home

AdvanceElite.FFUpdate.dll

AdvanceElite

FFUpdate is the Mozilla Firefox plugin manager for the AdvanceElite branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module AdvanceElite.FFUpdate.dll by AdvanceElite has been detected as adware by 16 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
AdvanceElite  (signed and verified)

Version:
1.0.5410.39031

MD5:
7ff5eee14436f5075828d3ca0395e9cd

SHA-1:
b8b9f69cec57042797604efcb5bba398197f27b1

SHA-256:
ba800a1a5925bda6a2f531dcd9a5421ab042edc3ea8c12e2a5b6619b35afc7a2

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/24/2024 6:19:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CC
833

AVG
Generic
2015.0.3311

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.141025

Bitdefender
Adware.SwiftBrowse.CC
1.0.20.1490

Emsisoft Anti-Malware
Adware.SwiftBrowse.CC
8.14.10.25.08

ESET NOD32
Win64/BrowseFox (variant)
8.10617

F-Prot
W32/A-44ec90a9
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.CC
11.2014-25-10_7

G Data
Adware.SwiftBrowse.CC
14.10.24

IKARUS anti.virus
AdWare.Agent
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.10.25.08

McAfee
BrowseFox.g
5600.6967

MicroWorld eScan
Adware.SwiftBrowse.CC
15.0.0.894

nProtect
Adware.SwiftBrowse.CC
14.10.24.01

Reason Heuristics
Adware.Yontoo.AdvanceElite.U
14.10.25.8

VIPRE Antivirus
Yontoo
34232

File size:
546.2 KB (559,344 bytes)

Product version:
1.0.5410.39031

Original file name:
AdvanceElite.FFUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\advanceelite\bin\plugins\advanceelite.ffupdate.dll

Digital Signature
Signed by:
AdvanceElite

Authority:
VeriSign, Inc.

Valid from:
9/2/2014 2:00:00 AM

Valid to:
9/3/2015 1:59:59 AM

Subject:
CN=AdvanceElite, O=AdvanceElite, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4E2E56B75E7E0844E10D5BE52CDF0E39

File PE Metadata
Compilation timestamp:
10/25/2014 7:41:08 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:uw5M4iwNsaE+quFkfsx9keooOEE3+eE8Ralv:uXvERWf29kgNeE8Ra5

Entry address:
0x885D2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 71, 00, 00, 00, 14, 86, 08, 00, 14, 68, 08, 00, 52, 53, 44, 53, AE, 38, B3, 9E, 5B, 49, 76, 41, 9B, 0F, 3B, 37, B6, 4E, D7, 0F, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 71, 64, 65, 6C, 6B, 72, 67, 77, 2E, 35, 72, 61, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
538 KB (550,912 bytes)

Remove AdvanceElite.FFUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.