Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

2, 0, 0, 38 4.55%
2, 0, 0, 38 13.64%
2, 0, 0, 38 9.09%
2, 0, 0, 38 4.55%
2, 0, 0, 38 13.64%
1, 0, 3, 1 4.55%
1, 0, 3, 1 36.36%
1, 0, 3, 1 9.09%
1, 0, 3, 1 4.55%

Relationships

Parent process
Child process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
CryptGetHashParam, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, CryptAcquireContextW, CryptReleaseContext, CryptCreateHash, CryptDestroyHash, CryptHashData
dnsapi.dll
DnsQuery_W, DnsFree
htmlayout.dll
HTMLayoutSetCallback, HTMLayoutWindowAttachEventHandler, HTMLayoutGetRootElement, HTMLayoutLoadHtml, HTMLayoutSetAttributeByName, HTMLayoutCallBehaviorMethod, HTMLayoutUpdateWindow, HTMLayoutSetElementHtml, HTMLayoutUpdateElement, HTMLayout_UseElement, HTMLayoutSetElementInnerText16, HTMLayoutControlSetValue, ValueStringDataSet, ValueClear, ValueInit, HTMLayoutGetAttributeByName, HTMLayoutGetElementText, HTMLayoutControlGetValue, ValueStringData, HTMLayoutVisitElements, HTMLayout_UnuseElement, HTMLayoutProcND, HTMLayoutDataReady
kernel32.dll
TlsGetValue, TlsSetValue, TlsFree, SetLastError, LCMapStringW, HeapFree, HeapSize, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, HeapCreate, QueryPerformanceCounter, GetConsoleCP, GetConsoleMode, GetStringTypeW, RtlUnwind, TlsAlloc, IsValidCodePage, GetOEMCP, GetACP, InterlockedIncrement, GetCPInfo, GetTimeZoneInformation, IsProcessorFeaturePresent, HeapAlloc, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetStartupInfoW, HeapSetInformation, GetCommandLineA, DecodePointer, EncodePointer, GetDateFormatW, GetTimeFormatW, GetSystemTimeAsFileTime, RaiseException, LoadLibraryA, FreeLibrary, LocalFree, LocalAlloc, LoadLibraryW, SetStdHandle, WriteConsoleW, FlushFileBuffers, CompareStringW, SetEnvironmentVariableA, lstrlenA, HeapReAlloc, VirtualFree, VirtualAlloc, InitializeCriticalSection, LeaveCriticalSection, GetLastError, EnterCriticalSection, DeleteCriticalSection, GetFileSize, SetFilePointer, VirtualQuery, WriteFile, WideCharToMultiByte, ReadFile, CreateFileW, MultiByteToWideChar, OutputDebugStringA, CloseHandle, GetCurrentProcessId, InterlockedDecrement, FindResourceW, LoadResource, Sleep, SizeofResource, LockResource, CreateThread, GetPrivateProfileSectionNamesW, FindFirstFileW, GetUserDefaultLCID, GetPrivateProfileStringW, GetLocaleInfoW, GetModuleFileNameW, FindClose, FindNextFileW, GetTickCount, GetTempPathW, GetCurrentThreadId, GetVersion, GetModuleHandleW, GetProcAddress, CreateDirectoryW, MapViewOfFile, WaitForSingleObject, SetEvent, CreateEventA, ResetEvent, CreateFileMappingA, OpenEventA, OpenFileMappingA, ExitProcess, WritePrivateProfileStructA, UnmapViewOfFile, GetPrivateProfileStructA, GetPrivateProfileSectionNamesA, FindResourceA, FreeResource, CreateEventW, InterlockedExchange, GetCommandLineW, CreateMutexW
ole32.dll
CoUninitialize, CoSetProxyBlanket, CoCreateInstance, CoInitializeEx
shell32.dll
ShellExecuteW, Shell_NotifyIconW, SHGetSpecialFolderPathW, ShellExecuteA, ShellExecuteExW, SHGetSpecialFolderPathA
shlwapi.dll
SHGetValueA, SHGetValueW, SHSetValueW, PathFindFileNameW, PathRemoveFileSpecW, StrStrIW, SHDeleteValueW, StrCmpIW, SHSetValueA
user32.dll
RegisterClassExW, LoadIconW, AppendMenuW, GetCursorPos, GetForegroundWindow, CreateWindowExW, DestroyMenu, GetWindowThreadProcessId, MessageBoxA, FindWindowExA, GetWindowRect, PostQuitMessage, MessageBoxW, IsWindowVisible, FindWindowExW, SetForegroundWindow, SendMessageW, SetTimer, KillTimer, FindWindowW, GetClientRect, SetWindowPos, SetLayeredWindowAttributes, ShowWindow, GetSystemMetrics, DefWindowProcW, LoadCursorW, AttachThreadInput, PostMessageW, RegisterWindowMessageW, TrackPopupMenu, DispatchMessageW, TranslateMessage, GetMessageW, CreatePopupMenu
wininet.dll
InternetReadFile, InternetSetCookieW, InternetCrackUrlW, InternetConnectW, HttpSendRequestW, HttpAddRequestHeadersW, HttpOpenRequestW, HttpSendRequestA, InternetCloseHandle, HttpQueryInfoW

ExpressFiles.exe

ExpressFiles Application by Faglaro Enterprises Limited (Signed)

Remove ExpressFiles.exe
Version:   2, 0, 0, 38
MD5:   764e3ace94613b68d3df6d5c49cbcf8f
SHA1:   54f08985abe0e29943be4adb1cabfe75eb239e55
SHA256:   aba5981fdf07e7abdf37155970780553b41a0e27ba1b6eacce54c21a1029787b
Warning 6 antivirus scanners has detected malware.

