frameworkbho.dll

Framework

Engaging Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Engaging Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Coupon Server BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Engaging Apps  (signed and verified)

Product:
Framework

Description:
FrameworkBHO

Version:
1.1.0.0

MD5:
507b0c3b6bc1c5338e63a2a0325426dd

SHA-1:
8d2e714437e1ae56afa95f03a3c9042d5f4155cc

SHA-256:
6e840589c48f81562fdb8d8f6746d1654875048cf06425e91eee27ed61e186c2

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
7/3/2020 7:25:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.GamePlayLabs (M)
17.3.4.23

File size:
282 KB (288,816 bytes)

Product version:
1.1.0.0

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\coupon server\frameworkbho.dll

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/3/2013 5:00:00 PM

Valid to:
6/4/2014 4:59:59 PM

Subject:
CN=Engaging Apps, O=Engaging Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
632EEBD9B987BC680D444D8675A26545

File PE Metadata
Compilation timestamp:
3/5/2014 11:50:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x20656

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B9, 5E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 48, EE, 03, 10, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 4C, EE, 03, 10, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, FB, 1C, 00, 00, 85, C0, 75, 06, B8, B0, EF, 03, 10, C3, 83, C0, 08, C3, E8, E8, 1C, 00, 00, 85, C0, 75...
 
[+]

Entropy:
6.4105

Code size:
180.5 KB (184,832 bytes)

Internet Explorer BHO
Display name:
Coupon Server BHO

CLSID:
{F791D8AE-47E8-40A5-A913-EB2D2AF29602}


Remove frameworkbho.dll - Powered by Reason Core Security