appbudbho.dll

App Bud

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module appbudbho.dll by App Bud has been detected as adware by 25 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘App Bud’. Additionally, the file is typically installed by a number of programs including App Bud by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
App Bud  (signed and verified)

Product:
App Bud

Version:
1.0.0.3

MD5:
4308b6631748744c688cc12917bf5deb

SHA-1:
c0f406eff0fbd0b218ccfb4c8dae28b303bdf2d5

SHA-256:
9255338715b7dd14c4a21b7d0653b07ac702a99e2f0f18177265735ca3faf57d

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
11/23/2024 12:37:42 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.BHO.Agent.4
924

Avira AntiVirus
APPL/BrowseFox.Gen2
7.11.164.2

AVG
BrowseFox.F
2015.0.3402

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14725

Bitdefender
Gen:Variant.Adware.BHO.Agent.4
1.0.20.1030

Comodo Security
Application.Win32.Altbrowse.AK
18971

Dr.Web
Trojan.BPlug.28
9.0.1.0206

Emsisoft Anti-Malware
Gen:Variant.Adware.BHO.Agent
8.14.07.25.11

ESET NOD32
Win32/BrowseFox (variant)
8.10154

Fortinet FortiGate
Adware/Agent
7/25/2014

F-Secure
Gen:Variant.Adware.BHO.Agent.4
11.2014-25-07_6

G Data
Gen:Variant.Adware.BHO.Agent
14.7.24

K7 AntiVirus
Trojan
13.181.12846

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3505

McAfee
Artemis!4308B6631748
5600.7058

MicroWorld eScan
Gen:Variant.Adware.BHO.Agent.4
15.0.0.618

NANO AntiVirus
Riskware.Win32.Agent.cummdd
0.28.2.60990

nProtect
Trojan-Clicker/W32.Agent.249624.C
14.07.25.01

Panda Antivirus
Adware/BHO
14.07.25.11

Qihoo 360 Security
HEUR/Malware.QVM30.Gen
1.0.0.1015

Reason Heuristics
Adware.Yontoo.BHO.J
14.7.27.14

Sophos
Generic PUA MA
4.98

SUPERAntiSpyware
Adware.BrowseFox/Variant
10461

Trend Micro House Call
Suspicious_GEN.F47V0724
7.2.206

VIPRE Antivirus
Yontoo
31602

File size:
243.8 KB (249,624 bytes)

Product version:
1.0.0.3

Copyright:
(c) App Bud. All rights reserved.

Original file name:
App BudIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\app bud\appbudbho.dll

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
6/8/2014 7:00:00 PM

Valid to:
6/17/2015 7:00:00 AM

Subject:
CN=App Bud, O=App Bud, L=Santa Monica, S=California, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
07591B091A65F99B8121AB657546815A

File PE Metadata
Compilation timestamp:
7/21/2014 3:00:06 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:ZI4QlBqrf0bg0l+WVB2lRYY5bLWwMW1m+2y21IaIy88d/BI/p:ZI4n+g8V8bLmJy21IPMpIh

Entry address:
0x12844

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 20, 2D, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, E4, 67, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 7C, A1, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3586

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

Internet Explorer BHO
Display name:
App Bud

CLSID:
{f1de8ec2-8502-46f5-83b6-23784216d364}


The file appbudbho.dll has been discovered within the following programs.

App Bud  by Yontoo Technology, Inc.
App Bud is an adware web browser extension that is display banners ads as well as contextual link ads . The ads are injected by the web browser plugin (IE, FF and Chrome) and will display on any web site, even those not associated or affiliated with the publisher.
appbud.net/support
88% remove it
Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
 
Powered by Should I Remove It?

Remove appbudbho.dll - Powered by Reason Core Security