» betweenlinesbho.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Downloads (2)

betweenlinesbho.dll

Between Lines

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module betweenlinesbho.dll by Between Lines has been detected as adware by 30 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Between Lines 1.0.0.7’. Additionally, the file is typically installed by a number of programs including Between Lines by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

betweenlinesbho.dll

Publisher:

Between Lines (signed and verified)

Product:

Between Lines

Version:

1.0.0.7

MD5:

673f48a4ed7ff74ed1479257af9ccba9

SHA-1:

e886af26f4e9d309eee4d143053bd784ad2e64c4

SHA-256:

bb8fd228b09306a2b2b5bff0f51d284c2b180683b5257a8cda4f8a89cd700aea

Scanner detections:

30 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

12/26/2024 3:42:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.CL

658

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

ADWARE/BrowseFox.Gen2

7.11.218.20

AVG

BrowseFox

2016.0.3136

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.15417

Bitdefender

Adware.BrowseFox.CL

1.0.20.535

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.Yontoo.1734

9.0.1.0107

Emsisoft Anti-Malware

Adware.BrowseFox.CL

8.15.04.17.05

ESET NOD32

Win32/BrowseFox.AE potentially unwanted (variant)

9.11490

Fortinet FortiGate

Riskware/BrowseFox

4/17/2015

F-Prot

W32/S-9c4b2ea6

v6.4.7.1.166

F-Secure

Adware.BrowseFox.CL

11.2015-17-04_6

G Data

Adware.BrowseFox.CL

15.4.25

herdProtect (fuzzy)

variant of betweenlines.dll (Adware)

2015.7.19.7

IKARUS anti.virus

AdWare.BrowseFox

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15630

Malwarebytes

PUP.Optional.BetweenLines.A

v2015.04.17.05

McAfee

Artemis!673F48A4ED7F

5600.6792

NANO AntiVirus

Trojan.Win32.Yontoo.dnkubo

0.30.16.1110

nProtect

Adware.BrowseFox.CL

15.04.17.01

Panda Antivirus

Generic Suspicious

15.04.17.05

Qihoo 360 Security

HEUR/QVM30.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Yontoo.BetweenLines

15.4.17.13

Rising Antivirus

PE:Adware.BrowseFox!6.1D8B

23.00.65.15415

Sophos

Browse Fox

4.98

Trend Micro House Call

TROJ_GEN.R047C0OD815

7.2.107

Trend Micro

TROJ_GEN.R047C0OD815

10.465.17

Vba32 AntiVirus

AdWare.MSIL.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39424

File size:

262.7 KB (269,048 bytes)

Product version:

1.0.0.7

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\between lines\betweenlinesbho.dll

Digital Signature

Signed by:

Between Lines

Authority:

VeriSign, Inc.

Valid from:

2/22/2015 7:00:00 PM

Valid to:

2/23/2016 6:59:59 PM

Subject:

CN=Between Lines, O=Between Lines, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0BAD3D665CB44E6E0042FF4A69E2ACFE

File PE Metadata

Compilation timestamp:

3/23/2015 10:16:48 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:2tC20MfEbUppVqU+kB3hh+4cF63wY+GM9ZKTOK7swcEu:2tC20dGpVek3ndu9Z8ovB

Entry address:

0xF515

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EA, 7E, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, D8, 21, 03, 10, E8, 4C, 02, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 6C, 77, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, C4, 93, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.0741

Developed / compiled with:

Microsoft Visual C++

Code size:

159 KB (162,816 bytes)

Internet Explorer BHO

Display name:

Between Lines 1.0.0.7

CLSID:

{ed66005b-3c60-469c-a11b-211b53e83d9e}

The file betweenlinesbho.dll has been discovered within the following programs.

Between Lines by Yontoo Technology, Inc.

From Yontoo's License Agreement: "The Software is supported by several forms of advertising, which will be displayed as you use your browsers, including, without limitation, banner and video ads, in-text ads and links, web browsing-related ads, interstitial, transitional, search, and full page ads.

betweenlinesnow.com/support

85% remove it

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

The file betweenlinesbho.dll has been seen being distributed by the following 2 URLs.

http://install-cdn.betweenlinesnow.com/bed?r=2015032319&bet=3

http://install-cdn.betweenlinesnow.com/bed?r=2015032409&bet=3

Remove betweenlinesbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.