» frameworkbho.dll
Overview
Analysis
File Details
Behaviors (1)

frameworkbho.dll

Framework

Alluring Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Alluring Apps has been detected as adware by 8 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Coupon Server BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkbho.dll

Publisher:

Alluring Apps (signed and verified)

Product:

Framework

Description:

FrameworkBHO

Version:

1.1.0.0

MD5:

f1ce35268b54c1e547777157b94d6e4e

SHA-1:

14743aaec538ea13e5e0c57035312c5f0547eaef

SHA-256:

c9499bbaa9ef6cf09e6bd04177d35866775574e2cdb5ad2a57150f02799be437

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/25/2024 7:18:04 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.SmartApps

7.1.1

AVG

Adware AdPlugin

2017.0.2851

ESET NOD32

Win32/AdWare.SmartApps.B application

10.7.0.302.0

IKARUS anti.virus

AdWare.DealDropper

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.191.14726

Reason Heuristics

Adware.GamePlayLabs.50OnRed (M)

16.1.27.20

Trend Micro House Call

TROJ_GEN.F47V0310

7.2.27

VIPRE Antivirus

GamePlayLabs

22968

File size:

282 KB (288,816 bytes)

Product version:

1.1.0.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\coupon server\frameworkbho.dll

Digital Signature

Signed by:

Alluring Apps

Authority:

Thawte, Inc.

Valid from:

6/4/2013 8:00:00 AM

Valid to:

6/5/2014 7:59:59 AM

Subject:

CN=Alluring Apps, O=Alluring Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1BBF6CE60304F10362213959DCEC0021

File PE Metadata

Compilation timestamp:

3/6/2014 3:50:46 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:TUNSOlZwtdQGwmGqEsb5OaN0gC2NEnzF/676O9qoYkX0lNy2mzwU7j8DVv3KmcZq:TcSOl6bbjtOJx+qoclNy2mzwU7E3nIz

Entry address:

0x20656

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B9, 5E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 48, EE, 03, 10, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 4C, EE, 03, 10, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, FB, 1C, 00, 00, 85, C0, 75, 06, B8, B0, EF, 03, 10, C3, 83, C0, 08, C3, E8, E8, 1C, 00, 00, 85, C0, 75... 
[+]

Entropy:

6.4103

Code size:

180.5 KB (184,832 bytes)

Internet Explorer BHO

Display name:

Coupon Server BHO

CLSID:

{F791D8AE-47E8-40A5-A913-EB2D2AF29602}

Remove frameworkbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.