plainsavings.ffupdate.dll

Plain Savings

FFUpdate is the Mozilla Firefox plugin manager for the Plain Savings branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module plainsavings.ffupdate.dll by Plain Savings has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Plain Savings  (signed and verified)

Version:
1.0.5760.14433

MD5:
56a8e3884f76006dd890a9c5ae44e37a

SHA-1:
a8b8a5ab3da47bbca19e29d23235a8f068f1f21a

SHA-256:
1385a93229003f1227a0830642b7a176077cd7c16d369d0ec74cff487106585d

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
12/25/2024 2:07:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
17.3.16.1

File size:
550.7 KB (563,960 bytes)

Product version:
1.0.5760.14433

Original file name:
2015100916.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\plain savings\bin\plugins\plainsavings.ffupdate.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/9/2015 9:00:00 PM

Valid to:
3/9/2016 8:59:59 PM

Subject:
CN=Plain Savings, O=Plain Savings, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3278FBA8062F9F07CFB8AF40EED9D7B1

File PE Metadata
Compilation timestamp:
10/9/2015 1:01:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x8980E

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
542.5 KB (555,520 bytes)

Remove plainsavings.ffupdate.dll - Powered by Reason Core Security