frameworkbho64.dll

Framework

Gratifying Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module frameworkbho64.dll by Gratifying Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Browser Champion BHO’. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Gratifying Apps  (signed and verified)

Product:
Framework

Description:
FrameworkBHO

Version:
1.1.0.0

MD5:
0e75af3939c75985ca8e90722a1775cc

SHA-1:
b195da2be8d134687c54051f359a0211c92b5289

SHA-256:
ec069658714b375615dbf2c9bf8cf7ccfeec869e79a8d7be91114c364cffa268

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
12/25/2024 12:04:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.GamePlayLabs (M)
17.3.16.9

File size:
563.7 KB (577,256 bytes)

Product version:
1.1.0.0

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\browser champion\frameworkbho64.dll

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
4/29/2014 5:00:00 PM

Valid to:
4/30/2015 4:59:59 PM

Subject:
CN=Gratifying Apps, O=Gratifying Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0BC7E6EB474AD9514161F0DF4C0D2268

Registration
CLSIDs:
{A7E5E408-67D6-48DF-9B00-3F24D85584BB}, {FD6EF0F0-B46B-4CB2-839C-BBE569FAA859}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
6/30/2014 12:03:47 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3E468

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 67, A6, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, DC, 77, 04, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
6.0626

Code size:
344.5 KB (352,768 bytes)

Internet Explorer BHO
Display name:
Browser Champion BHO

CLSID:
{FD6EF0F0-B46B-4CB2-839C-BBE569FAA859}


Remove frameworkbho64.dll - Powered by Reason Core Security