home

AdvanceElite.FFUpdate.dll

AdvanceElite

FFUpdate is the Mozilla Firefox plugin manager for the AdvanceElite branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module AdvanceElite.FFUpdate.dll by AdvanceElite has been detected as adware by 17 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
AdvanceElite  (signed and verified)

Version:
1.0.5410.13693

MD5:
8340f5865869d86975b6d575cb5ce9b7

SHA-1:
576d0cc9f43e0879311f5f81429afa6fc299a3ba

SHA-256:
df6a4630dd99ad9f4dac807b367bafc808ba05aee380a8b1963d308ca0cb0e5f

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/26/2024 3:17:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CC
828

Avira AntiVirus
Adware/BrowseFox.Q.10
7.11.182.50

AVG
Generic
2015.0.3306

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.141030

Bitdefender
Adware.SwiftBrowse.CC
1.0.20.1515

Emsisoft Anti-Malware
Adware.SwiftBrowse.CC
8.14.10.30.10

ESET NOD32
Win64/BrowseFox (variant)
8.10641

F-Prot
W32/A-44ec90a9
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.CC
11.2014-30-10_5

G Data
Adware.SwiftBrowse.CC
14.10.24

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.10.30.10

McAfee
BrowseFox.g
5600.6962

MicroWorld eScan
Adware.SwiftBrowse.CC
15.0.0.909

nProtect
Adware.SwiftBrowse.CC
14.10.29.01

Reason Heuristics
Adware.Yontoo.AdvanceElite.U
14.10.29.3

Sophos
Generic PUA FH
4.98

VIPRE Antivirus
Threat.4741131
34232

File size:
546.2 KB (559,344 bytes)

Product version:
1.0.5410.13693

Original file name:
AdvanceElite.FFUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\advanceelite\bin\plugins\advanceelite.ffupdate.dll

Digital Signature
Signed by:
AdvanceElite

Authority:
VeriSign, Inc.

Valid from:
9/1/2014 7:00:00 PM

Valid to:
9/2/2015 6:59:59 PM

Subject:
CN=AdvanceElite, O=AdvanceElite, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4E2E56B75E7E0844E10D5BE52CDF0E39

File PE Metadata
Compilation timestamp:
10/24/2014 10:36:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:qlo9XKtnFJCdZ7Zniah6VrJg1ttezZo+2yd6DDEb0:qRanivrQtezZonyd6Dob0

Entry address:
0x8859A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 71, 00, 00, 00, DC, 85, 08, 00, DC, 67, 08, 00, 52, 53, 44, 53, E8, 28, CE, 01, EC, E7, D3, 43, B3, A6, E3, 90, 9E, 18, 93, 95, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 78, 65, 72, 6D, 34, 66, 7A, 6E, 2E, 65, 78, 63, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B...
 
[+]

Entropy:
7.4958

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
538 KB (550,912 bytes)

Remove AdvanceElite.FFUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.