home

factfirebho.dll

Fact Fire

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module factfirebho.dll by Fact Fire has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Fact Fire 1.0.0.6’. This file is typically installed with the program Fact Fire by Yontoo Technology, Inc. which is a potentially unwanted software program.
Publisher:
Fact Fire  (signed and verified)

Product:
Fact Fire

Version:
1.0.0.6

MD5:
8c853f6a188e13b83f6d8464b32bb7b5

SHA-1:
1fc1bb62533b14765671f604edb0ae4f78e20d3c

SHA-256:
d67d80cbbc2aaf4c87d396936e4276461652d7f57d3249cdb78b1064368d33de

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/30/2024 3:33:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo.FactFire (M)
16.4.4.11

File size:
244.2 KB (250,096 bytes)

Product version:
1.0.0.6

Copyright:
(c) Fact Fire. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\fact fire\factfirebho.dll

Digital Signature
Signed by:
Fact Fire

Authority:
VeriSign, Inc.

Valid from:
11/19/2014 4:00:00 PM

Valid to:
11/20/2015 3:59:59 PM

Subject:
CN=Fact Fire, O=Fact Fire, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B70F89CFCCA24F1F741F575A33A7EDD

File PE Metadata
Compilation timestamp:
12/20/2014 5:06:10 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:EkBotTnyPiq3IXXwVk1G4PL07HjuDTci+cbIaIYmAUOgzW:E1TnyP73UK4LEYJbIvDOgzW

Entry address:
0x12854

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 80, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, E4, 77, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 0C, A5, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3582

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

Internet Explorer BHO
Display name:
Fact Fire 1.0.0.6

CLSID:
{38c0d1f5-ccbe-4c53-a15c-31d18578d439}


The file factfirebho.dll has been discovered within the following program.

Fact Fire  by Yontoo Technology, Inc.
Fact Fire is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.
firemyfacts.com/support
88% remove it
 
Powered by Should I Remove It?

The file factfirebho.dll has been seen being distributed by the following URL.

http://install-cdn.firemyfacts.com/bed?bet=InternetExplorer

Remove factfirebho.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.