About ExpressFiles.exe (from Faglaro Enterprises Limited)

It's all-in-one product. Easy to use instant built-in search tool usefully sorts your results and download manager is so handy. With our prod- uct you can find any content of any subject that interest

Overview

expressfiles.exe is malware that executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. It is installed with a couple of know programs including ExpressFiles published by Express Solutions, ExpressFiles from Express Solutions and ExpressFiles by Express Solutions.

DetailsDetails

File name:expressfiles.exe
Publisher:http://www.express-files.com/
Product name:ExpressFiles Application
Typical file path:C:\Program Files\expressfiles\expressfiles.exe
File version:2, 0, 0, 38
Product version:2,0,0,0
Size:907.5 KB (929,280 bytes)
Build date:7/18/2013 8:45 AM
Certificate
Issued to:Faglaro Enterprises Limited
Authority (CA):COMODO CA Limited
Effective date:Friday, December 16, 2011
Expiration date:Sunday, December 16, 2012
Digital DNA
File packed:Yes
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
ExpressFiles
 Express Solutions
  61% remove
No settings, no complications, unimaginable speed, with minimum effort and maximum simplicity! User-friendly interface anyone can manage. Built-in instant search tool with an amazingly intelligent algorithm! It's absolutely free. And, we are con- stantly working to make our product better. Ask why? It's simple! We like to make the Internet better, and staying there pleasant. It's totally unique. Very simple inter- face is specifically d...

BehaviorsBehaviors

Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Program Files\ExpressFiles\ExpressFiles.exe'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'ExpressFiles' → "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
Scheduled tasks
  • Entry path '\{BFAF2D74-DB08-4F3D-AB6B-7DF62D0C62C2}'
  • Entry path '\{B9DF4A07-7A8D-4334-B6CF-A293B9D964F6}'
  • Entry path '\{1A028AAB-E024-4B1F-8E9C-0DF4B06F55E7}'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 6 of them detected the following malware.
Antivirus engineEngine versionDetection
avast! 8.0.1489.320 Win32:Expressfiles-C [PUP]
ESET NOD32 7.8890 a variant of Win32/ExpressFiles.A
Kingsoft 2013.4.9.267 Win32.Troj.Generic.a.(kcloud)
McAfee 5.600.1067 Artemis!764E3ACE9461
McAfee Gateway Anti-Malware v2013-dat Artemis!764E3ACE9461
VIPRE Antivirus 22196 ExpressFiles Installer (fs)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00401321%
0.028634%
Kernel CPU:0.00251571%
0.013761%
User CPU:0.00149750%
0.014873%
Kernel CPU time:34,782 ms/min
100,923,805ms/min
CPU cycles:4,102,110/sec
17,470,203/sec
Context switches:34/sec
284/sec
Memory
Private memory:16.11 MB
21.59 MB
Private (maximum):23.88 MB
Private (minimum):17.1 MB
Non-paged memory:16.11 MB
21.59 MB
Virtual memory:112.18 MB
140.96 MB
Virtual memory (peak):130.47 MB
169.69 MB
Working set:18.96 MB
18.61 MB
Working set (peak):25.55 MB
37.95 MB
Page faults:2,563,812/min
2,039/min
I/O
I/O read transfer:16.47 MB/sec
1.02 MB/min
I/O read operations:952/sec
343/min
I/O write transfer:1.85 MB/sec
274.99 KB/min
I/O write operations:949/sec
227/min
I/O other transfer:1.69 KB/sec
448.09 KB/min
I/O other operations:4,648/sec
1,671/min
Resource allocations
Threads:12
12
Handles:260
600
GUI GDI count:150
103
GUI GDI peak:160
142
GUI USER count:14
49
GUI USER peak:20
71

BehaviorsProcess properties

Integrety level:Medium
Platform:64-bit
Command line:"C:\Program Files\expressfiles\expressfiles.exe"
Owner:User
Parent process:explorer.exe (Windows Explorer by Microsoft Corporation)

ResourcesThreads

Averages
 
ExpressFiles.exe (main module)
Total CPU:0.22945845%
0.272967%
Kernel CPU:0.05327892%
0.107585%
User CPU:0.17617953%
0.165382%
CPU cycles:14,660,085/sec
5,741,424/sec
Context switches:13/sec
79/sec
Memory:936 KB
1.16 MB
WINMM.dll
Total CPU:0.00023820%
Kernel CPU:0.00000000%
User CPU:0.00023820%
CPU cycles:40,959/sec
Context switches:1/sec
Memory:200 KB
ntdll.dll
Total CPU:0.00011899%
Kernel CPU:0.00000000%
User CPU:0.00011899%
CPU cycles:969/sec
Memory:1.23 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 45.45%
Microsoft Windows XP 22.73%
Windows 7 Home Premium 13.64%
Windows 8 9.09%
Windows 8.1 Pro Preview 4.55%
Windows 8 Pro 4.55%

Distribution by countryDistribution by country

United Kingdom installs about 22.73% of ExpressFiles Application.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 21.43%
Gateway 14.29%
Compaq 14.29%
Acer 14.29%
Dell 14.29%
Samsung 7.14%
GIGABYTE 7.14%
American Megatrends 7.14%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE