» discountfrenzy-bho64.dll
Overview
Analysis
File Details
Programs (1)

discountfrenzy-bho64.dll

DiscountFrenzy

The module discountfrenzy-bho64.dll, “DiscountFrenzy BHO” has been detected as adware by 23 anti-malware scanners. This file is typically installed with the program DiscountFrenzy which is a potentially unwanted software program. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of DiscountFrenzy addon.

File name:

Publisher:

DiscountFrenzy

Product:

DiscountFrenzy

Description:

DiscountFrenzy BHO

Version:

1000.1000.1000.1000

MD5:

b7df347f3d66954e7192f3e998759c34

SHA-1:

8ce6476e22ffb14269520f653ecffb372ea14847

SHA-256:

2c11c58587d26c391eb8edea69cc424a8b4b6176a85fe50d46e9497e8e3c5064

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/28/2024 1:35:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12825348

506

Agnitum Outpost

PUA.Toolbar.Crossrider

7.1.1

Avira AntiVirus

ADWARE/CrossRider.Gen2

8.3.1.6

Arcabit

Trojan.Generic.DC3B304

1.0.0.425

avast!

Win64:Malware-gen

2014.9-150916

AVG

Crossrider

2016.0.2984

Baidu Antivirus

Adware.Win64.CrossAd

4.0.3.15916

Bitdefender

Trojan.Generic.12825348

1.0.20.1295

Emsisoft Anti-Malware

Trojan.Generic.12825348

8.15.09.16.12

ESET NOD32

Win64/Toolbar.Crossrider.D potentially unwanted (variant)

9.11807

Fortinet FortiGate

Adware/CrossRider

9/16/2015

F-Secure

Trojan.Generic.12825348

11.2015-16-09_4

G Data

Trojan.Generic.12825348

15.9.25

herdProtect (fuzzy)

variant of omg music plus-bho64.dll (Adware)

2015.11.18.9

K7 AntiVirus

Trojan

13.205.16293

Malwarebytes

PUP.Optional.DiscountFrenzy.A

v2015.09.16.12

McAfee

Artemis!B7DF347F3D66

5600.6640

MicroWorld eScan

Trojan.Generic.12825348

16.0.0.777

nProtect

Trojan.Generic.12825348

15.06.18.01

Reason Heuristics

Adware.Crossrider.DiscountFrenzy (M)

15.9.16.12

Trend Micro House Call

TROJ_GEN.R00UC0ECD15

7.2.259

Trend Micro

TROJ_GEN.R00UC0ECD15

10.465.16

VIPRE Antivirus

Crossrider

41246

File size:

927 KB (949,248 bytes)

Product version:

1000.1000.1000.1000

Original file name:

DiscountFrenzy.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\discountfrenzy\discountfrenzy-bho64.dll

Registration

CLSIDs:

{11111111-1111-1111-1111-110411531162}, {22222222-2222-2222-2222-220422532262}

ProgIDs:

CrossriderApp0045362.BHO.1, CrossriderApp0045362.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

2/4/2014 2:16:13 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:zRHcCOTo0swkPETYBKubKT2OKz87PTfs2lTmMvUQfoq:zRBLmYU9SrwDTTfvz

Entry address:

0x75CAC

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 6F, D3, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 70, A3, 06, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Code size:

617.5 KB (632,320 bytes)

The file discountfrenzy-bho64.dll has been discovered within the following program.

DiscountFrenzy by DiscountFrenzy

This is a potentially unwanted web browser extension that is designed to deliver search-based hijacking/injection as well as contextual advertising. The program does this by modifying the user's home and search page in order to monetize a user's search activities.

72% remove it

Remove discountfrenzy-bho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.