Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

2, 0, 0, 4 11.11%
2, 0, 0, 4 16.67%
2, 0, 0, 4 27.78%
2, 0, 0, 4 5.56%
2,0,0,0 5.56%
2,0,0,0 5.56%
2,0,0,0 22.22%
2,0,0,0 5.56%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
RegisterEventSourceA, ReportEventA
htmlayout.dll
HTMLayoutLoadHtml, HTMLayoutSetElementInnerText16, HTMLayoutSetAttributeByName
kernel32.dll
GetVersionExA, GetVersion, GetVersionExW, InterlockedDecrement, GetModuleFileNameW, GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess, CreateThread, RtlUnwind
mswsock.dll
GetAcceptExSockaddrs, AcceptEx
ole32.dll
OleInitialize
shell32.dll
ShellExecuteW, SHGetSpecialFolderPathA, SHGetMalloc
shlwapi.dll
PathFindFileNameW, SHSetValueA, StrStrIA
user32.dll
DefWindowProcW, CreateWindowExW, FindWindowExA
Export table
6?vë±²áìE1¦ÖU뫬?­ªmZ>4$@z?Þ  ²ãz\?[½°Ã.Þ÷åféRÅ)W.qÚ?Åc*wQËÍÓÃmÌ]#é?x?ð= {?p°Ñ5v¬k¬¦7Ä(?c?'??³F]x?GA?è?%?S?¯Y­Y"?J?wWû?A(_Úîï?h=??Ö×l9ß3^ú?oOBb @ba"m#1?×aýjvèlæFº³¨·1àg>?·¨ëQ±ObaP?A +7??`ò?e?ßîô µA ·¬)å%î*¦N?4¤gÊ
asio_signal_handler
õ?Ñl%ÝWwºÙü²â ×ÚK<Æû?ùo?!ò!¥=.Åc£?ââMMé w)»¼S?Ȭ­ºÎy?ÕU5"5Cã°Æ?W.ê?ãêA??ý( E'?¸.lÝä5Høx# Z ¢æyü?Í·5??½?à?«$|?æ>c?ª,?Z_hg'S´y.ÙOT{ä'{¤1½%âsb?ÒØ*Rõ)o?½Eêú«yú|CD+^?ÍÈÚü-D¶°,ê~i¾ q²v±î<,?|±ÍíÁ¸BUܸ7 ?-+4Lº?Ö=SXô7?ªaM"FHå¸Çz½Ú0k

ExpressDL.exe

ExpressDL Application by Faglaro Enterprises Limited (Signed)

Remove ExpressDL.exe
Version:   2, 0, 0, 4
MD5:   d00fae89be24c6a42566b1d81b922b30
SHA1:   8adf08323c73f4a1d2f93308d5e150424330996d
SHA256:   c25b242f4ac3b70ba1a3d31120ddb0ce14a32706231d82dd1fbeda8fbcd6f62d
Warning 3 antivirus scanners has detected malware.

Overview

expressdl.exe is malware that executes as a process with the local user's privileges typically within the context of its parent expressfiles.exe (ExpressFiles Application by Faglaro Enterprises Limited). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. It is installed with a couple of know programs including ExpressFiles published by Express Solutions, ExpressFiles from Express Solutions and ExpressFiles by Express Solutions.

DetailsDetails

File name:expressdl.exe
Publisher:http://www.express-files.com/
Product name:ExpressDL Application
Typical file path:C:\Program Files\expressfiles\expressdl.exe
File version:2, 0, 0, 4
Product version:2,0,0,0
Size:1.65 MB (1,735,264 bytes)
Build date:5/8/2013 7:52 AM
Certificate
Issued to:Faglaro Enterprises Limited
Authority (CA):COMODO CA Limited
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Express Solutions
  61% remove
No settings, no complications, unimaginable speed, with minimum effort and maximum simplicity! User-friendly interface anyone can manage. Built-in instant search tool with an amazingly intelligent algorithm! It's absolutely free. And, we are con- stantly working to make our product better. Ask why? It's simple! We like to make the Internet better, and staying there pleasant. It's totally unique. Very simple inter- face is specifically d...

BehaviorsBehaviors

Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Program Files\ExpressFiles\expressdl.exe'
Network connections
Access through an approved Windows firewall exception
  • [TCP] cpc9-salf5-2-0-cust71.10-2.cable.virginmedia.com (86.31.59.72:37249)
  • [TCP] host-92-27-248-188.as13285.net (92.27.248.188:50538)
  • [TCP] ip5455817d.adsl-surfen.hetnet.nl (84.85.129.125:10645)
  • [UDP] listens on port 62790
  • [UDP] listens on port 61218
  • [UDP] listens on port 55120
  • [UDP] listens on port 51454
  • [UDP] listens on port 54324
  • [UDP] listens on port 52185
  • [UDP] listens on port 49884

  • MalwareMalware detections

    Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
    Antivirus engineEngine versionDetection
    avast! 8.0.1489.320 Win32:Downloader-TSH [PUP]
    Bkav Security 1.3.0.4246 HW32.CDB.8be2
    VIPRE Antivirus 21832 ExpressFiles Installer (fs)

    ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00259900%
    0.028634%
    Kernel CPU:0.00116652%
    0.013761%
    User CPU:0.00143249%
    0.014873%
    Kernel CPU time:12,686 ms/min
    100,923,805ms/min
    CPU cycles:12,725,294/sec
    17,470,203/sec
    Memory
    Private memory:25.42 MB
    21.59 MB
    Private (maximum):31.17 MB
    Private (minimum):8.12 MB
    Non-paged memory:25.42 MB
    21.59 MB
    Virtual memory:141.81 MB
    140.96 MB
    Virtual memory (peak):186.42 MB
    169.69 MB
    Working set:15.18 MB
    18.61 MB
    Working set (peak):31.2 MB
    37.95 MB
    Page faults:86,622/min
    2,039/min
    I/O
    I/O read transfer:1.09 MB/sec
    1.02 MB/min
    I/O read operations:70/sec
    343/min
    I/O write transfer:106.87 KB/sec
    274.99 KB/min
    I/O write operations:50/sec
    227/min
    I/O other transfer:40 KB/sec
    448.09 KB/min
    I/O other operations:1,449/sec
    1,671/min
    Resource allocations
    Threads:9
    12
    Handles:307
    600
    GUI GDI count:67
    103
    GUI GDI peak:74
    142
    GUI USER count:11
    49
    GUI USER peak:42
    71

    BehaviorsProcess properties

    Integrety level:Medium
    Platform:64-bit
    Command lines:
    • "C:\Program Files\expressfiles\expressdl.exe" 4092681750 0 magneC:?xt=urC:btiC:e2fc77cd29ddaf2c9439a262c836e73dfc0edc0e&dn=windows 7 ultimate fully activated genuine x86 x64 team ! m j r !&tr=udC://tracker.istole.iC:80/announce&tr=udC://tracker.openbittorrent.coC:80/announce&tr=httC://www.h33t.coC:3310/announce&tr=httC://9.rarbg.coC:2710/announce&tr=httC://bt.rutor.orC:2710/announce
    • "C:\Program Files\expressfiles\expressdl.exe" 2251253982 0 magneC:?xt=urC:btiC:9f783f251fe0b9b88833d058e1c33d9ee38b40b1&dn=cumfiesta annie whorehall serious sucking 01 15 2013&tr=udC://tracker.istole.iC:80/announce&tr=udC://tracker.openbittorrent.coC:80/announce&tr=httC://www.h33t.coC:3310/announce&tr=httC://9.rarbg.coC:2710/announce&tr=httC://bt.rutor.orC:2710/announce
    • "C:\Program Files\expressfiles\expressdl.exe" 1949815428 4 magneC:?xt=urC:btiC:b09067acff2f2075078f64220e514ed53b57cac5&dn=bob ross the joy of painting season 23&tr=udC://tracker.istole.iC:80/announce&tr=udC://tracker.openbittorrent.coC:80/announce&tr=httC://www.h33t.coC:3310/announce&tr=httC://9.rarbg.coC:2710/announce&tr=httC://bt.rutor.orC:2710/announce
    • "C:\Program Files\expressfiles\expressdl.exe" 3703203353 1 magneC:?xt=urC:btiC:6dcb91d396885b96c76ba180aed13642626f3c35&dn=bob ross the joy of painting season 31&tr=udC://tracker.istole.iC:80/announce&tr=udC://tracker.openbittorrent.coC:80/announce&tr=httC://www.h33t.coC:3310/announce&tr=httC://9.rarbg.coC:2710/announce&tr=httC://bt.rutor.orC:2710/announce
    • "C:\Program Files\expressfiles\expressdl.exe" 2826357532 1 magneC:?xt=urC:btiC:524c9c312f4723a9ae1b38e20b8bc1e5b0fd8dd2&dn=bob ross the joy of painting season 30&tr=udC://tracker.istole.iC:80/announce&tr=udC://tracker.openbittorrent.coC:80/announce&tr=httC://www.h33t.coC:3310/announce&tr=httC://9.rarbg.coC:2710/announce&tr=httC://bt.rutor.orC:2710/announce
    • "C:\Program Files\expressfiles\expressdl.exe" 1456486504 3 magneC:?xt=urC:btiC:a741e62093a5fd7b4fa709df483abbcfa8233eb1&dn=bob ross joy of painting season 27&tr=udC://tracker.istole.iC:80/announce&tr=udC://tracker.openbittorrent.coC:80/announce&tr=httC://www.h33t.coC:3310/announce&tr=httC://9.rarbg.coC:2710/announce&tr=httC://bt.rutor.orC:2710/announce
    • "C:\Program Files\expressfiles\expressdl.exe" 4290270910 0 magneC:?xt=urC:btiC:d43457462148749dbf377a0bdef7f3535a55268e&dn=bob ross the joy of painting season 25&tr=udC://tracker.istole.iC:80/announce&tr=udC://tracker.openbittorrent.coC:80/announce&tr=httC://www.h33t.coC:3310/announce&tr=httC://9.rarbg.coC:2710/announce&tr=httC://bt.rutor.orC:2710/announce
    • (7 more)
    Owner:User
    Parent process:expressfiles.exe (ExpressFiles Application by Faglaro Enterprises Limited)

    ResourcesThreads

    Averages
     
    expressdl.exe (main module)
    Total CPU:0.06932668%
    0.272967%
    Kernel CPU:0.02295912%
    0.107585%
    User CPU:0.04636756%
    0.165382%
    CPU cycles:4,399,679/sec
    5,741,424/sec
    Context switches:22/sec
    79/sec
    Memory:4.64 MB
    1.16 MB
    MSWSOCK.dll
    Total CPU:0.00048273%
    Kernel CPU:0.00024136%
    User CPU:0.00024136%
    CPU cycles:26,966/sec
    Memory:240 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Microsoft Windows XP 25.00%
    Windows 7 Ultimate 25.00%
    Windows 7 Home Premium 25.00%
    Windows 8 18.75%
    Windows 8.1 Pro Preview 6.25%

    Distribution by countryDistribution by country

    United States installs about 31.25% of ExpressDL Application.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Acer 28.57%
    Hewlett-Packard 28.57%
    Compaq 14.29%
    Dell 14.29%
    Samsung 7.14%
    GIGABYTE 7.14%
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE