home

clearthink.ffupdate.dll

ClearThink

FFUpdate is the Mozilla Firefox plugin manager for the ClearThink branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module clearthink.ffupdate.dll by ClearThink has been detected as adware by 19 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
ClearThink  (signed and verified)

Version:
1.0.5468.28780

MD5:
8ce33520b8daabe3bb92f0b493b9a9fc

SHA-1:
825c57942972e15c7dc5e125ea4baf7d98d0a55d

SHA-256:
e6e1c867d4b52ea8237e3e281d8cb0249a464ed0d9e5bd63d7be03a70a3d789e

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/25/2024 4:14:22 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CN
6213306

AhnLab V3 Security
Win-PUP/BrowseFox.Gen
2014.12.22

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.197.26

AVG
Generic
2015.0.3253

Bitdefender
Adware.SwiftBrowse.CN
1.0.20.1780

Dr.Web
Trojan.Yontoo.119
9.0.1.05190

Emsisoft Anti-Malware
Adware.SwiftBrowse.CN
9.0.0.4668

ESET NOD32
MSIL/BrowseFox.L potentially unwanted application
7.0.302.0

F-Prot
W32/S-7aa9c30a
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.CN
5.13.68

G Data
Adware.SwiftBrowse.CN
14.12.24

IKARUS anti.virus
PUA.MSIL.BrowseFox
t3scan.1.8.5.0

K7 AntiVirus
Adware
13.188.14395

McAfee
Artemis!8CE33520B8DA
5600.6909

MicroWorld eScan
Adware.SwiftBrowse.CN
15.0.0.1068

Norman
Adware.SwiftBrowse.CN
04.12.2014 14:30:06

nProtect
Adware.SwiftBrowse.CN
14.12.19.01

Reason Heuristics
Adware.Yontoo.ClearThink.S
14.12.22.4

VIPRE Antivirus
Threat.4741131
35418

File size:
546.7 KB (559,856 bytes)

Product version:
1.0.5468.28780

Original file name:
ClearThink.FFUpdate2014122123.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\clearthink\bin\plugins\clearthink.ffupdate.dll

Digital Signature
Signed by:
ClearThink

Authority:
VeriSign, Inc.

Valid from:
10/9/2014 3:00:00 AM

Valid to:
8/6/2015 2:59:59 AM

Subject:
CN=ClearThink, O=ClearThink, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59B72B1DB71CE323997B1EAF80E12AAE

File PE Metadata
Compilation timestamp:
12/22/2014 2:59:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:bADXGva6v28bDM4CscalyX7FFgAvZXXiqMi:bxva6u8bDzC2cngOGi

Entry address:
0x8897E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.4930

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
538.5 KB (551,424 bytes)

Remove clearthink.ffupdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.