» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)

uninstall.exe

Express Files Installer

Faglaro Enterprises Limited

The application uninstall.exe by Faglaro Enterprises Limited has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the SimpleFiles installer. This is the uninstaller utility registered in the Windows Control Panel for the program ExpressFiles by http://www.express-files.com/. It uses the ExpressFiles installer to bundle additional adware offers such as toolbars and web browser addons. The file has been seen being downloaded from dc483.4shared.com and multiple other hosts.

File name:

uninstall.exe

Publisher:

http://www.express-files.com/ (signed by Faglaro Enterprises Limited)

Product:

Express Files Installer

Version:

2,0,0,0

MD5:

b4c64156525e39fb9a1569fe211ba457

SHA-1:

f485b36cc25febd1ee9ff646e44cd5d9ac28c871

SHA-256:

9ea438495760653152bb984cd1a78d30bafec08102d163eec83adad2634f75f3

Scanner detections:

15 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/19/2024 7:47:24 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.ExpressFiles

7.1.1

avast!

Win32:Expressfiles-A [PUP]

2014.9-160218

Baidu Antivirus

Adware.Win32.Bbylon

4.0.3.16218

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.EDown.FTVP

21829

Dr.Web

Adware.Downware.10546

9.0.1.049

Emsisoft Anti-Malware

Riskware.Win32.ExpressFiles

8.16.02.18.10

ESET NOD32

Win32/ExpressFiles potentially unwanted (variant)

10.11499

G Data

Win32.Application.ExpressFiles

16.2.25

IKARUS anti.virus

PUA.ExpressFiles

t3scan.1.8.9.0

McAfee

Artemis!809864701CCC

5600.6485

MicroWorld eScan

Win32/ExpressFiles

17.0.0.147

Reason Heuristics

PUP.Blisbury.FaglaroEnterprises.Bundler (M)

16.2.18.22

Trend Micro House Call

TROJ_GEN.F47V0808

7.2.49

VIPRE Antivirus

ExpressFiles Installer

39502

File size:

4.6 MB (4,798,072 bytes)

Product version:

2,0,0,0

Original file name:

ExpressFilesInstaller.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

SimpleFiles

Common path:

C:\Program Files\expressfiles\uninstall.exe

Digital Signature

Signed by:

Faglaro Enterprises Limited

Authority:

COMODO CA Limited

Valid from:

12/16/2011 2:00:00 AM

Valid to:

12/16/2012 1:59:59 AM

Subject:

CN=Faglaro Enterprises Limited, O=Faglaro Enterprises Limited, STREET="Konstantinoupoleos, 22", L=Nicosia, S=Aglantzia/Cyprus, PostalCode=2107, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DD2A4BBB66262A8FB4E084560573E908

File PE Metadata

Compilation timestamp:

2/1/2012 9:30:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:hxTxxfYpPMefmC1Es3D40lELF/rpah+yoATnXKhJdCrWMiQm:h6ZRfgsTqah+yoinXKh7CM9

Entry address:

0x45BA18

Entry point:

0F, 89, 0A, A7, FF, FF, 68, C2, 84, C7, 1C, 0F, 8B, 5D, D2, FF, FF, 68, 8C, 1C, 7B, EA, 66, 89, 3C, 24, 60, C7, 44, 24, 20, 82, 71, 75, FB, 68, FA, EE, BF, 0A, 60, 66, 89, 14, 24, 8D, 64, 24, 44, E9, DD, 21, 00, 00, 84, D6, F2, AE, 60, 8D, 64, 24, 20, 0F, 85, 97, DA, FF, FF, 0F, 99, C1, 0F, 92, C5, 66, 31, CE, 89, F9, 66, D3, FE, F9, F9, 29, D9, 66, C1, EE, 09, 66, 0F, BE, F3, 66, F7, DE, 66, 0F, BE, F3, 89, E6, 60, 68, E6, D2, 2C, 2F, C6, 44, 24, 04, 7E, F9, 83, EF, 04, E8, DE, C2, FF, FF, 00, 00, 4C, 6F... 
[+]

Entropy:

7.8895 (probably packed)

Code size:

88.5 KB (90,624 bytes)

Program Uninstaller

Program name:

ExpressFiles

Display publisher:

http://www.express-files.com/

Display version:

1.2.0

Uninstall string:

"C:\Program Files (x86)\ExpressFiles\uninstall.exe"

The file uninstall.exe has been seen being distributed by the following 2 URLs.

http://dc483.4shared.com/download/.../express-files.exe

http://dc225.4shared.com/download/.../express-files.exe

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.