home

ffgogogo.exe

ffgogogo

Yang Liu

The application ffgogogo.exe by Yang Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address edge-atlas-shv-01-cai1.facebook.com on port 443.
Publisher:
Mozilla Corporation  (signed by Yang Liu)

Product:
ffgogogo

Version:
45.0.1

MD5:
a00c99453fbddc4636a280b732797fe1

SHA-1:
fb4da1a80c8c955061f3bc7508583e2d10c6d8a6

SHA-256:
1b141be069dff5862af560a9530b8145504049ba255a5470af1badc7ce1a6f03

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 10:39:21 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.FFElex (M)
16.9.27.21

File size:
380.7 KB (389,848 bytes)

Product version:
45.0.1

Copyright:
©Firefox and Mozilla Developers; available under the MPL 2 license.

Trademarks:
Firefox is a Trademark of The Mozilla Foundation.

Original file name:
ffgogogo.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ffgogogo browser\ffgogogo.exe

Digital Signature
Signed by:
Yang Liu

Authority:
thawte, Inc.

Valid from:
11/26/2015 1:00:00 AM

Valid to:
11/26/2016 12:59:59 AM

Subject:
CN=Yang Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
45C77D4C7C588AD215F9659DB245AF3F

File PE Metadata
Compilation timestamp:
3/18/2016 8:34:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:tE6NOx0JDOQp4yVR/SHdCzx5xoX3/Di6R/SHdCzxMaX:a6NOx0xOQpxo+03/Dip7aX

Entry address:
0x2CF5

Entry point:
E8, 15, 3C, 00, 00, E9, 7B, FE, FF, FF, 56, 6A, 04, 6A, 20, E8, 6C, 3F, 00, 00, 59, 59, 8B, F0, 56, FF, 15, 78, 50, 41, 00, A3, 38, D6, 41, 00, A3, 34, D6, 41, 00, 85, F6, 75, 05, 6A, 18, 58, 5E, C3, 83, 26, 00, 33, C0, 5E, C3, 6A, 0C, 68, 80, 9F, 41, 00, E8, 16, 3D, 00, 00, 83, 65, E4, 00, E8, 28, 32, 00, 00, 83, 65, FC, 00, FF, 75, 08, E8, 23, 00, 00, 00, 59, 8B, F0, 89, 75, E4, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 8B, C6, E8, 2D, 3D, 00, 00, C3, 8B, 75, E4, E8, 03, 32, 00, 00, C3, 55, 8B, EC...
 
[+]

Code size:
78.5 KB (80,384 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-cai1.fbcdn.net  (31.13.88.8:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-cai1.facebook.com  (31.13.88.4:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-cai1.facebook.com  (31.13.88.36:443)

TCP (HTTP SSL):
Connects to server-52-85-64-45.lhr5.r.cloudfront.net  (52.85.64.45:443)

TCP (HTTP SSL):
Connects to edge-atlas-shv-01-cai1.facebook.com  (31.13.88.11:443)

TCP (HTTP SSL):
Connects to ox-173-241-248-212.xf.dc.openx.org  (173.241.248.212:443)

TCP (HTTP):
Connects to vip0x054.map2.ssl.hwcdn.net  (209.197.3.84:80)

TCP (HTTP SSL):
Connects to ec2-52-39-24-163.us-west-2.compute.amazonaws.com  (52.39.24.163:443)

TCP (HTTP):
Connects to server-54-240-186-8.mad50.r.cloudfront.net  (54.240.186.8:80)

TCP (HTTP):
Connects to server-54-240-186-37.mad50.r.cloudfront.net  (54.240.186.37:80)

TCP (HTTP):
Connects to server-54-240-186-230.mad50.r.cloudfront.net  (54.240.186.230:80)

TCP (HTTP):
Connects to 51-15-145-132.rev.poneytelecom.eu  (51.15.145.132:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-waw1.fbcdn.net  (31.13.81.13:443)

TCP (HTTP SSL):
Connects to vip154.ssl.hwcdn.net  (205.185.208.154:443)

TCP (HTTP):
Connects to vip0x016.map2.ssl.hwcdn.net  (209.197.3.22:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to static.231.66.243.136.clients.your-server.de  (136.243.66.231:80)

TCP (HTTP SSL):
Connects to server-54-192-229-245.waw50.r.cloudfront.net  (54.192.229.245:443)

TCP (HTTP):
Connects to server-54-192-147-167.sfo4.r.cloudfront.net  (54.192.147.167:80)

TCP (HTTP SSL):
Connects to server-52-85-69-208.lhr5.r.cloudfront.net  (52.85.69.208:443)

Remove ffgogogo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.