home

bho64.dll

Forge

Plugin Update SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The module bho64.dll by Plugin Update SL has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer.
Publisher:
trigger.io  (signed by Plugin Update SL)

Product:
Forge

Description:
Forge BHO

Version:
0.9.0.1

MD5:
a96e64fdbba795d90a4e2891550f8cb9

SHA-1:
9bca5627ec937fd2a56559df0cc2634716abc669

SHA-256:
beff2e95d3e88da0b85fa1ca9aca4122a023f7423c52c62c3341acee219298e1

Scanner detections:
4 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 8:04:38 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3342

Baidu Antivirus
Adware.Win32.SoftPulse
4.0.3.14923

Reason Heuristics
PUP.PluginUpdateSL.F
14.9.23.12

VIPRE Antivirus
Threat.4783235
33120

File size:
1011.2 KB (1,035,432 bytes)

Product version:
0.9.0.1

Copyright:
(c) 2012 trigger.io. All rights reserved.

Original file name:
forge.dll

File type:
Dynamic link library (Win64 DLL)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
English (United States)

Common path:
C:\Program Files\hostsecureplugin\bho64.dll

Digital Signature
Signed by:
Plugin Update SL

Authority:
GlobalSign nv-sa

Valid from:
6/12/2014 11:31:06 AM

Valid to:
6/13/2015 11:31:06 AM

Subject:
E=contact@pluginupdatesl.com, CN=Plugin Update SL, O=Plugin Update SL, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C2BF8ED71E96CCD55D3A79E92DAEAD78

Registration
CLSID:
{2B0183D6-3C22-4F0B-F62F-58AF52F66606}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
9/16/2013 3:51:43 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:0O73ozYGKnRxUfFtWDQHsmDFJQ5hnfAKGHSUJSbjDMArgob:H3ozYGwksKTQDUyUJS/70A

Entry address:
0x4CA68

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 7B, 6F, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, F5, E4, 09, 00, FF, 15, C7, 18, 06, 00, 48, 8B, 05, E0, E5, 09, 00, 48, 89, 44, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, 9B, D1, 02, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24...
 
[+]

Entropy:
6.2183

Code size:
691.5 KB (708,096 bytes)

Remove bho64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.