frameworkbho.dll

Framework

Stunning Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Stunning Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Coupon Server BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Stunning Apps  (signed and verified)

Product:
Framework

Description:
FrameworkBHO

Version:
1.1.0.0

MD5:
fd5c5aa1f1913251923e2cabe6ccfe56

SHA-1:
cb413edee491becb04a13ae2ae7e1b8290970b1b

SHA-256:
c568a2e6244867014c7246f71049dde2e04be249f0534f20a1b0111029d247d5

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/30/2024 10:59:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.GamePlayLabs (M)
17.3.11.6

File size:
395.3 KB (404,816 bytes)

Product version:
1.1.0.0

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\coupon server\frameworkbho.dll

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
5/18/2015 9:00:00 PM

Valid to:
4/29/2016 8:59:59 PM

Subject:
CN=Stunning Apps, O=Stunning Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
05CCA783C3E3CC9DFDAC6349C0C29F62

File PE Metadata
Compilation timestamp:
1/14/2015 8:47:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x2D025

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, E1, 7D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 98, 62, 05, 10, E8, AC, 0A, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, A4, DB, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, CC, 56, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
268.5 KB (274,944 bytes)

Internet Explorer BHO
Display name:
Coupon Server BHO

CLSID:
{F791D8AE-47E8-40A5-A913-EB2D2AF29602}


Remove frameworkbho.dll - Powered by Reason Core Security