Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Additional versions
Relationships
Parent process
Related files
 PE file structure
|
Show functions |
Import table
advapi32.dll
RegisterEventSourceA, DeregisterEventSource
htmlayout.dll
HTMLayoutSetElementHtml, HTMLayout_UnuseElement
kernel32.dll
GetVersionExA, GetVersion, GetVersionExW, RaiseException, GetModuleFileNameW, GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess, TerminateThread
mswsock.dll
AcceptEx, GetAcceptExSockaddrs
ole32.dll
OleInitialize
shell32.dll
ShellExecuteW, SHBrowseForFolderW
shlwapi.dll
SHSetValueA, PathRemoveFileSpecW
user32.dll
IsWindowVisible, SendMessageW
goforfilesdl.exe
goforfilesdl Application by Righway Technologies (Signed)
| Version: | 2,0,0,0 |
| MD5: | 3cf3383eae09bab72e73cb6e0cd8b813 |
| SHA1: | 6efa59cbc05f14cabd5093cced497297312cd655 |
| SHA256: | 128930d9f1dc1a150a04b0029f5211a4fb37ab4882b8608586e40aa255e185b5 |
Warning 3 antivirus scanners has detected malware.
Overview
goforfilesdl.exe is malware that executes as a process with the local user's privileges typically within the context of its parent
goforfiles.exe (GoforFiles Application by Righway Technologies). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. It is installed with a couple of know programs including GoforFiles published by Righway Technologies, Inc, GoforFiles from Righway Technologies, Inc and GoforFiles by Righway Technologies, Inc.
Details
| File name: | goforfilesdl.exe |
| Publisher: | http://goforfiles.com/ |
| Product name: | goforfilesdl Application |
| Typical file path: | C:\Program Files\goforfiles\goforfilesdl.exe |
| File version: | 2,0,0,0 |
| Size: | 1.56 MB (1,638,544 bytes) |
| Certificate |
| Issued to: | Righway Technologies |
| Authority (CA): | COMODO CA Limited |
| Effective date: | Tuesday, August 21, 2012 |
| Expiration date: | Saturday, August 22, 2015 |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
|
Righway Technologies, Inc |
|
GoforFiles bundles various adware toolbars including the Delta Search Toolbar (an adware toolbar that modifies the user's web browser home page, search settings and other settings).
Behaviors
Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Program Files\GoforFiles\goforfilesdl.exe'
Network connections
Access through an approved Windows firewall exception
[TCP] 178.61.168.166:60688
[UDP] listens on port 59594
Malware detections
Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Dr.Web |
7.00.7.12100 |
Adware.Downware.1204 |
| Rising Antivirus |
25.0.0.11 |
PE:Malware.XPACK/RDM!5.1 |
| VIPRE Antivirus |
24566 |
ExpressFiles Installer (fs) |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00271118% | |
| Kernel CPU: | 0.00147942% | |
| User CPU: | 0.00123176% | |
| Kernel CPU time: | 345,183 ms/min | |
| CPU cycles: | 21,267,467/sec | |
| Memory |
| Private memory: | 37.11 MB | |
| Private (maximum): | 44.16 MB | |
| Private (minimum): | 26 MB | |
| Non-paged memory: | 37.11 MB | |
| Virtual memory: | 154.68 MB | |
| Virtual memory (peak): | 189.72 MB | |
| Working set: | 34.31 MB | |
| Working set (peak): | 44.3 MB | |
| Page faults: | 89,026/min | |
| I/O |
| I/O read transfer: | 612.32 KB/sec | |
| I/O read operations: | 38/sec | |
| I/O write transfer: | 622.26 KB/sec | |
| I/O write operations: | 57/sec | |
| I/O other transfer: | 418.88 KB/sec | |
| I/O other operations: | 1,046/sec | |
| Resource allocations |
| Threads: | 10 | |
| Handles: | 262 | |
| GUI GDI count: | 93 | |
| GUI GDI peak: | 101 | |
| GUI USER count: | 13 | |
| GUI USER peak: | 44 | |
Process properties
| Integrety level: | Medium |
| Platform: | 32-bit |
| Command line: | "C:\flv avi\goforfiles\goforfilesdl.exe" 2447999844 0 magneC:?xt=urC:btiC:ca34d7e77845ea5bbe724d6bc8a905120c79a258&dn=underworld: awakening 2012 720p brrip x264 650 02 mb yify&tr=httC://tracker.torrentbay.tC:6969/announce&tr=httC://tracker.torrentbay.tC:6969/announce&tr=httC://tracker.torrenty.orC:6969/announce&tr=udC://tracker.ccc.dC:80/announce&tr=udC://tracker.publicbt.coC:80/announce&tr=udC://tracker.openbittorrent.coC:80/announce |
| Owner: | User |
| Parent process: | goforfiles.exe (GoforFiles Application by Righway Technologies) |
Threads
Averages
| goforfilesdl.exe (main module) |
| Total CPU: | 0.44988810% | |
| Kernel CPU: | 0.18841647% | |
| User CPU: | 0.26147163% | |
| CPU cycles: | 8,548,025/sec | |
| Memory: | 4.44 MB | |
| MSWSOCK.dll |
| Total CPU: | 0.00051115% | |
| Kernel CPU: | 0.00015334% | |
| User CPU: | 0.00035780% | |
| CPU cycles: | 6,294/sec | |
| Memory: | 240 KB | |
| WINMM.dll |
| Total CPU: | 0.00005148% | |
| Kernel CPU: | 0.00005148% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 162/sec | |
| Memory: | 200 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
25.00% |
|
| Windows 7 Enterprise |
25.00% |
|
| Windows 7 Ultimate |
25.00% |
|
| Microsoft Windows XP |
25.00% |
|
Distribution by country
Brazil installs about 25.00% of goforfilesdl Application.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Sony |
50.00% |
|
| Acer |
25.00% |
|
| Hewlett-Packard |
25.00% |
|
