home

fasterlight.ffupdate.dll

Follow Rules

FFUpdate is the Mozilla Firefox plugin manager for the Follow Rules branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module fasterlight.ffupdate.dll by Follow Rules has been detected as adware by 20 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Follow Rules  (signed and verified)

Version:
1.0.5563.40256

MD5:
0c9d2a88d0770f867c2038417604b5fd

SHA-1:
58cdb62adce48f5b89b5ebc15924ff27123d3c50

SHA-256:
4c6c1dde1e76cf5f06e6341879a99fa02b411f2ef1b0a61bf01a0c88473b7522

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/25/2024 6:49:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.CD
6339179

avast!
MSIL:BrowseFox-S [PUP]
150319-1

AVG
Generic
2016.0.3158

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.15327

Bitdefender
Adware.BrowseFox.CD
1.0.20.430

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Yontoo.1734
9.0.1.05190

Emsisoft Anti-Malware
Adware.BrowseFox.CD
9.0.0.4799

ESET NOD32
MSIL/BrowseFox.L potentially unwanted application
7.0.302.0

F-Prot
W32/S-18d1a68a
v6.4.7.1.166

F-Secure
Adware.BrowseFox.CD
5.13.68

G Data
Adware.BrowseFox.CD
15.3.25

K7 AntiVirus
Adware
13.202.15399

McAfee
Program.BrowseFox.g
16.8.708.2

MicroWorld eScan
Adware.BrowseFox.CD
16.0.0.258

NANO AntiVirus
Riskware.Win32.BPlug.djpkri
0.30.8.659

nProtect
Adware.BrowseFox.CD
15.03.27.01

Quick Heal
Adware.Updater.A3
3.15.14.00

Reason Heuristics
Adware.Yontoo.FollowRules
15.3.27.7

VIPRE Antivirus
Threat.4741131
38552

File size:
592.2 KB (606,448 bytes)

Product version:
1.0.5563.40256

Original file name:
FasterLight.FFUpdate2015032706.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\faster light\bin\plugins\fasterlight.ffupdate.dll

Digital Signature
Signed by:
Follow Rules

Authority:
VeriSign, Inc.

Valid from:
1/11/2015 1:00:00 AM

Valid to:
1/12/2016 12:59:59 AM

Subject:
CN=Follow Rules, O=Follow Rules, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
360C16AC576B09F5DFA927EA0089856F

File PE Metadata
Compilation timestamp:
3/27/2015 7:21:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:fxgF0oy/up8EofCVjnIrDL+WUW21OeUHRL7:fq9qrOW3YO5V7

Entry address:
0x93E62

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
584 KB (598,016 bytes)

Remove fasterlight.ffupdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.