» focusbasebho.dll
Overview
Analysis
File Details
Programs (1)

focusbasebho.dll

focusbase

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module focusbasebho.dll by focusbase has been detected as adware by 35 anti-malware scanners. This file is typically installed with the program focusbase by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

focusbasebho.dll

Publisher:

focusbase (signed and verified)

Product:

focusbase

Version:

1.0.0.3

MD5:

32f149e60f67a55ac8d57857b90e058d

SHA-1:

61016569887336f034e660233d12025ec0d066f7

SHA-256:

7b39d471ef44847e02de4b87d220c44f97695ae092f80712ca54f333e451e72d

Scanner detections:

35 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/25/2024 1:43:20 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.BHO.Agent.4

826

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

Adware/Win32.Agent

2014.08.05

Avira AntiVirus

APPL/BrowseFox.Gen2

7.11.170.40

avast!

Win32:BrowseFox-AW [PUP]

2014.9-141101

AVG

BrowseFox.F

2015.0.3304

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.14111

Bitdefender

Gen:Variant.Adware.BHO.Agent.4

1.0.20.1525

Clam AntiVirus

Win.Adware.Agent-8025

0.98/21411

Comodo Security

Application.Win32.Altbrowse.AK

19083

Dr.Web

Trojan.BPlug.141

9.0.1.0305

Emsisoft Anti-Malware

Gen:Variant.Adware.BHO.Agent

8.14.11.01.02

ESET NOD32

Win32/BrowseFox (variant)

8.10339

Fortinet FortiGate

Adware/Agent

11/1/2014

F-Prot

W32/BadBHO.AW.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.BHO.Agent.4

11.2014-01-11_7

G Data

Gen:Variant.Adware.BHO.Agent

14.11.24

IKARUS anti.virus

AdWare.BrowseFox

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.180.12626

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.3015

Malwarebytes

PUP.Optional.FocusBase.A

v2014.11.01.02

McAfee

Artemis!32F149E60F67

5600.6960

MicroWorld eScan

Gen:Variant.Adware.BHO.Agent.4

15.0.0.915

NANO AntiVirus

Trojan.Win32.BPlug.ddwtte

0.28.2.61861

nProtect

Trojan-Clicker/W32.Agent.249632.B

14.08.04.01

Panda Antivirus

Adware/BrowserFox

14.11.01.02

Qihoo 360 Security

HEUR/Malware.QVM30.Gen

1.0.0.1015

Quick Heal

AdWare.Agent.r5 (Not a Virus)

11.14.14.00

Reason Heuristics

Adware.Yontoo.focusbase.M

14.11.1.2

Sophos

Generic PUA PE

4.98

SUPERAntiSpyware

Adware.BrowseFox/Variant

10265

Trend Micro House Call

Suspicious_GEN.F47V0808

7.2.305

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

VIPRE Antivirus

Yontoo

32674

Zillya! Antivirus

Adware.Agent.Win32.9068

2.0.0.1835

File size:

244.3 KB (250,144 bytes)

Product version:

1.0.0.3

Original file name:

focusbaseIEClient.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\focusbase\focusbasebho.dll

Digital Signature

Signed by:

focusbase

Authority:

VeriSign, Inc.

Valid from:

4/22/2014 4:00:00 AM

Valid to:

4/23/2015 3:59:59 AM

Subject:

CN=focusbase, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=focusbase, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

229BE95AFAF17766126629CC0A897C5F

File PE Metadata

Compilation timestamp:

8/26/2014 2:05:09 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:g9Botzn5MrRY/xRyklvnnDjuDTci+G3IaIDVdfRxu:gGzn5MtY/LyJjI55Rxu

Entry address:

0x12854

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 80, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 24, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 0C, A5, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.3615

Developed / compiled with:

Microsoft Visual C++

Code size:

159 KB (162,816 bytes)

The file focusbasebho.dll has been discovered within the following program.

focusbase by Yontoo Technology, Inc.

focusbase is an adware web browser extension that is display banners ads as well as contextual link ads . The ads are injected by the web browser plugin (IE, FF and Chrome) and will display on any web site, even those not associated or affiliated with the publisher.

focusbase.info/support

87% remove it

Remove focusbasebho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.