Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Additional versions
Relationships
Parent process
Related files
goforfilesdl.exe
goforfilesdl Application by Righway Technologies (Signed)
Version: | 2, 0, 0, 6 |
MD5: | 81292d58d06b6bdce14c7144625a6ea6 |
SHA1: | d0daad284010367245707b24344df4c7d0c4b54f |
SHA256: | 7d4cd649b2195f4726072eed20f169ed083dc6aa5251cf66a5eff1591c8dfd02 |
Warning 4 antivirus scanners has detected malware.
Overview
goforfilesdl.exe is malware that executes as a process with the local user's privileges typically within the context of its parent
goforfiles.exe (GoforFiles Application by Righway Technologies). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. It is installed with a couple of know programs including GoforFiles published by Righway Technologies, Inc, GoforFiles from Righway Technologies, Inc and GoforFiles by Righway Technologies, Inc.
Details
File name: | goforfilesdl.exe |
Publisher: | http://goforfiles.com/ |
Product name: | goforfilesdl Application |
Typical file path: | C:\Program Files\goforfiles\goforfilesdl.exe |
File version: | 2, 0, 0, 6 |
Product version: | 2,0,0,0 |
Size: | 1.55 MB (1,625,232 bytes) |
Certificate |
Issued to: | Righway Technologies |
Authority (CA): | COMODO CA Limited |
Effective date: | Tuesday, August 21, 2012 |
Expiration date: | Saturday, August 22, 2015 |
Digital DNA |
PE subsystem: | Windows GUI |
File packed: | No |
.NET CLR: | No |
More details
Programs
The following programs will install this file
|
Righway Technologies, Inc |
|
GoforFiles bundles various adware toolbars including the Delta Search Toolbar (an adware toolbar that modifies the user's web browser home page, search settings and other settings).
Behaviors
Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Program Files\GoforFiles\goforfilesdl.exe'
Network connections
Access through an approved Windows firewall exception
[TCP] client-86-29-33-38.glfd.adsl.virginmedia.com (86.29.33.38:6881)
[TCP] 219.84.215.195:16883
[UDP] listens on port 50681
[UDP] listens on port 53813
Malware detections
Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
Antivirus engine | Engine version | Detection |
Dr.Web |
8.13.4.20 |
Tool.DownLoader.52 |
Emsisoft Anti-Malware |
3.0.0.575 |
Trojan.Win32.YourFileDownloader.AMN (A) |
ESET NOD32 |
7.8247 |
Win32/YourFileDownloader.B |
Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0328 |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00419980% | |
Kernel CPU: | 0.00216890% | |
User CPU: | 0.00203090% | |
Kernel CPU time: | 1,075,527,335 ms/min | |
CPU cycles: | 21,561,664/sec | |
Memory |
Private memory: | 34.49 MB | |
Private (maximum): | 40.09 MB | |
Private (minimum): | 31.88 MB | |
Non-paged memory: | 34.49 MB | |
Virtual memory: | 136.6 MB | |
Virtual memory (peak): | 147.79 MB | |
Working set: | 39.81 MB | |
Working set (peak): | 40.19 MB | |
Page faults: | 262,846/min | |
I/O |
I/O read transfer: | 25.3 MB/sec | |
I/O read operations: | 1,636/sec | |
I/O write transfer: | 8.29 MB/sec | |
I/O write operations: | 615/sec | |
I/O other transfer: | 6 MB/sec | |
I/O other operations: | 5,868/sec | |
Resource allocations |
Threads: | 10 | |
Handles: | 245 | |
GUI GDI count: | 54 | |
GUI GDI peak: | 65 | |
GUI USER count: | 12 | |
GUI USER peak: | 30 | |
Process properties
Integrety level: | High |
Platform: | 64-bit |
Command lines: |
- "C:\Program Files\goforfiles\goforfilesdl.exe" 2272728996 0 magneC:?xt=urC:btiC:ddcfe243030f4d7e3a4fdd7e0342fb681acda18b&dn=game of thrones s03e10 720p hdtv x264 evolve&tr=httC://tracker.torrentbay.tC:6969/announce&tr=httC://tracker.torrentbay.tC:6969/announce&tr=httC://tracker.torrenty.orC:6969/announce&tr=udC://tracker.ccc.dC:80/announce&tr=udC://tracker.publicbt.coC:80/announce&tr=udC://tracker.openbittorrent.coC:80/announce
- "C:\Program Files\goforfiles\goforfilesdl.exe" 4273090998 0 magneC:?xt=urC:btiC:6a43a5f726107e545c727c265b64f0a85ebe6896&dn=dark shadows the collection 12&tr=httC://www.h33t.coC:3310/announce&tr=udC://tracker.publicbt.coC:80/announce
|
Owner: | User |
Parent process: | goforfiles.exe (GoforFiles Application by Righway Technologies) |
Threads
Averages
goforfilesdl.exe (main module) |
Total CPU: | 0.44292680% | |
Kernel CPU: | 0.21423998% | |
User CPU: | 0.22868682% | |
CPU cycles: | 9,755,578/sec | |
Memory: | 4.42 MB | |
WINMM.dll |
Total CPU: | 0.00031032% | |
Kernel CPU: | 0.00031032% | |
User CPU: | 0.00000000% | |
CPU cycles: | 1,641/sec | |
Memory: | 200 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
OS version | distribution |
Windows 7 Home Premium |
25.00% |
|
Windows 7 Enterprise |
25.00% |
|
Windows 7 Ultimate |
25.00% |
|
Microsoft Windows XP |
25.00% |
|
Distribution by country
Brazil installs about 25.00% of goforfilesdl Application.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Sony |
50.00% |
|
Acer |
25.00% |
|
Hewlett-Packard |
25.00% |
|