» frameworkbho.dll
Overview
Analysis
File Details
Behaviors (1)

frameworkbho.dll

Framework

Actually Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Actually Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Browser Hero BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkbho.dll

Publisher:

Actually Apps (signed and verified)

Product:

Framework

Description:

FrameworkBHO

Version:

1.1.0.0

MD5:

42a07fc8337e2c092b1ab71807097688

SHA-1:

ebda1b1f0638ade77d8f8ef603e9f61c33187919

SHA-256:

2855d3f84c04d2fce00d65255a45a098a3189a41e5c4974ac23cd8d55309f918

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

5/9/2024 11:43:37 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.GamePlayLabs (M)

17.3.12.23

File size:

348.2 KB (356,584 bytes)

Product version:

1.1.0.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\browser hero\frameworkbho.dll

Digital Signature

Signed by:

Actually Apps

Authority:

Thawte, Inc.

Valid from:

4/29/2014 9:00:00 PM

Valid to:

4/30/2015 8:59:59 PM

Subject:

CN=Actually Apps, O=Actually Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

76114195147F3D93DF9D38DD306DA63A

File PE Metadata

Compilation timestamp:

6/30/2014 3:57:12 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x24845

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 30, 8A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 78, A4, 04, 10, E8, 4C, DD, FF, FF, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 28, 20, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 8C, C2, 03, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

221 KB (226,304 bytes)

Internet Explorer BHO

Display name:

Browser Hero BHO

CLSID:

{EF3F28EE-D08E-40C6-8778-BF30E0C60793}

Remove frameworkbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.