appbudbho.dll

App Bud

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module appbudbho.dll by App Bud has been detected as adware by 22 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘App Bud’. This file is typically installed with the program App Bud by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
App Bud  (signed and verified)

Product:
App Bud

Version:
1.0.0.3

MD5:
75670c1f3ff4b02cda5c94b53158b922

SHA-1:
2961949a6403883a6351ed164952ea34a256b137

SHA-256:
0b5e278238ab41b23fb7016e0564fe83fde8ebb74d759b79f734a4b46b9c02ff

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/25/2024 2:06:48 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.BHO.Agent.4
899

Avira AntiVirus
APPL/BrowseFox.Gen2
7.11.164.8

AVG
BrowseFox.F
2015.0.3377

Bitdefender
Gen:Variant.Adware.BHO.Agent.4
1.0.20.1160

Comodo Security
Application.Win32.Altbrowse.AK
18982

Dr.Web
Trojan.BPlug.28
9.0.1.0232

Emsisoft Anti-Malware
Gen:Variant.Adware.BHO.Agent
8.14.08.20.03

ESET NOD32
Win32/BrowseFox (variant)
8.10157

Fortinet FortiGate
Adware/Agent
8/20/2014

F-Secure
Gen:Variant.Adware.BHO.Agent.4
11.2014-20-08_4

G Data
Gen:Variant.Adware.BHO.Agent
14.8.24

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3379

McAfee
Artemis!75670C1F3FF4
5600.7033

MicroWorld eScan
Gen:Variant.Adware.BHO.Agent.4
15.0.0.696

NANO AntiVirus
Riskware.Win32.Agent.cummdd
0.28.2.60990

nProtect
Trojan-Clicker/W32.Agent.249624.C
14.07.25.01

Panda Antivirus
Adware/BHO
14.08.20.03

Qihoo 360 Security
HEUR/Malware.QVM30.Gen
1.0.0.1015

Reason Heuristics
Adware.Yontoo.AppBud.J
14.8.20.3

Sophos
Generic PUA CJ
4.98

SUPERAntiSpyware
Adware.BrowseFox/Variant
10411

VIPRE Antivirus
Yontoo
31626

File size:
243.8 KB (249,624 bytes)

Product version:
1.0.0.3

Copyright:
(c) App Bud. All rights reserved.

Original file name:
App BudIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\app bud\appbudbho.dll

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
6/9/2014 3:00:00 AM

Valid to:
6/17/2015 3:00:00 PM

Subject:
CN=App Bud, O=App Bud, L=Santa Monica, S=California, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
07591B091A65F99B8121AB657546815A

Registration
CLSID:
{75387f9f-3935-4d96-9a71-e7bd70b35bf3}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
7/21/2014 11:00:11 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:pI4QlBqrf0bg0l+WVB2lRYY5bLWHMW1m+2i21IaIP88IcBIF:pI4n+g8V8bLTJi21I0toIF

Entry address:
0x12844

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 20, 2D, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, E4, 67, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 7C, A1, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3585

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

Internet Explorer BHO
Display name:
App Bud

CLSID:
{75387f9f-3935-4d96-9a71-e7bd70b35bf3}


The file appbudbho.dll has been discovered within the following program.

App Bud  by Yontoo Technology, Inc.
App Bud is an adware web browser extension that is display banners ads as well as contextual link ads . The ads are injected by the web browser plugin (IE, FF and Chrome) and will display on any web site, even those not associated or affiliated with the publisher.
appbud.net/support
88% remove it
 
Powered by Should I Remove It?

Remove appbudbho.dll - Powered by Reason Core Security