home

fassurun.FFUpdate.dll

fassurun

FFUpdate is the Mozilla Firefox plugin manager for the fassurun branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module fassurun.FFUpdate.dll by fassurun has been detected as adware by 10 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
fassurun  (signed and verified)

Version:
1.0.5387.30586

MD5:
88ea1a3488c318123a2ffbedb54b37cc

SHA-1:
88dab017cab585f5f6dbe3aac9afbd897c7829fb

SHA-256:
f727ba14e3c152b7018262e2786aacf0084b565f0d964581ad6f06d0cf87f8da

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/26/2024 11:32:42 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.176.28

AVG
Fasuru
2015.0.3334

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14102

ESET NOD32
MSIL/BrowseFox.E potentially unwanted application
7.0.302.0

F-Prot
W32/A-db42cb3b
v6.4.7.1.166

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.3164

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.10.02.06

McAfee
BrowseFox.a
5600.6990

Reason Heuristics
Adware.Yontoo.fassurun.Q
14.10.2.6

VIPRE Antivirus
Threat.4741131
33120

File size:
450.8 KB (461,592 bytes)

Product version:
1.0.5387.30586

Original file name:
fassurun.FFUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\fassurun\bin\plugins\fassurun.ffupdate.dll

Digital Signature
Signed by:
fassurun

Authority:
VeriSign, Inc.

Valid from:
8/20/2013 5:00:00 PM

Valid to:
8/20/2015 4:59:59 PM

Subject:
CN=fassurun, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=fassurun, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6EA3A2D62F7379560AF4974E60282338

File PE Metadata
Compilation timestamp:
10/1/2014 10:59:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:yymV3hOHYBwk/HjrzjkhW+70w18ggISc3oDcVX7HsedaR1eY1mf:yymr8YBhv74Y+gorqKf7ndU5mf

Entry address:
0x70976

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6746

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
442.5 KB (453,120 bytes)

Remove fassurun.FFUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.