home

frameddisplay.dll

Framed Display

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module frameddisplay.dll by Framed Display has been detected as adware by 13 anti-malware scanners. This file is typically installed with the program Framed Display by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from install-cdn.frameddisplay.com.
Publisher:
Framed Display  (signed and verified)

Product:
Framed Display

Version:
1.0.0.3

MD5:
6efbf4c28b74d59b634cfb14aae46681

SHA-1:
45f6292b1fe09471545d63e6aeb021b332bfd027

SHA-256:
0b16513228a93751c1b9d8b40bd0bba719d4eb6b0b2988572d9d2da4571111f5

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
5/16/2024 10:22:45 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/BrowseFox.Gen2
7.11.180.208

AVG
BrowseFox.F
2015.0.3313

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.141023

Comodo Security
Application.Win32.BrowseFox.JM
19879

Dr.Web
Trojan.BPlug.168
9.0.1.0296

ESET NOD32
Win32/BrowseFox (variant)
8.10607

Malwarebytes
PUP.Optional.FramedDisplay.A
v2014.10.23.08

McAfee
BrowseFox
5600.6969

NANO AntiVirus
Trojan.Win32.BPlug.dgvlsq
0.28.2.62841

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.FramedDisplay.N
14.10.23.8

VIPRE Antivirus
Yontoo
34172

File size:
244.7 KB (250,616 bytes)

Product version:
1.0.0.3

Copyright:
(c) Framed Display. All rights reserved.

Original file name:
Framed DisplayIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\frameddisplay.dll

Digital Signature
Signed by:
Framed Display

Authority:
VeriSign, Inc.

Valid from:
9/1/2014 8:00:00 PM

Valid to:
9/2/2015 7:59:59 PM

Subject:
CN=Framed Display, O=Framed Display, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0D3806B0A949749DBCBC82C1D4C58407

File PE Metadata
Compilation timestamp:
10/22/2014 11:07:51 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:IfMossQKrFdN2VpQUEzAZ8sCgMlqFjjQZpWx+5IaIAEOM4cUl7VcX:I2sQKrYp6zpg7jSwWIb/4cUl7OX

Entry address:
0x12854

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, A0, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 64, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 2C, A5, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3541

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

The file frameddisplay.dll has been discovered within the following programs.

Framed Display  by Yontoo Technology, Inc.
This is an adware program.
frameddisplay.com/support
88% remove it
 
Powered by Should I Remove It?

The file frameddisplay.dll has been seen being distributed by the following URL.

http://install-cdn.frameddisplay.com/bed?bet=3

Remove frameddisplay.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.