EFupdater.exe
By Faglaro Enterprises Limited (Signed)
Warning 15 antivirus scanners has detected malware in various versions of EFupdater.exe.
Overview
There are 3 versions of efupdater.exe in the wild, the latest version being 1, 0, 0, 6. efupdater.exe is run as a standard windows process with the logged in user's account privileges. The process utilizes the Windows Task Scheduler to automatically launch the file as a process when a user logs into Windows. The average file size is about 497.4 KB. The file is a digitally signed and issued to Faglaro Enterprises Limited by COMODO CA Limited. Some variations of the file have been seen to be installed with the program ExpressFiles from Express Solutions. During the process's lifecycle, the typical CPU resource utilization is about 0.0013% including both foreground and background operations, the average private memory consumption is about 9.88 MB with the maximum memory reaching around 10.97 MB. Addionally, typically read and write I/O disk operations is about 17.52 KB per minute for reads and 2 Bytes per minute for writes.
 Details
|
| File name: | efupdater.exe |
| Typical file path: | C:\Program Files\expressfiles\efupdater.exe |
| Certificate |
| Issued to: | Faglaro Enterprises Limited |
| Authority (CA): | COMODO CA Limited |
| Effective date: | Wednesday, December 12, 2012 |
| Expiration date: | Sunday, December 13, 2015 |
Programs installed in
(Note, the programs listed below are for all versions of efupdater.exe.)
“No settings, no complications, unimaginable speed, with minimum effort and maximum simplicity! User-friendly interface anyone can manage. Built-in instant search tool with an amazingly intelligent alg...”
Behaviors
(Note, the behaviors below are for all versions of efupdater.exe, select a unique version for details.)
Scheduled tasks
- The job 'Express FilesUpdate' runs on logon in the path '\Express FilesUpdate'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path 'C:\WINDOWS\Tasks\Express FilesUpdate.job'
- Login entry path '\Express FilesUpdate'
Malware detections
Based on 40+ industry antivirus scanners, 15 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| avast! |
8.0.1489.320 |
Win32:Expressfiles-B [PUP] |
1, 0, 0, 6 |
| Baidu Antivirus |
3.5.1.41473 |
Trojan.Win32.Agent.peo |
1, 0, 0, 6 |
| Bkav Security |
1.3.0.4246 |
W32.HfsAuto.07ee |
1, 0, 0, 6 |
| CAT Quick Heal |
10.13.12.00 |
(Suspicious) - DNAScan |
1, 0, 0, 6 |
| Dr.Web |
8.13.9.29 |
Tool.DownLoader.52 |
1, 0, 0, 6 |
| ESET NOD32 |
7.8777 |
a variant of Win32/YourFileDownloader.B |
1, 0, 0, 6 |
| ESET NOD32 |
7.8891 |
a variant of Win32/YourFileDownloader.B |
1, 0, 0, 6 |
| Fortinet |
5.1.147.0 |
W32/YourFileDownloader.B |
1, 0, 0, 6 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
1, 0, 0, 6 |
| McAfee |
5.600.1067 |
Artemis!D79643BC1EA4 |
1, 0, 0, 6 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Heuristic.LooksLike.Win32.SuspiciousPE.F |
1, 0, 0, 6 |
| Symantec |
20131.1.5.61 |
Suspicious.Cloud.5 |
1, 0, 0, 6 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0529 |
1, 0, 0, 6 |
| VIPRE Antivirus |
21296 |
ExpressFiles Installer (fs) |
1, 0, 0, 6 |
| VIPRE Antivirus |
22200 |
Trojan.Win32.Generic!BT |
1, 0, 0, 6 |
All file variations of efupdater.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
60.00% |
|
| Windows 7 Home Premium |
16.67% |
|
| Microsoft Windows XP |
10.00% |
|
| Windows 8.1 Pro Preview |
10.00% |
|
| Windows 8 |
3.33% |
|
Distribution by country
United States installs about 33.33% of efupdater.exe.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| ASUS |
19.51% |
|
| Compaq |
14.63% |
|
| Dell |
14.63% |
|
| Gateway |
9.76% |
|
| Acer |
9.76% |
|
| Hewlett-Packard |
9.76% |
|
| Samsung |
7.32% |
|
| Alienware |
7.32% |
|
| GIGABYTE |
7.32% |
|
