home

webget.FFUpdate.dll

webget

FFUpdate is the Mozilla Firefox plugin manager for the webget branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module webget.FFUpdate.dll by webget has been detected as adware by 21 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
webget  (signed and verified)

Version:
1.0.5371.26232

MD5:
47b07dd81e78529beb61cd0d84ff9c5a

SHA-1:
c63cf9f2e913e05235563dd8e0dcb4afbb0a3b30

SHA-256:
02da3466384401362388627deb064dad8a110f9c406bbace4b20fdbc4f2755b3

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
4/19/2024 9:25:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.AD
865

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.173.122

avast!
Win32:BrowseFox-F [PUP]
2014.9-140922

AVG
Webet
2015.0.3343

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.14922

Bitdefender
Adware.SwiftBrowse.AD
1.0.20.1325

Dr.Web
Trojan.BPlug.161
9.0.1.0265

Emsisoft Anti-Malware
Adware.SwiftBrowse.AD
8.14.09.22.12

ESET NOD32
MSIL/BrowseFox (variant)
8.10444

F-Prot
W32/A-db42cb3b
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.AD
11.2014-22-09_2

G Data
Adware.SwiftBrowse.AD
14.9.24

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.3212

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.09.22.12

MicroWorld eScan
Adware.SwiftBrowse.AD
15.0.0.795

nProtect
Adware.SwiftBrowse.AD
14.09.19.01

Panda Antivirus
Trj/CI.A
14.09.22.12

Qihoo 360 Security
HEUR/QVM23.0.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.Yontoo.webget.O
14.9.22.12

Sophos
Browse Fox
4.98

VIPRE Antivirus
Yontoo
33272

File size:
449.3 KB (460,056 bytes)

Product version:
1.0.5371.26232

Original file name:
webget.FFUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\webget\bin\plugins\webget.ffupdate.dll

Digital Signature
Signed by:
webget

Authority:
VeriSign, Inc.

Valid from:
4/22/2014 8:00:00 AM

Valid to:
4/23/2015 7:59:59 AM

Subject:
CN=webget, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=webget, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2DDF0A91A7D2108F978BEB26D4734BBA

File PE Metadata
Compilation timestamp:
9/15/2014 11:34:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:X+r/k/n8HAe0KfPJ38MagEwOdI7ZXh60Vy3c7:XG/jHvjfPGMH7XhFVkc7

Entry address:
0x7038E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6782

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
441 KB (451,584 bytes)

Remove webget.FFUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.