home

albrechto.FFUpdate.dll

albrechto

FFUpdate is the Mozilla Firefox plugin manager for the albrechto branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module albrechto.FFUpdate.dll by albrechto has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
albrechto  (signed and verified)

Version:
1.0.5144.37538

MD5:
9ca80ea2107240506101875f05b37bc6

SHA-1:
4cc597b0a5bdaea8e31d72b85df938f4050a46d4

SHA-256:
e102a355b3204f1e83b698ff44a49cbbb7e00191168ae13cf778ec66a9a16fb1

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/18/2024 3:27:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo.albrechto (M)
16.2.10.4

File size:
447.8 KB (458,528 bytes)

Product version:
1.0.5144.37538

Original file name:
albrechto.FFUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\albrechto\bin\plugins\albrechto.ffupdate.dll

Digital Signature
Signed by:
albrechto

Authority:
VeriSign, Inc.

Valid from:
9/18/2013 8:00:00 PM

Valid to:
9/19/2015 7:59:59 PM

Subject:
CN=albrechto, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=albrechto, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0AAC8B95EA7A39BA646CDEAEEB8F189B

File PE Metadata
Compilation timestamp:
1/31/2014 3:51:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:84VrHtwmzdOtKtM5fsxbHb8fPYKT9+FAJPvm:84VqMotKtWgKTuAJ

Entry address:
0x6FCDA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6800

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
439.5 KB (450,048 bytes)

Remove albrechto.FFUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.