frameworkbho.dll

Framework

Exciting Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Exciting Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Savings Season BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Exciting Apps  (signed and verified)

Product:
Framework

Description:
FrameworkBHO

Version:
1.1.0.0

MD5:
58f40bec7093e1a897bc6789fd0e064e

SHA-1:
99e557c2e3bbc17fa788064e2f73db1c8bbbd019

SHA-256:
71de29503043b422c1e8569f052752226b79e8c18121e5ccf29aa35f8b2cd77a

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
11/23/2024 8:15:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.GamePlayLabs (M)
17.3.15.4

File size:
399.5 KB (409,136 bytes)

Product version:
1.1.0.0

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\savings season\frameworkbho.dll

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/18/2014 1:00:00 AM

Valid to:
3/26/2015 12:59:59 AM

Subject:
CN=Exciting Apps, O=Exciting Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
534682E2D442EC8EA3320856DF2214DC

File PE Metadata
Compilation timestamp:
4/21/2014 10:10:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x2E0B5

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 90, 8B, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 78, 68, 05, 10, E8, 1C, 06, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 40, E0, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 4C, 81, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
269 KB (275,456 bytes)

Internet Explorer BHO
Display name:
Savings Season BHO

CLSID:
{77AE02BE-8EF5-43D6-9271-1FC448D63DE2}


Remove frameworkbho.dll - Powered by Reason Core Security