» frameworkbho.dll
Overview
Analysis
File Details
Behaviors (1)

frameworkbho.dll

Framework

Smart Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Smart Apps has been detected as adware by 12 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Coupon Server BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkbho.dll

Publisher:

Smart Apps (signed and verified)

Product:

Framework

Description:

FrameworkBHO

Version:

1.1.0.0

MD5:

67bac8ba27c3851b1f115556367d7db8

SHA-1:

894c99bbf27436223c16058f9db41b59edbb9015

SHA-256:

8093b2178b5aae6057be2c7e19656e3a706861ff00af6496a89950ed56d2f8ca

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/18/2024 10:47:47 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.SmartApps

7.1.1

AVG

AdPlugin

2016.0.3167

Comodo Security

ApplicUnwnt

19389

Dr.Web

Adware.Shopper.804

9.0.1.05190

Emsisoft Anti-Malware

Android.Trojan.Boqx

8.15.03.17.07

ESET NOD32

Win32/AdWare.SmartApps (variant)

9.9698

herdProtect (fuzzy)

variant of backup-20140205-165604-973.dll (Adware)

2015.6.23.17

IKARUS anti.virus

AdWare.DealDropper

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.201.15291

Reason Heuristics

Adware.GamePlayLabs.BHO.50OnRed

15.3.17.20

Trend Micro House Call

TROJ_GEN.F47V0310

7.2.76

VIPRE Antivirus

GamePlayLabs

22968

File size:

252 KB (258,088 bytes)

Product version:

1.1.0.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\coupon server\frameworkbho.dll

Digital Signature

Signed by:

Smart Apps

Authority:

Thawte, Inc.

Valid from:

3/25/2013 12:00:00 AM

Valid to:

3/25/2014 11:59:59 PM

Subject:

CN=Smart Apps, O=Smart Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7CAFCF7841E5BDDF79F61691D678D0EC

File PE Metadata

Compilation timestamp:

11/14/2013 11:55:35 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:/eSEnF7emwLjaWO/n40XORJa8tzwamMySH2wmtKH3ICkx62wu79jFw4Km0zPXPKK:PEbwLup4h7zpHhPH3ICkE2B7XhDUX

Entry address:

0x1A38D

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F6, 5B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 40, 7E, 03, 10, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 44, 7E, 03, 10, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 94, 19, 00, 00, 85, C0, 75, 06, B8, A8, 7F, 03, 10, C3, 83, C0, 08, C3, E8, 81, 19, 00, 00, 85, C0, 75... 
[+]

Code size:

153 KB (156,672 bytes)

Internet Explorer BHO

Display name:

Coupon Server BHO

CLSID:

{F791D8AE-47E8-40A5-A913-EB2D2AF29602}

Remove frameworkbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.