frameworkbho.dll

Framework

Alluring Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho.dll by Alluring Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Discount Dragon BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Alluring Apps  (signed and verified)

Product:
Framework

Description:
FrameworkBHO

Version:
1.1.0.0

MD5:
8ce81a63ee009768ba48e21d7cfca1d4

SHA-1:
a36667eeabc74337351c4627a7680a8c187b78e9

SHA-256:
50a44c822049708b96c1cda702796fba960743cac83b25c3c876b63c093d952e

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
11/5/2024 8:27:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.GamePlayLabs (M)
17.2.13.20

File size:
282 KB (288,816 bytes)

Product version:
1.1.0.0

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\discount dragon\frameworkbho.dll

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/4/2013 2:00:00 AM

Valid to:
6/5/2014 1:59:59 AM

Subject:
CN=Alluring Apps, O=Alluring Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1BBF6CE60304F10362213959DCEC0021

File PE Metadata
Compilation timestamp:
3/6/2014 8:50:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x20656

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B9, 5E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 48, EE, 03, 10, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 4C, EE, 03, 10, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, FB, 1C, 00, 00, 85, C0, 75, 06, B8, B0, EF, 03, 10, C3, 83, C0, 08, C3, E8, E8, 1C, 00, 00, 85, C0, 75...
 
[+]

Code size:
180.5 KB (184,832 bytes)

Internet Explorer BHO
Display name:
Discount Dragon BHO

CLSID:
{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}


Remove frameworkbho.dll - Powered by Reason Core Security