frameworkbho.dll

Framework

Gratifying Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Gratifying Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Discount Dragon BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Gratifying Apps  (signed and verified)

Product:
Framework

Description:
FrameworkBHO

Version:
1.1.0.0

MD5:
b55329a3fc4f11c067c5e34723393f5c

SHA-1:
0e2ca0b8bdddfa6584e57b4e6a62bcca8ad4a5f1

SHA-256:
9084860019c2258f8f1c0121b607d31869f975ca823e0568189d9de73a1fdc6b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
11/27/2024 3:03:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.GamePlayLabs (M)
17.3.15.8

File size:
347.1 KB (355,432 bytes)

Product version:
1.1.0.0

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\discount dragon\frameworkbho.dll

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
4/29/2014 9:00:00 PM

Valid to:
4/30/2015 8:59:59 PM

Subject:
CN=Gratifying Apps, O=Gratifying Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0BC7E6EB474AD9514161F0DF4C0D2268

File PE Metadata
Compilation timestamp:
6/30/2014 3:57:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x24845

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 30, 8A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 78, A4, 04, 10, E8, 4C, DD, FF, FF, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 28, 20, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 8C, C2, 03, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
221 KB (226,304 bytes)

Internet Explorer BHO
Display name:
Discount Dragon BHO

CLSID:
{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}


Remove frameworkbho.dll - Powered by Reason Core Security