sourceappbho.dll

Source App

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module sourceappbho.dll by Source App has been detected as adware by 38 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘SourceApp 1.0.0.7’. Additionally, the file is typically installed by a number of programs including SourceApp by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
SourceApp  (signed by Source App)

Product:
SourceApp

Version:
1.0.0.7

MD5:
e6ef97a27c3b7d83c9adc04e4309c447

SHA-1:
62d386f496e8547437687adf7e6c74d658430352

SHA-256:
cd88bd8284f5259dc5f31f50beb4de60934f1a206889c647b302869730bd8a33

Scanner detections:
38 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
11/16/2024 9:49:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BP
360

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.BrowseFox
2015.04.22

Avira AntiVirus
ADWARE/BrowseFox.Gen2
7.11.215.236

avast!
Win32:BrowseFox-GY [PUP]
2014.9-160210

AVG
AdPlugin
2017.0.2838

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.16210

Bitdefender
Adware.BrowseFox.BP
1.0.20.205

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-7675
0.98/21411

Comodo Security
ApplicUnwnt
21853

Dr.Web
Trojan.Yontoo.1734
9.0.1.041

Emsisoft Anti-Malware
Adware.BrowseFox.BP
8.16.02.10.08

ESET NOD32
Win32/BrowseFox.AE potentially unwanted (variant)
10.11513

Fortinet FortiGate
Riskware/BrowseFox
2/10/2016

F-Prot
W32/S-f64f6ec1
v6.4.7.1.166

F-Secure
Adware.BrowseFox.BP
11.2016-10-02_4

G Data
Adware.BrowseFox.BP
16.2.25

IKARUS anti.virus
not-a-virus:AdWare.Win32.Agent
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.203.15668

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.683

Malwarebytes
PUP.Optional.SourceApp.A
v2016.02.10.08

McAfee
Artemis!7C14BC12662A
5600.6494

MicroWorld eScan
Adware.BrowseFox.BP
17.0.0.123

NANO AntiVirus
Trojan.Win32.Yontoo.dnkubo
0.30.20.1219

Norman
Adware.BrowseFox.AP
11.20160210

nProtect
Adware.BrowseFox.BP
15.04.20.01

Panda Antivirus
Trj/CI.A
16.02.10.08

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Yontoo.SourceApp (M)
16.2.10.8

Rising Antivirus
PE:Adware.BrowseFox!6.1D8B
23.00.65.16208

Sophos
Generic PUA CK
4.98

SUPERAntiSpyware
Adware.SwiftBrowse/Variant
9332

Trend Micro House Call
TROJ_GEN.F0C2C00C515
7.2.41

Trend Micro
TROJ_GEN.F0C2C00C515
10.465.10

Vba32 AntiVirus
AdWare.MSIL.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
39570

Zillya! Antivirus
Backdoor.PePatch.Win32.70454
2.0.0.2147

File size:
262.7 KB (269,040 bytes)

Product version:
1.0.0.7

Copyright:
(c) SourceApp. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\sourceapp\sourceappbho.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/16/2014 2:00:00 AM

Valid to:
10/17/2015 1:59:59 AM

Subject:
CN=Source App, O=Source App, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5436973D688F7AF7E3F875CD8B463EDD

File PE Metadata
Compilation timestamp:
2/10/2015 11:39:17 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:2nKe0oPE70XLVqUMU1SWBh+lxF63Qv+MPvmZKT3xa3bcEL7Qp:2nKe0xILVsISWN+fXmZEQIcUp

Entry address:
0xF515

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EA, 7E, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, B8, 21, 03, 10, E8, 4C, 02, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 2C, 77, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, C4, 93, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.0719

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

Internet Explorer BHO
Display name:
SourceApp 1.0.0.7

CLSID:
{9f7ab9c4-4da3-440e-ba84-95903165f129}


The file sourceappbho.dll has been discovered within the following programs.

Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
SourceApp  by Yontoo Technology, Inc.
Source App is an ad-supported program that will display third-party advertisements in the user's web browser. It displays several types of advertising, including but not limited to: - Sponsored links - Video targeted ads (which are displayed when you view a video).
sourceapp.info/support
80% remove it
 
Powered by Should I Remove It?

The file sourceappbho.dll has been seen being distributed by the following 2 URLs.

http://install-cdn.sourceapp.info/bed?r=2015021109&bet=3

Remove sourceappbho.dll - Powered by Reason Core Security