» frameworkbho64.dll
Overview
Analysis
File Details
Behaviors (1)

frameworkbho64.dll

Framework

Smart Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho64.dll by Smart Apps has been detected as adware by 6 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Instant Savings App BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkbho64.dll

Publisher:

Smart Apps (signed and verified)

Product:

Framework

Description:

FrameworkBHO

Version:

1.1.0.0

MD5:

115854a01d192633d120f893f1b5e2c6

SHA-1:

d504d1d90c7ccb0a2e2f726607a0486f47f3a1e3

SHA-256:

0b285e71c5bea42663e1f308ad16ba332020d799e60a4bc1913dbed81be8ee96

Scanner detections:

6 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/16/2024 2:55:31 PM UTC (today)

Scan engine

Detection

Engine version

AVG

AdPlugin

2015.0.3389

ESET NOD32

Win64/Adware.SmartApps (variant)

8.9694

IKARUS anti.virus

AdWare.Smartapps

t3scan.1.6.1.0

Reason Heuristics

Adware.GamePlayLabs.BHO.O

14.8.7.20

Trend Micro House Call

TROJ_GEN.F47V0306

7.2.219

VIPRE Antivirus

GamePlayLabs

24706

File size:

317.5 KB (325,160 bytes)

Product version:

1.1.0.0

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\instant savings app\frameworkbho64.dll

Digital Signature

Signed by:

Smart Apps

Authority:

Thawte, Inc.

Valid from:

3/25/2013 1:00:00 AM

Valid to:

3/26/2014 12:59:59 AM

Subject:

CN=Smart Apps, O=Smart Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7CAFCF7841E5BDDF79F61691D678D0EC

File PE Metadata

Compilation timestamp:

11/14/2013 12:57:05 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:4kLBbvmNWayr/kZunIbyzsErZbN7RxhT59mZK9e71gPnAh0g7M:42vjk4nIbyzsErZZXIwp

Entry address:

0x205FC

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, D3, 64, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 4C, 8D, 0D, 9D, 84, 02, 00, 33, C0, 49, 8B, D1, 44, 8D, 40, 08, 3B, 0A, 74, 2B, FF, C0, 49, 03, D0, 83, F8, 2D, 72, F2, 8D, 41, ED, 83, F8, 11, 77, 06, B8, 0D, 00, 00, 00, C3, 81, C1, 44, FF, FF, FF, B8, 16, 00, 00, 00, 83, F9, 0E, 41, 0F, 46, C0, C3, 48... 
[+]

Code size:

183.5 KB (187,904 bytes)

Internet Explorer BHO

Display name:

Instant Savings App BHO

CLSID:

{6EB4A4C0-6036-4D2E-B010-20707C4B62E8}

Remove frameworkbho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.