytes

PUP.Optional.Downloader

v2014.10.19.06

MicroWorld eScan

Gen:Variant.Strictor.63674

15.0.0.876

NANO AntiVirus

Trojan.Win32.Agent.dfgvgd

0.28.2.62286

Reason Heuristics

PUP.Installer.RighwayTechnologies.J

14.10.19.18

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Threat.4925438

33120

Zillya! Antivirus

Downloader.Agent.Win32.221447

2.0.0.1930

File size:

2.9 MB (3,020,360 bytes)

Product version:

1.0.0.1

Original file name:

GoForFilesInstaller.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

YourFile Downloader

Language:

English

Common path:

C:\Program Files\goforfilesupdater\uninstall.exe

Digital Signature

Signed by:

Righway Technologies, Inc

Authority:

COMODO CA Limited

Valid from:

8/22/2012 1:00:00 AM

Valid to:

8/23/2015 12:59:59 AM

Subject:

CN="Righway Technologies, Inc", O="Righway Technologies, Inc", STREET="1740 H Dell Range Blvd #281", L=Cheyenne, S=Wyoming, PostalCode=82009, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0089B8C147F063769F8D685962C161E027

File PE Metadata

Compilation timestamp:

9/15/2014 12:32:22 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:eS9TCdKa5GLnVNRE/jRimvVgM0wquT0b4dEEdiTfz28+RIvM4Ow+D/aX9z8bxEo1:eSJ9a5qNCxvVgMBqN8XdiDKrOUVnDaaT

Entry address:

0x847FA

Entry point:

E8, 63, 27, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F8, 41, 4E, 00, E8, 20, BC, 00, 00, E8, BE, 6C, 00, 00, 0F, B7, F0, 6A, 02, E8, F6, 26, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D8, E8, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.3949

Code size:

766 KB (784,384 bytes)

Program Uninstaller

Program name:

Update Service GoForFiles

Display publisher:

http://www.goforfiles.org

Display version:

3.14.38

Uninstall string:

"C:\Program Files (x86)\GoForFilesUpdater\Uninstall.exe"

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.