» MegaBrowse.FFUpdate.dll
Overview
Analysis
File Details

MegaBrowse.FFUpdate.dll

Megabrowse

FFUpdate is the Mozilla Firefox plugin manager for the Megabrowse branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module MegaBrowse.FFUpdate.dll by Megabrowse has been detected as adware by 5 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

Megabrowse (signed and verified)

Version:

1.0.5283.26089

MD5:

44067364927a492d1040faef6e98fd9a

SHA-1:

725818cacd2e979afffee5b26e2e19e38940b121

SHA-256:

4d75b1e5420cabd9b6f1494cd669c0014768806a6c4ae1796a1bb9313e9abe3a

Scanner detections:

5 / 68

Status:

Adware

Explanation:

Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:

4/26/2024 10:12:56 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Megabrowse

2015.0.3400

Baidu Antivirus

Adware.MSIL.BrowseFox

4.0.3.14728

ESET NOD32

MSIL/BrowseFox (variant)

8.10160

Reason Heuristics

Adware.Yontoo.Megabrowse.S

14.7.28.11

Sophos

Browse Fox

4.98

File size:

448.9 KB (459,688 bytes)

Product version:

1.0.5283.26089

Original file name:

MegaBrowse.FFUpdate.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\mega browse\bin\plugins\megabrowse.ffupdate.dll

Digital Signature

Signed by:

Megabrowse

Authority:

COMODO CA Limited

Valid from:

5/7/2014 3:00:00 AM

Valid to:

5/8/2015 2:59:59 AM

Subject:

CN=Megabrowse, O=Megabrowse, STREET=10620 Treena Street Suite 230, L=San Diego, S=Ca, PostalCode=92131, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0CD194221ED016F035BD7BACA4027DC3

File PE Metadata

Compilation timestamp:

6/19/2014 6:29:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:EQ+VYlHrASbdplvIszy5xoGPZ7Y4xFEtJj:EQ+8rlN1y57PZRFEP

Entry address:

0x7037E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

441 KB (451,584 bytes)

Remove MegaBrowse.FFUpdate.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.