» frameworkbho64.dll
Overview
Analysis
File Details
Behaviors (1)

frameworkbho64.dll

Framework

Gratifying Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho64.dll by Gratifying Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Browser Warden BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkbho64.dll

Publisher:

Gratifying Apps (signed and verified)

Product:

Framework

Description:

FrameworkBHO

Version:

1.1.0.0

MD5:

dd002bed3264242e23943afdde8f9b91

SHA-1:

78b63c1b8acedf493e16ab6c29e1c65c1f656c79

SHA-256:

6d9250049f08530932920582b9f966695b4609ad1e6fd2091eb540cd9e02f37c

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

11/23/2024 10:46:22 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.GamePlayLabs (M)

17.3.15.10

File size:

563.5 KB (577,072 bytes)

Product version:

1.1.0.0

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\browser warden\frameworkbho64.dll

Digital Signature

Signed by:

Gratifying Apps

Authority:

Thawte, Inc.

Valid from:

4/30/2014 3:00:00 AM

Valid to:

5/1/2015 2:59:59 AM

Subject:

CN=Gratifying Apps, O=Gratifying Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0BC7E6EB474AD9514161F0DF4C0D2268

Registration

CLSIDs:

{2C09954F-CDA8-4BD1-8794-1D543E050378}, {D9D6E931-72E0-418A-90C2-06E86D059E25}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

6/30/2014 10:03:47 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x3E468

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 67, A6, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, DC, 77, 04, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.0614

Code size:

344.5 KB (352,768 bytes)

Internet Explorer BHO

Display name:

Browser Warden BHO

CLSID:

{2C09954F-CDA8-4BD1-8794-1D543E050378}

Remove frameworkbho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.