home

rightsurf.ffupdate.dll

RightSurf

FFUpdate is the Mozilla Firefox plugin manager for the RightSurf branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module rightsurf.ffupdate.dll by RightSurf has been detected as adware by 20 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
RightSurf  (signed and verified)

Version:
1.0.5501.30259

MD5:
9f82f2d7c4eec12bb4206775a2c7d5be

SHA-1:
686b556bf766e6341825083cc81d04c6f648ac9b

SHA-256:
1992d1b7967b90227294edee9931bafb915dc9346e321762d719a33d8468e6d9

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/25/2024 3:07:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.AU
6434017

AhnLab V3 Security
Win-PUP/BrowseFox.Gen
2015.01.25

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.204.248

avast!
Win32:BrowseFox-Z [PUP]
150101-1

AVG
Generic
2016.0.3219

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.15125

Bitdefender
Adware.BrowseFox.AU
1.0.20.125

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Yontoo.115
9.0.1.05190

Emsisoft Anti-Malware
Adware.BrowseFox.AU
9.0.0.4799

ESET NOD32
MSIL/BrowseFox.L potentially unwanted application
7.0.302.0

F-Prot
W32/S-7aa9c30a
v6.4.7.1.166

F-Secure
Adware.BrowseFox.AU
5.13.68

G Data
Adware.BrowseFox.AU
15.1.24

IKARUS anti.virus
PUA.MSIL.BrowseFox
t3scan.1.8.6.0

K7 AntiVirus
Adware
13.192.14746

MicroWorld eScan
Adware.BrowseFox.AU
16.0.0.75

nProtect
Adware.BrowseFox.AU
15.01.23.01

Reason Heuristics
Adware.Yontoo.RightSurf
15.1.25.1

VIPRE Antivirus
Threat.4741131
36694

File size:
546.7 KB (559,856 bytes)

Product version:
1.0.5501.30259

Original file name:
RightSurf.FFUpdate2015012400.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\rightsurf\bin\plugins\rightsurf.ffupdate.dll

Digital Signature
Signed by:
RightSurf

Authority:
VeriSign, Inc.

Valid from:
11/4/2014 5:30:00 AM

Valid to:
1/4/2016 5:29:59 AM

Subject:
CN=RightSurf, O=RightSurf, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1E8F736F9D4CC702BAD040A691E0353D

File PE Metadata
Compilation timestamp:
1/24/2015 6:18:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:4e4n9eMuNQrfs5KzBun+tleyPBnfMYx+5wpUXzWWQpG:4UKzBun+/dnfMf5YeQY

Entry address:
0x88962

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.4980

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
538.5 KB (551,424 bytes)

Remove rightsurf.ffupdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.