» SaltarSmart.FFUpdate.dll
Overview
Analysis
File Details

SaltarSmart.FFUpdate.dll

SaltarSmart

FFUpdate is the Mozilla Firefox plugin manager for the SaltarSmart branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module SaltarSmart.FFUpdate.dll by SaltarSmart has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

SaltarSmart (signed and verified)

Version:

1.0.5123.1429

MD5:

cc6a647b57ed7e7eaf9aaf77da5abce9

SHA-1:

4ad1d8d85cc55b6b36db62794974c4cfd18116a1

SHA-256:

f7e94afa30bdeda19c123ad802b1d7bf9112ff4483723c5a8d41750eca71a7ef

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:

5/10/2024 5:11:40 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Yontoo.SaltarSmart (M)

16.2.13.11

File size:

447.3 KB (458,016 bytes)

Product version:

1.0.5123.1429

Original file name:

SaltarSmart.FFUpdate.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\Program Files\saltarsmart\bin\plugins\saltarsmart.ffupdate.dll

Digital Signature

Signed by:

SaltarSmart

Authority:

VeriSign, Inc.

Valid from:

8/13/2013 2:00:00 AM

Valid to:

8/14/2015 1:59:59 AM

Subject:

CN=SaltarSmart, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SaltarSmart, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

75908B9BAFC78AEAC30578D5193F6DC8

File PE Metadata

Compilation timestamp:

1/10/2014 1:47:48 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:rqL8jvEYGrCOzH5pnlWRL5uwg/CZkJEww7Cmp:ri8DUtzHbl0VuwcfJEwsp

Entry address:

0x6FA26

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

439 KB (449,536 bytes)

Remove SaltarSmart.FFUpdate.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.