home

SmarterPower.FFUpdate.dll

SmarterPower

FFUpdate is the Mozilla Firefox plugin manager for the SmarterPower branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module SmarterPower.FFUpdate.dll by SmarterPower has been detected as adware by 8 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
SmarterPower  (signed and verified)

Version:
1.0.5408.18896

MD5:
6ee0efc958b40d602d1745ea596c5a99

SHA-1:
4660d6fc5fa13a9848eb934af5c9675c42fac1fb

SHA-256:
5fb565f128e4ee4847d95396c1e88ff4ab9acf39a7424e6d6b5e64c272a32143

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/18/2024 3:22:04 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3313

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.141022

ESET NOD32
Win64/BrowseFox (variant)
8.10604

IKARUS anti.virus
AdWare.Agent
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.10.22.05

Reason Heuristics
Adware.Yontoo.SmarterPower.U
14.10.22.17

Sophos
Browse Fox
4.98

VIPRE Antivirus
Threat.4741131
33706

File size:
546.2 KB (559,352 bytes)

Product version:
1.0.5408.18896

Original file name:
SmarterPower.FFUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\smarterpower\bin\plugins\smarterpower.ffupdate.dll

Digital Signature
Signed by:
SmarterPower

Authority:
VeriSign, Inc.

Valid from:
8/5/2014 1:00:00 AM

Valid to:
8/6/2015 12:59:59 AM

Subject:
CN=SmarterPower, O=SmarterPower, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
38D7C83A73CB4E3AC85648608E3170D8

File PE Metadata
Compilation timestamp:
10/22/2014 7:29:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:xZkfkiyf2Gyj9IK7U7lC0mdXBQ4Coilr41TB+Orw0qx5Q:xluDJIKv0AxQfm1Tkyw0qPQ

Entry address:
0x8865A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 71, 00, 00, 00, 9C, 86, 08, 00, 9C, 68, 08, 00, 52, 53, 44, 53, 93, E4, 01, D6, D8, 87, 6D, 45, 91, 4B, 73, 27, 25, 6D, 5F, 70, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 78, 71, 6F, 6F, 66, 77, 73, 69, 2E, 31, 75, 64, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
538 KB (550,912 bytes)

Remove SmarterPower.FFUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.