home

BooZaka.FFUpdate.dll

BooZaka

FFUpdate is the Mozilla Firefox plugin manager for the BooZaka branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module BooZaka.FFUpdate.dll by BooZaka has been detected as adware by 9 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
BooZaka  (signed and verified)

Version:
1.0.5379.11403

MD5:
d7aa568094daf984961f06a8ab110780

SHA-1:
1a5c9539cec544457ede0dde5bf70ff9c8b6de9b

SHA-256:
0c5fdfa06cbc6932c9f57c886459a9bf6cd11a21cd4f14a36482c32de6d1519c

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/25/2024 8:32:26 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.173.240

AVG
Generic
2015.0.3342

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.14923

ESET NOD32
MSIL/BrowseFox.E potentially unwanted application
7.0.302.0

F-Prot
W32/A-db42cb3b
v6.4.7.1.166

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.3207

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.09.23.03

Reason Heuristics
Adware.Yontoo.BooZaka.P
14.9.23.14

VIPRE Antivirus
Threat.4741131
33120

File size:
450.8 KB (461,592 bytes)

Product version:
1.0.5379.11403

Original file name:
BooZaka.FFUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\boozaka\bin\plugins\boozaka.ffupdate.dll

Digital Signature
Signed by:
BooZaka

Authority:
VeriSign, Inc.

Valid from:
3/18/2014 5:00:00 PM

Valid to:
3/19/2015 4:59:59 PM

Subject:
CN=BooZaka, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BooZaka, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
798D14F2EA94D165A332BEEBA73F4EE8

File PE Metadata
Compilation timestamp:
9/23/2014 12:20:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:UEJR8vHwM1Ub5/rEXNPdv5mL7B3cKF43jHMCxACpwg37xOX:UEJ+QM1UV4v6DSLLD3a

Entry address:
0x70942

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6722

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
442.5 KB (453,120 bytes)

Remove BooZaka.FFUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.