» frameworkbho.dll
Overview
Analysis
File Details
Behaviors (1)

frameworkbho.dll

Framework

Exciting Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Exciting Apps has been detected as adware by 11 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Discount Dragon BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkbho.dll

Publisher:

Exciting Apps (signed and verified)

Product:

Framework

Description:

FrameworkBHO

Version:

1.1.0.0

MD5:

131d80a7778f1d9cd1bed9eb9bd1949c

SHA-1:

71bbef80e61fea8ebdac064f1a84d42f8f753e46

SHA-256:

821275fed08352d32a0ff85203ff6d3993e79c4fa494998c344087630452f8b2

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/20/2024 12:06:48 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.SmartApps

7.1.1

avast!

Win32:Malware-gen

2014.9-160215

AVG

AdPlugin

2017.0.2832

ESET NOD32

Win32/AdWare.SmartApps (variant)

10.9686

IKARUS anti.virus

AdWare.DealDropper

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.185.13943

Reason Heuristics

Adware.GamePlayLabs.50OnRed (M)

16.2.15.13

Trend Micro House Call

TROJ_GEN.F47V0310

7.2.46

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

28760

Zillya! Antivirus

Adware.Agent.Win32.15086

2.0.0.1977

File size:

398.8 KB (408,400 bytes)

Product version:

1.1.0.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\discount dragon\frameworkbho.dll

Digital Signature

Signed by:

Exciting Apps

Authority:

Thawte, Inc.

Valid from:

3/17/2014 8:00:00 PM

Valid to:

3/25/2015 7:59:59 PM

Subject:

CN=Exciting Apps, O=Exciting Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

534682E2D442EC8EA3320856DF2214DC

Registration

CLSIDs:

{BE496A80-8F51-461F-B3D7-88A258A60541}, {EA34C851-D481-49F5-A356-3A8B0A8F3B7E}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

4/21/2014 4:10:44 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:G+9wzL/O/iozuZQ6pXF4dCsrz+9V0ikrDHJxT:G+wOqoYXOCsf+sikT

Entry address:

0x2E0B5

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 90, 8B, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 78, 68, 05, 10, E8, 1C, 06, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 40, E0, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 4C, 81, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.4678

Developed / compiled with:

Microsoft Visual C++

Code size:

269 KB (275,456 bytes)

Internet Explorer BHO

Display name:

Discount Dragon BHO

CLSID:

{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}

Remove frameworkbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.