home

ClearThink.FFUpdate.dll

ClearThink

FFUpdate is the Mozilla Firefox plugin manager for the ClearThink branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module ClearThink.FFUpdate.dll by ClearThink has been detected as adware by 8 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
ClearThink  (signed and verified)

Version:
1.0.5352.37061

MD5:
2d98b524c6d6c1b0a0302a90189f1e2b

SHA-1:
cdb459e525f96fe3a4cd4ced85642c220320f542

SHA-256:
a9ccc425f5fb74c88c8c700fa93eef7906c8a1c64f6fd9e8b3c834c2956b2f26

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/20/2024 1:35:40 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3368

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14828

Dr.Web
Trojan.BPlug.161
9.0.1.05190

ESET NOD32
MSIL/BrowseFox.E potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.3335

Panda Antivirus
Trj/Chgt.E
14.08.28.11

Qihoo 360 Security
Win32/Virus.Adware.e4c
1.0.0.1015

Reason Heuristics
Adware.Yontoo.ClearThink.S
14.8.28.21

File size:
449.2 KB (460,016 bytes)

Product version:
1.0.5352.37061

Original file name:
ClearThink.FFUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\clearthink\bin\plugins\clearthink.ffupdate.dll

Digital Signature
Signed by:
ClearThink

Authority:
VeriSign, Inc.

Valid from:
8/4/2014 8:00:00 PM

Valid to:
8/5/2015 7:59:59 PM

Subject:
CN=ClearThink, O=ClearThink, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1200063ED04B1DA36F7FE204B3DD8617

File PE Metadata
Compilation timestamp:
8/27/2014 5:35:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:OBIaAj4+sAIJfiYVCvpiq8Gch/1YurNCaZmCetiXbeHs:Oma6svKnAG450a5etGl

Entry address:
0x703B6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6783

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
441 KB (451,584 bytes)

Remove ClearThink.FFUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.