Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

VersionsAdditional versions

2, 0, 0, 171 12.50%
2, 0, 0, 69 25.00%
2, 0, 0, 23 25.00%
2, 0, 0, 23 12.50%
2, 0, 0, 2 25.00%

Relationships

Parent process
Child processes
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
CryptHashData, CryptAcquireContextW
dnsapi.dll
DnsFree, DnsQuery_W
htmlayout.dll
HTMLayoutSetCallback, ValueStringData
kernel32.dll
GetVersion, ResetEvent, GetModuleFileNameW, GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess, QueryPerformanceCounter
ole32.dll
CoCreateInstance, CoInitializeEx
shell32.dll
Shell_NotifyIconW, ShellExecuteW
shlwapi.dll
SHSetValueA, SHDeleteValueW
user32.dll
GetSystemMetrics, DefWindowProcW
wininet.dll
HttpOpenRequestW, InternetCloseHandle

GoforFiles.exe

GoforFiles Application by Righway Technologies (Signed)

Remove GoforFiles.exe
Version:   2, 0, 0, 23
MD5:   defd411295765cb39285d2dd5b264f78
SHA1:   82b8a4569936ce9270f46fa3494ba7c5f7f0dccf
SHA256:   fd8c9eeda1fb0efe26ca233e0f1523b13486f8ac2ad16a6d5028fce6ba873809
Warning 4 antivirus scanners has detected malware.

Overview

goforfiles.exe is malware that executes as a process with the local user's privileges usually within the context of Windows Explorer. It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. It is installed with a couple of know programs including GoforFiles published by Righway Technologies, Inc, GoforFiles from Righway Technologies, Inc and GoforFiles by Righway Technologies, Inc. The file is digitally signed by Righway Technologies which was issued by the COMODO CA Limited certificate authority (CA).

DetailsDetails

File name:goforfiles.exe
Publisher:http://goforfiles.com/
Product name:GoforFiles Application
Typical file path:C:\Program Files\goforfiles\goforfiles.exe
File version:2, 0, 0, 23
Product version:2,0,0,0
Size:882.58 KB (903,760 bytes)
Build date:5/28/2013 5:35 AM
Certificate
Issued to:Righway Technologies
Authority (CA):COMODO CA Limited
Effective date:Tuesday, August 21, 2012
Expiration date:Saturday, August 22, 2015
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
GoforFiles
 Righway Technologies, Inc
  70% remove
GoforFiles bundles various adware toolbars including the Delta Search Toolbar (an adware toolbar that modifies the user's web browser home page, search settings and other settings).

BehaviorsBehaviors

Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Program Files\GoforFiles\GoforFiles.exe'
Network connections
Access through an approved Windows firewall exception
  • [TCP] 184.75.220.90:80

    • MalwareMalware detections

    Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
    Antivirus engineEngine versionDetection
    Bkav Security 1.3.0.4246 W32.HfsAuto.Fef5
    ESET NOD32 7.8813 a variant of Win32/YourFileDownloader.B
    Kingsoft 2013.4.9.267 Win32.Troj.Generic.a.(kcloud)
    VIPRE Antivirus 21568 ExpressFiles Installer (fs)

    ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00116397%
    0.028634%
    Kernel CPU:0.00052849%
    0.013761%
    User CPU:0.00063548%
    0.014873%
    Kernel CPU time:338,995,532 ms/min
    100,923,805ms/min
    CPU cycles:12,177,996/sec
    17,470,203/sec
    Context switches:13/sec
    284/sec
    Memory
    Private memory:20.81 MB
    21.59 MB
    Private (maximum):30.1 MB
    Private (minimum):22.3 MB
    Non-paged memory:20.81 MB
    21.59 MB
    Virtual memory:138.35 MB
    140.96 MB
    Virtual memory (peak):150.94 MB
    169.69 MB
    Working set:28.36 MB
    18.61 MB
    Working set (peak):31.75 MB
    37.95 MB
    Page faults:2,188,230/min
    2,039/min
    I/O
    I/O read transfer:1.49 MB/sec
    1.02 MB/min
    I/O read operations:59/sec
    343/min
    I/O write transfer:117.38 KB/sec
    274.99 KB/min
    I/O write operations:59/sec
    227/min
    I/O other transfer:1.56 KB/sec
    448.09 KB/min
    I/O other operations:190/sec
    1,671/min
    Resource allocations
    Threads:14
    12
    Handles:279
    600
    GUI GDI count:168
    103
    GUI GDI peak:169
    142
    GUI USER count:15
    49
    GUI USER peak:22
    71

    BehaviorsProcess properties

    Integrety level:High
    Platform:64-bit
    Command line:"C:\Program Files\goforfiles\goforfiles.exe"
    Owner:User
    Parent process:Explorer.EXE (Windows Explorer by Microsoft)

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 25.00%
    Windows 8.1 Pro Preview 12.50%
    Windows Vista Home Premium 12.50%
    Windows 7 Enterprise 12.50%
    Windows 7 Ultimate N 12.50%
    Windows 7 Ultimate 12.50%
    Microsoft Windows XP 12.50%

    Distribution by countryDistribution by country

    United States installs about 50.00% of GoforFiles Application.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Acer 33.33%
    Sony 33.33%
    Hewlett-Packard 33.33%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE