» frameworkbho.dll
Overview
Analysis
File Details
Behaviors (1)

frameworkbho.dll

Framework

Engaging Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Engaging Apps has been detected as adware by 7 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Bee Coupons BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkbho.dll

Publisher:

Engaging Apps (signed and verified)

Product:

Framework

Description:

FrameworkBHO

Version:

1.1.0.0

MD5:

46298c58fae5b7ff5124c802986c37b6

SHA-1:

4a9a46904f5d5350e34fb737f7d86e06d5d8e0ca

SHA-256:

ee2494c161a4c2974c57ec4baee03c9cad0028af8a8dde2d3adab1fe32c5a507

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/19/2024 4:11:04 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.SmartApps

7.1.1

AVG

AdPlugin

2015.0.3480

ESET NOD32

Win32/AdWare.SmartApps (variant)

8.9698

IKARUS anti.virus

AdWare.DealDropper

t3scan.1.6.1.0

Reason Heuristics

Adware.GamePlayLabs.BHO.M

14.8.7.21

Trend Micro House Call

TROJ_GEN.F47V0310

7.2.128

VIPRE Antivirus

GamePlayLabs

27690

File size:

282 KB (288,816 bytes)

Product version:

1.1.0.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\bee coupons\frameworkbho.dll

Digital Signature

Signed by:

Engaging Apps

Authority:

Thawte, Inc.

Valid from:

6/3/2013 8:00:00 PM

Valid to:

6/4/2014 7:59:59 PM

Subject:

CN=Engaging Apps, O=Engaging Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

632EEBD9B987BC680D444D8675A26545

File PE Metadata

Compilation timestamp:

3/6/2014 2:50:46 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:HUNSOlZwtdQGwmGqEsb5OaN0gC2NEnzF/676O9qoYkX0lNy2mzw07N8DVv3Kmv1z:HcSOl6bbjtOJx+qoclNy2mzw07S3ntz

Entry address:

0x20656

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B9, 5E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 48, EE, 03, 10, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 4C, EE, 03, 10, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, FB, 1C, 00, 00, 85, C0, 75, 06, B8, B0, EF, 03, 10, C3, 83, C0, 08, C3, E8, E8, 1C, 00, 00, 85, C0, 75... 
[+]

Entropy:

6.4108

Code size:

180.5 KB (184,832 bytes)

Internet Explorer BHO

Display name:

Bee Coupons BHO

CLSID:

{FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0}

Remove frameworkbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.