home

boxrock.ffupdate.dll

Box Rock

FFUpdate is the Mozilla Firefox plugin manager for the Box Rock branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module boxrock.ffupdate.dll by Box Rock has been detected as adware by 27 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Box Rock  (signed and verified)

Version:
1.0.5563.11593

MD5:
4466849425ae9365e1ccf8635b2b59b7

SHA-1:
058d813cb7d4d54ac32f8c6abcc2097af6a786be

SHA-256:
69dda116bc392c68bb87bc16c676f453deb806ef74c02f5fef5f7182ad6827b9

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/19/2024 9:32:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.AT
674

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/BrowseFox.Gen7
3.6.1.96

avast!
Win32:BrowseFox-EZ [PUP]
2014.9-150401

AVG
Generic
2016.0.3152

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.1541

Bitdefender
Adware.BrowseFox.AT
1.0.20.455

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Yontoo.1734
9.0.1.091

Emsisoft Anti-Malware
Adware.BrowseFox.AT
8.15.04.01.01

ESET NOD32
MSIL/BrowseFox.L potentially unwanted (variant)
9.11397

F-Prot
W32/S-35d3e685
v6.4.7.1.166

F-Secure
Adware.BrowseFox.AT
11.2015-01-04_4

G Data
Adware.BrowseFox.AT
15.4.25

K7 AntiVirus
Adware
13.202.15421

McAfee
BrowseFox-FUT
5600.6808

MicroWorld eScan
Adware.BrowseFox.AT
16.0.0.273

NANO AntiVirus
Riskware.Win32.BPlug.djpkri
0.30.8.659

nProtect
Adware.BrowseFox.AT
15.03.27.01

Panda Antivirus
Trj/CI.A
15.04.01.01

Qihoo 360 Security
Win32/Virus.Adware.708
1.0.0.1015

Quick Heal
Adware.Updater.A3
4.15.14.00

Reason Heuristics
Adware.Yontoo.BoxRock
15.4.1.13

Sophos
Generic PUA AF
4.98

Trend Micro House Call
TROJ_GEN.R08NC0PCR15
7.2.91

Trend Micro
TROJ_GEN.R08NC0PCR15
10.465.01

VIPRE Antivirus
Yontoo
38892

File size:
600.2 KB (614,632 bytes)

Product version:
1.0.5563.11593

Original file name:
BoxRock.FFUpdate2015032614.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\box rock\bin\plugins\boxrock.ffupdate.dll

Digital Signature
Signed by:
Box Rock

Authority:
VeriSign, Inc.

Valid from:
10/7/2014 12:00:00 AM

Valid to:
10/2/2015 11:59:59 PM

Subject:
CN=Box Rock, O=Box Rock, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1125198B1C5DF8CC1185255178F1DAFC

File PE Metadata
Compilation timestamp:
3/26/2015 2:26:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:lAgE7AXb9rmYJpVQvdyVcnUb9B6zj+tSbkHyto6/ajzIwtZNO4:lAVQmU36zjuSme96t3O4

Entry address:
0x95E22

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
592 KB (606,208 bytes)

Remove boxrock.ffupdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.