ExpressFiles.exe
ExpressFiles Application by Faglaro Enterprises Limited (Signed)
Warning 15 antivirus scanners has detected malware in various versions of ExpressFiles.exe.
Overview
There are 9 versions of expressfiles.exe in the wild, the latest version being 2, 0, 0, 38. expressfiles.exe is run as a standard windows process with the logged in user's account privileges. During installation, a run registry key for all users is added that will cause the program to run each time any user logs on to Windows. The average file size is about 696.75 KB. The file is a digitally signed and issued to Faglaro Enterprises Limited by COMODO CA Limited. Some variations of the file have been seen to be installed with the program ExpressFiles from Express Solutions. During the process's lifecycle, the typical CPU resource utilization is about 0.0050% including both foreground and background operations, the average private memory consumption is about 20.28 MB with the maximum memory reaching around 27.43 MB. Addionally, typically read and write I/O disk operations is about 23.01 MB per minute for reads and 1.87 MB per minute for writes.
About expressfiles.exe (from Faglaro Enterprises Limited)
“It's all-in-one product. Easy to use instant built-in search tool usefully sorts your results and download manager is so handy. With our prod- uct you can find any content of any subject that interest”
 Details
|
| File name: | expressfiles.exe |
| Publisher: | http://www.express-files.com/ |
| Product name: | ExpressFiles Application |
| Typical file path: | C:\Program Files\expressfiles\expressfiles.exe |
| Certificate |
| Issued to: | Faglaro Enterprises Limited |
| Authority (CA): | COMODO CA Limited |
| Effective date: | Friday, December 16, 2011 |
| Expiration date: | Sunday, December 16, 2012 |
Programs installed in
(Note, the programs listed below are for all versions of ExpressFiles Application.)
“No settings, no complications, unimaginable speed, with minimum effort and maximum simplicity! User-friendly interface anyone can manage. Built-in instant search tool with an amazingly intelligent alg...”
Behaviors
(Note, the behaviors below are for all versions of expressfiles.exe, select a unique version for details.)
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Program Files\ExpressFiles\ExpressFiles.exe'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'ExpressFiles' → "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
Scheduled tasks
- Entry path '\{BFAF2D74-DB08-4F3D-AB6B-7DF62D0C62C2}'
- Entry path '\{B9DF4A07-7A8D-4334-B6CF-A293B9D964F6}'
- Entry path '\{1A028AAB-E024-4B1F-8E9C-0DF4B06F55E7}'
Malware detections
Based on 40+ industry antivirus scanners, 15 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| avast! |
8.0.1489.320 |
Win32:Expressfiles-C [PUP] |
2, 0, 0, 38 |
| avast! |
8.0.1489.320 |
Win32:Expressfiles-C [PUP] |
2, 0, 0, 38 |
| Dr.Web |
7.0.1.02210 |
DLOADER.Trojan |
1, 0, 3, 1 |
| ESET NOD32 |
7.7609 |
a variant of Win32/ExpressFiles.A |
1, 0, 3, 1 |
| ESET NOD32 |
7.7839 |
a variant of Win32/ExpressFiles.A |
1, 0, 3, 1 |
| ESET NOD32 |
7.8486 |
a variant of Win32/ExpressFiles.A |
2, 0, 0, 38 |
| ESET NOD32 |
7.8601 |
a variant of Win32/ExpressFiles.A |
2, 0, 0, 38 |
| ESET NOD32 |
7.8890 |
a variant of Win32/ExpressFiles.A |
2, 0, 0, 38 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
2, 0, 0, 38 |
| McAfee |
5.600.1067 |
Artemis!764E3ACE9461 |
2, 0, 0, 38 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!764E3ACE9461 |
2, 0, 0, 38 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0829 |
1, 0, 3, 1 |
| VIPRE Antivirus |
19016 |
ExpressFiles Installer (fs) |
2, 0, 0, 38 |
| VIPRE Antivirus |
19816 |
ExpressFiles Installer (fs) |
2, 0, 0, 38 |
| VIPRE Antivirus |
22196 |
ExpressFiles Installer (fs) |
2, 0, 0, 38 |
All file variations of expressfiles.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
45.45% |
|
| Microsoft Windows XP |
22.73% |
|
| Windows 7 Home Premium |
13.64% |
|
| Windows 8 |
9.09% |
|
| Windows 8.1 Pro Preview |
4.55% |
|
| Windows 8 Pro |
4.55% |
|
Distribution by country
United Kingdom installs about 22.73% of ExpressFiles Application.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
21.43% |
|
| Gateway |
14.29% |
|
| Compaq |
14.29% |
|
| Acer |
14.29% |
|
| Dell |
14.29% |
|
| Samsung |
7.14% |
|
| GIGABYTE |
7.14% |
|
| American Megatrends |
7.14% |
|
