home

clockhand.ffupdate.dll

Clock Hand

FFUpdate is the Mozilla Firefox plugin manager for the Clock Hand branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module clockhand.ffupdate.dll by Clock Hand has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Clock Hand  (signed and verified)

Version:
1.0.5711.6580

MD5:
b1131d20343f698d39ac3b6149042546

SHA-1:
772d8e8aae15de3e2b49d434d71f4f3083a94e23

SHA-256:
884345358aa04d5b7193c114edcb0416c2863c14bcea9b8e209f1716868e3f3b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
6/3/2024 1:34:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
17.3.14.2

File size:
525.7 KB (538,352 bytes)

Product version:
1.0.5711.6580

Original file name:
2015082111.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\panda security\panda security protection\kosz\clockhand.ffupdate.dll

Digital Signature
Signed by:
Clock Hand

Authority:
VeriSign, Inc.

Valid from:
1/11/2015 1:00:00 AM

Valid to:
1/12/2016 12:59:59 AM

Subject:
CN=Clock Hand, O=Clock Hand, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
456A42223C623741F26F18A9D4223E47

File PE Metadata
Compilation timestamp:
8/21/2015 1:39:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x8349E

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
517.5 KB (529,920 bytes)

Remove clockhand.ffupdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.