» browsestudiobho.dll
Overview
Analysis
File Details
Programs (2)
Downloads (1)

browsestudiobho.dll

BrowseStudio

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module browsestudiobho.dll by BrowseStudio has been detected as adware by 39 anti-malware scanners. This file is typically installed with the program BrowseStudio by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. The file has been seen being downloaded from install-cdn.browsestudio.com.

File name:

browsestudiobho.dll

Publisher:

BrowseStudio (signed and verified)

Product:

BrowseStudio

Version:

1.0.0.3

MD5:

e9025a85cba09f853616a497f6f63b7c

SHA-1:

8e25f725711263da21f7839bf2afce564e333f70

SHA-256:

b6d92ad273503c5b30851c1e61963606cfbc3bf5b3fafd6e1b1e583a6c35e909

Scanner detections:

39 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

11/24/2024 10:17:21 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SwiftBrowse.CS

385

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.BrowseFox

2015.05.05

Avira AntiVirus

Adware/BrowseFox.aol

7.11.205.128

avast!

Win32:BrowseFox-EN [PUP]

2014.9-160116

AVG

Generic

2017.0.2863

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.16116

Bitdefender

Adware.SwiftBrowse.CS

1.0.20.80

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Swiftbrowse-938

0.98/21511

Comodo Security

ApplicUnwnt

22004

Dr.Web

Trojan.Yontoo.1734

9.0.1.016

Emsisoft Anti-Malware

Adware.SwiftBrowse.CS

8.16.01.16.07

ESET NOD32

Win32/BrowseFox.AE potentially unwanted (variant)

10.11575

Fortinet FortiGate

Riskware/BrowseFox

1/16/2016

F-Prot

W32/S-f64f6ec1

v6.4.7.1.166

F-Secure

Adware.SwiftBrowse.CS

11.2016-16-01_7

G Data

Adware.SwiftBrowse.CS

16.1.25

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.8.9.0

K7 AntiVirus

Unwanted-Program

13.203.15799

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.809

Malwarebytes

PUP.Optional.BrowseStudio.A

v2016.01.16.07

McAfee

Artemis!D4C0683C21B2

5600.6519

MicroWorld eScan

Adware.SwiftBrowse.CS

17.0.0.48

NANO AntiVirus

Trojan.Win32.Yontoo.dnkubo

0.30.24.1357

Norman

Adware.SwiftBrowse.CS

11.20160116

nProtect

Adware.SwiftBrowse.CS

15.05.04.01

Panda Antivirus

Trj/CI.A

16.01.16.07

Qihoo 360 Security

Win32/Virus.Adware.240

1.0.0.1015

Quick Heal

PUA.Browsestud.Gen

1.16.14.00

Reason Heuristics

PUP.Yontoo.BrowseStudio (M)

16.1.16.7

Rising Antivirus

PE:Adware.BrowseFox!6.1D8B

23.00.65.16114

Sophos

Generic PUA IG

4.98

SUPERAntiSpyware

Adware.BrowseFox/Variant

9382

Trend Micro House Call

TROJ_GEN.F0C2C00BM15

7.2.16

Trend Micro

TROJ_GEN.F0C2C00BM15

10.465.16

Vba32 AntiVirus

AdWare.MSIL.Agent

3.12.26.3

VIPRE Antivirus

Yontoo

39944

Zillya! Antivirus

Backdoor.PePatch.Win32.70836

2.0.0.2166

File size:

244.7 KB (250,608 bytes)

Product version:

1.0.0.3

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\browsestudio\browsestudiobho.dll

Digital Signature

Signed by:

BrowseStudio

Authority:

VeriSign, Inc.

Valid from:

9/1/2014 9:00:00 PM

Valid to:

9/2/2015 8:59:59 PM

Subject:

CN=BrowseStudio, O=BrowseStudio, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

11AE532A33120159E1078A0D3EDE88C9

File PE Metadata

Compilation timestamp:

11/24/2014 3:27:02 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:vn6oqa7ZcJ83Z2qJC0SzN+3aR4id15+s+xIaIdYvwBLjP:vOa7Zce3BCR/wxIWIBLj

Entry address:

0x12854

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 90, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 44, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 1C, A5, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

159 KB (162,816 bytes)

The file browsestudiobho.dll has been discovered within the following programs.

BrowseStudio by Yontoo Technology, Inc.

BrowseStudio is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

browsestudio.com/support

81% remove it

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

The file browsestudiobho.dll has been seen being distributed by the following URL.

http://install-cdn.browsestudio.com/bed?bet=3

Remove browsestudiobho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.