» frameworkbho.dll
Overview
Analysis
File Details
Behaviors (1)

frameworkbho.dll

Framework

App Squad

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by App Squad has been detected as adware by 3 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Savings Hen BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkbho.dll

Publisher:

App Squad (signed and verified)

Product:

Framework

Description:

FrameworkBHO

Version:

1.1.0.0

MD5:

10cf4c0a1bb96ee45b4ede7ff3512cf5

SHA-1:

eb0ed8f337c0f6b86eeb02e7e7700d93bb57f9a8

SHA-256:

6b4232df385712544f63ea8b9ffda64c1001f145edb68c0c1ce94bfd2f4bacf6

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/25/2024 7:57:03 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-160119

AVG

Generic

2017.0.2859

Reason Heuristics

Adware.GamePlayLabs.50OnRed (M)

16.1.19.18

File size:

398.6 KB (408,152 bytes)

Product version:

1.1.0.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\savings hen\frameworkbho.dll

Digital Signature

Signed by:

App Squad

Authority:

Thawte, Inc.

Valid from:

3/17/2014 5:00:00 PM

Valid to:

3/25/2015 4:59:59 PM

Subject:

CN=App Squad, O=App Squad, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

49F47D57212B012C506E1CB5CE9AF0F8

File PE Metadata

Compilation timestamp:

4/21/2014 1:10:44 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:8+9wzL/O/iozuZQ6pXF4dCsrz+9VvikrDTJxT:8+wOqoYXOCsf+HikP

Entry address:

0x2E0B5

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 90, 8B, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 78, 68, 05, 10, E8, 1C, 06, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 40, E0, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 4C, 81, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.4668

Developed / compiled with:

Microsoft Visual C++

Code size:

269 KB (275,456 bytes)

Internet Explorer BHO

Display name:

Savings Hen BHO

CLSID:

{1564A235-9C55-4C1F-8CE4-B30B77C0B99A}

Remove frameworkbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.