» frameworkbho64.dll
Overview
Analysis
File Details
Behaviors (1)

frameworkbho64.dll

Framework

App Squad

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho64.dll by App Squad has been detected as adware by 6 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Coupon Alerts BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkbho64.dll

Publisher:

App Squad (signed and verified)

Product:

Framework

Description:

FrameworkBHO

Version:

1.1.0.0

MD5:

1fad0b6913c78efb432de290fd9407e8

SHA-1:

b481ad7b47c8a4cc7ca3fa8ea8a1cd556eb3dbc1

SHA-256:

07129fc254b0b9c9ce5cbba0fe22f64d71a414788827a3db9889d3bad7938049

Scanner detections:

6 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/25/2024 11:35:34 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2017.0.2834

Comodo Security

ApplicUnwnt

18281

ESET NOD32

Win64/Adware.SmartApps (variant)

10.9686

IKARUS anti.virus

AdWare.AdPlugin

t3scan.1.6.1.0

Reason Heuristics

Adware.GamePlayLabs.50OnRed (M)

16.2.14.0

VIPRE Antivirus

Win64.Adware.SmartApps

28896

File size:

482 KB (493,608 bytes)

Product version:

1.1.0.0

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\coupon alerts\frameworkbho64.dll

Digital Signature

Signed by:

App Squad

Authority:

Thawte, Inc.

Valid from:

3/18/2014 1:00:00 AM

Valid to:

3/26/2015 12:59:59 AM

Subject:

CN=App Squad, O=App Squad, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

49F47D57212B012C506E1CB5CE9AF0F8

Registration

CLSIDs:

{CACB139B-7C2C-4A99-A4EE-72449D0FF549}, {F791D8AE-47E8-40A5-A913-EB2D2AF29602}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

4/21/2014 10:11:17 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:7OCuz6hya+1U9AlTQrU9r7V4eXvClRxoELhl/MNTvg5yvbCitL+kFBQFL1XtnMTF:TW1lyRx7hq42+iQFL1yP

Entry address:

0x323C8

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, B7, 93, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, FC, 04, 04, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Code size:

284.5 KB (291,328 bytes)

Internet Explorer BHO

Display name:

Coupon Alerts BHO

CLSID:

{F791D8AE-47E8-40A5-A913-EB2D2AF29602}

Remove frameworkbho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.