plainsavings.ffupdate.dll

Plain Savings

FFUpdate is the Mozilla Firefox plugin manager for the Plain Savings branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module plainsavings.ffupdate.dll by Plain Savings has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Plain Savings  (signed and verified)

Version:
1.0.5797.28959

MD5:
dbcd16d0f999ce840c3af02a153c9ae9

SHA-1:
c1ca886d53201a4637faf559bdf8903bf163af35

SHA-256:
b7e5f22dcf729d5f6f4978ed0d8c4902af72c55ffa3d11e4e5a7ab18ab33a625

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
12/25/2024 1:42:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.3.14.8

File size:
548.7 KB (561,912 bytes)

Product version:
1.0.5797.28959

Original file name:
2015111600.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\plain savings\bin\plugins\plainsavings.ffupdate.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/9/2015 9:00:00 PM

Valid to:
3/9/2016 8:59:59 PM

Subject:
CN=Plain Savings, O=Plain Savings, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3278FBA8062F9F07CFB8AF40EED9D7B1

File PE Metadata
Compilation timestamp:
11/15/2015 10:05:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x891E6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 08, 00, 0C, 00, 00, 00, E8, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
540.5 KB (553,472 bytes)

Remove plainsavings.ffupdate.dll - Powered by Reason Core Security