plurpush.ffupdate.dll

PlurPush

FFUpdate is the Mozilla Firefox plugin manager for the PlurPush branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module plurpush.ffupdate.dll by PlurPush has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
PlurPush  (signed and verified)

Version:
1.0.5544.27585

MD5:
98f275b7a524d000ce9ec70bb6eeb3fc

SHA-1:
9b30d15c54eddd809d0d11395d24e39256675359

SHA-256:
113347ee52867f969996316e6859db47ad0b0e55f5778846e842fe11aa2a9338

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
12/24/2024 11:54:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.3.13.3

File size:
592.3 KB (606,488 bytes)

Product version:
1.0.5544.27585

Original file name:
PlurPush.FFUpdate2015030723.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\plurpush\bin\plugins\plurpush.ffupdate.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/19/2013 2:00:00 AM

Valid to:
9/20/2015 1:59:59 AM

Subject:
CN=PlurPush, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PlurPush, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
30ACE095C6EE9F3C39428EB86ECAFADF

File PE Metadata
Compilation timestamp:
3/8/2015 12:19:34 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

Entry address:
0x93E6A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.4674

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
584 KB (598,016 bytes)

Remove plurpush.ffupdate.dll - Powered by Reason Core Security