» KrabWeb.FFUpdate.dll
Overview
Analysis
File Details

KrabWeb.FFUpdate.dll

Krab Web

FFUpdate is the Mozilla Firefox plugin manager for the Krab Web branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module KrabWeb.FFUpdate.dll by Krab Web has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

Krab Web (signed and verified)

Version:

1.0.5368.17668

MD5:

33da8b17fb3aeacd6d41db9c6747abd1

SHA-1:

1702ef225ab342053644bb73bd239853ee6e3dc8

SHA-256:

8be945055bad0695725a2c6950ea4cd2cb3825deb4486848fcd81fa148737eea

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:

12/3/2024 4:54:50 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Yontoo (M)

17.1.22.10

File size:

449.3 KB (460,064 bytes)

Product version:

1.0.5368.17668

Original file name:

KrabWeb.FFUpdate.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\Program Files\krab web\bin\plugins\krabweb.ffupdate.dll

Digital Signature

Signed by:

Krab Web

Authority:

DigiCert Inc

Valid from:

6/8/2014 7:00:00 PM

Valid to:

6/17/2015 7:00:00 AM

Subject:

CN=Krab Web, O=Krab Web, L=Santa Monica, S=California, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0572744C4944FF55FB05A9A82A78D271

File PE Metadata

Compilation timestamp:

9/12/2014 5:49:05 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x70386

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.6770

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

441 KB (451,584 bytes)

Remove KrabWeb.FFUpdate.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.