fasterlight.ffupdate.dll

Geowide

FFUpdate is the Mozilla Firefox plugin manager for the Geowide branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module fasterlight.ffupdate.dll by Geowide has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Geowide  (signed and verified)

Version:
1.0.5933.35597

MD5:
a22f173450aa0b59f723a428b11edfbf

SHA-1:
15779a95d881fb2156ea2fdf32be0f0516a93abf

SHA-256:
68e56868229f1b0e3a3f6a60f14881b009d2e3b30708ed16086fc0b7ade103f4

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
12/25/2024 12:17:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.3.5.10

File size:
561.7 KB (575,168 bytes)

Product version:
1.0.5933.35597

Original file name:
2016033103.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\faster light\bin\plugins\fasterlight.ffupdate.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/22/2015 5:30:00 AM

Valid to:
10/22/2016 5:29:59 AM

Subject:
CN=Geowide, O=Geowide, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6B25E4DFF2F8D2EFDD06E9082CE646FB

File PE Metadata
Compilation timestamp:
3/31/2016 9:16:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x8C502

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5069

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
553.5 KB (566,784 bytes)

Remove fasterlight.ffupdate.dll - Powered by Reason Core Security