» frameworkbho.dll
Overview
Analysis
File Details
Behaviors (1)

frameworkbho.dll

Framework

Appealing Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Appealing Apps has been detected as adware by 16 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Discount Dragon BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkbho.dll

Publisher:

Appealing Apps (signed and verified)

Product:

Framework

Description:

FrameworkBHO

Version:

1.1.0.0

MD5:

5c3a55c3a8a1376759f47bf347a3a9e6

SHA-1:

9c49a36743031db91cb7b5c964c80aad8e6210b7

SHA-256:

8b37fbe009db9bd9779aafe182fbe54bdb0c0736bc63b41e4c7a0d396eda2e14

Scanner detections:

16 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/26/2024 3:38:20 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.SmartApps

7.1.1

avast!

Win32:Malware-gen

2014.9-160211

AVG

AdPlugin

2017.0.2836

Baidu Antivirus

Trojan.Win32.SmartApps

4.0.3.16211

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

ApplicUnwnt

19266

Dr.Web

Adware.GamePlayLabs.55

9.0.1.042

ESET NOD32

Win32/AdWare.SmartApps (variant)

10.10293

IKARUS anti.virus

AdWare.DealDropper

t3scan.1.7.5.0

K7 AntiVirus

Adware

13.192.14752

NANO AntiVirus

Riskware.Win32.Agent.drnmvj

0.30.24.1357

Reason Heuristics

Adware.GamePlayLabs.50OnRed (M)

16.2.11.12

Trend Micro House Call

Suspicious_GEN.F47V0814

7.2.42

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

32420

Zillya! Antivirus

Adware.Agent.Win32.15086

2.0.0.1975

File size:

399.5 KB (409,136 bytes)

Product version:

1.1.0.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\discount dragon\frameworkbho.dll

Digital Signature

Signed by:

Appealing Apps

Authority:

Thawte, Inc.

Valid from:

6/4/2013 2:00:00 AM

Valid to:

6/5/2014 1:59:59 AM

Subject:

CN=Appealing Apps, O=Appealing Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0444AA3B06F7BBDC2E37AF0824FB38C7

Registration

CLSIDs:

{BE496A80-8F51-461F-B3D7-88A258A60541}, {EA34C851-D481-49F5-A356-3A8B0A8F3B7E}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

4/21/2014 10:10:44 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:N+9wzL/O/iozuZQ6pXF4dCsrz+9V0ikrDHJxG:N+wOqoYXOCsf+sikG

Entry address:

0x2E0B5

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 90, 8B, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 78, 68, 05, 10, E8, 1C, 06, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 40, E0, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 4C, 81, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

269 KB (275,456 bytes)

Internet Explorer BHO

Display name:

Discount Dragon BHO

CLSID:

{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}

Remove frameworkbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.