» jumpflip.ffupdate.dll
Overview
Analysis
File Details

jumpflip.ffupdate.dll

Jump Flip

FFUpdate is the Mozilla Firefox plugin manager for the Jump Flip branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module jumpflip.ffupdate.dll by Jump Flip has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

Jump Flip (signed and verified)

Version:

1.0.5706.29186

MD5:

884f61ae08710226004f83bcf6a3ccac

SHA-1:

eaf050fd2051cb3d38df4e599be73a38ad640d18

SHA-256:

23df005c55e702cd43a711a89e210150a12bfa59750fbc397a004e80212230bb

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:

4/24/2024 11:55:12 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo.JumpFlip (M)

15.11.27.16

File size:

524.3 KB (536,864 bytes)

Product version:

1.0.5706.29186

Original file name:

2015081700.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\Program Files\jump flip\bin\plugins\jumpflip.ffupdate.dll

Digital Signature

Signed by:

Jump Flip

Authority:

VeriSign, Inc.

Valid from:

8/21/2013 8:00:00 PM

Valid to:

8/22/2015 7:59:59 PM

Subject:

CN=Jump Flip, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jump Flip, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

144CF0B61216826C7F439B5C91A6ABD6

File PE Metadata

Compilation timestamp:

8/16/2015 8:12:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:ZKNZBjxJlu2BpLiPwlUfIKKuioD4LP22dwf8t5DBu:ZKNZBjxJllsQUfIKKuZAP2Sk

Entry address:

0x82E9E

Entry point:

FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.7577

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

516 KB (528,384 bytes)

Remove jumpflip.ffupdate.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.