enhanceempire.ffupdate.dll

EnhanceEmpire

FFUpdate is the Mozilla Firefox plugin manager for the EnhanceEmpire branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module enhanceempire.ffupdate.dll by EnhanceEmpire has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
EnhanceEmpire  (signed and verified)

Version:
1.0.5603.34400

MD5:
5a80917e5534a2bc5fab3c2631abab55

SHA-1:
dff8cfeda4d7f0792f2222bf29dd44a340450350

SHA-256:
a6eccbe3d0b9fc1e23ad166aa4e4f222ef22eca8293d423f9eb10118a6078d24

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
12/25/2024 12:32:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.2.1.6

File size:
589.2 KB (603,384 bytes)

Product version:
1.0.5603.34400

Original file name:
EnhanceEmpire.FFUpdate2015050603.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\enhanceempire\bin\plugins\enhanceempire.ffupdate.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/23/2015 7:00:00 AM

Valid to:
6/22/2016 6:59:59 AM

Subject:
CN=EnhanceEmpire, O=EnhanceEmpire, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
32CFFB85120659D2A1307F263FF36E3C

File PE Metadata
Compilation timestamp:
5/6/2015 10:06:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

Entry address:
0x932AA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
581 KB (594,944 bytes)

Remove enhanceempire.ffupdate.dll - Powered by Reason Core Security