» frameworkbho.dll
Overview
Analysis
File Details
Behaviors (1)

frameworkbho.dll

Framework

Stunning Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Stunning Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Browser Guard BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkbho.dll

Publisher:

Stunning Apps (signed and verified)

Product:

Framework

Description:

FrameworkBHO

Version:

1.1.0.0

MD5:

abd72dd91621188e1eb1c62642501c87

SHA-1:

256f9b96fa1e81cca29e8db88584987b6f77a1a5

SHA-256:

be211f96b3756292d61865f9fd46ea4d53d8a189fe17e2ac58945150150b59a5

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

5/1/2024 1:04:27 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.GamePlayLabs (M)

17.3.13.5

File size:

395.3 KB (404,816 bytes)

Product version:

1.1.0.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\browser guard\frameworkbho.dll

Digital Signature

Signed by:

Stunning Apps

Authority:

thawte, Inc.

Valid from:

5/19/2015 5:30:00 AM

Valid to:

4/30/2016 5:29:59 AM

Subject:

CN=Stunning Apps, O=Stunning Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

05CCA783C3E3CC9DFDAC6349C0C29F62

Registration

CLSIDs:

{A77A0AD6-2DCF-40DC-8DDF-840A9886BA35}, {FCED84AA-0E0F-497E-9DD0-536082F684DB}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

1/15/2015 4:17:08 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x2D025

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, E1, 7D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 98, 62, 05, 10, E8, AC, 0A, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, A4, DB, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, CC, 56, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.4549

Developed / compiled with:

Microsoft Visual C++

Code size:

268.5 KB (274,944 bytes)

Internet Explorer BHO

Display name:

Browser Guard BHO

CLSID:

{FCED84AA-0E0F-497E-9DD0-536082F684DB}

Remove frameworkbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.