home

FramedDisplay.BrowserAdapter.dll

Framed Display

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module FramedDisplay.BrowserAdapter.dll by Framed Display has been detected as adware by 10 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Framed Display  (signed and verified)

Version:
1.0.5414.13969

MD5:
49452a1c4616ffeab05203a9b2f40edb

SHA-1:
b3a9b7f7850f6cff250781e1cf772458d4abe103

SHA-256:
26f740dcab95f421c845277c4f220d331c5e89338e83fcb510ddf03ca6d94424

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/24/2024 8:10:51 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/BrowseFox.aog
7.11.181.240

AVG
Generic
2015.0.3305

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.141030

ESET NOD32
Win64/BrowseFox (variant)
8.10634

F-Prot
W32/A-44ec90a9
v6.4.7.1.166

IKARUS anti.virus
AdWare.SwiftBrowse
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.10.30.07

McAfee
BrowseFox.g
5600.6961

Reason Heuristics
Adware.Yontoo.FramedDisplay.BB
14.10.28.15

VIPRE Antivirus
Threat.4741131
34232

File size:
1 MB (1,087,224 bytes)

Product version:
1.0.5414.13969

Original file name:
FramedDisplay.BrowserAdapter.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\framed display\bin\plugins\frameddisplay.browseradapter.dll

Digital Signature
Signed by:
Framed Display

Authority:
VeriSign, Inc.

Valid from:
9/1/2014 7:00:00 PM

Valid to:
9/2/2015 6:59:59 PM

Subject:
CN=Framed Display, O=Framed Display, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0D3806B0A949749DBCBC82C1D4C58407

File PE Metadata
Compilation timestamp:
10/28/2014 10:45:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:vWgXAYWVq98WhxOpDr8+qLggIylkHRJ+UmM7RGEsykvG6J8A0i6yOFdmfyaJ/EA0:vFZSpYNI+km9wGXBWZZadzSC9Ey4v

Entry address:
0x1094CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 7E, 00, 00, 00, 10, 95, 10, 00, 10, 77, 10, 00, 52, 53, 44, 53, F7, 64, DF, BD, 0F, 69, AF, 49, 94, F5, 4A, C5, 5C, D6, 4B, A0, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 63, 72, 63, 32, 67, 76, 34, 6A, 2E, 68, 66, 66, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B...
 
[+]

Entropy:
7.7939

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1 MB (1,078,784 bytes)

Remove FramedDisplay.BrowserAdapter.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.