Discount Dragon

By GoldSparrow in Adware

Threat Scorecard

Popularity Rank:	15,320
Threat Level:	20 % (Normal)
Infected Computers:	3,849

First Seen:	April 5, 2013
Last Seen:	January 22, 2026
OS(es) Affected:	Windows

Discount Dragon is an adware program created as a browser add-on and is generated by 215 Apps. Discount Dragon shows annoying pop-up advertisements on a variety of online shopping websites. Discount Dragon attacks computer users of Internet browsers such as Mozilla Firefox, Google chrome, and Internet Explorer. Discount Dragon is able to modify browser settings to run its irritating functions. Each time the web user surfs online shopping websites, Discount Dragon discloses a pop-up box, which illustrates Discount Dragon coupons and advertisements. Target Internet users will be bombarded with a variety of links and offers. Discount Dragon grabs data such as the affected PC user's browsing habits and search terms from the infected computer, and then, delivers promos and discounts of many applications according to the victim's preferences. Discount Dragon displays advertisements and sponsored links of various programs that the victimized PC user might buy.

Table of Contents

SpyHunter Detects & Remove Discount Dragon

File System Details

Discount Dragon may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	repair.js	8420123e490a28b0a19545e3a570a1fc	2,037
Name: repair.js MD5: 8420123e490a28b0a19545e3a570a1fc Size: 1.73 KB (1735 bytes) Detections: 2,037 Type: JavaScript file Path: %LOCALAPPDATA%\Discount Dragon Group: Malware file Last Updated: January 22, 2026
2.	FrameworkBHO.dll.vir	9006ddefe11efa5bf631ca6509cd1ffb	68
Name: FrameworkBHO.dll.vir MD5: 9006ddefe11efa5bf631ca6509cd1ffb Size: 258.08 KB (258088 bytes) Detections: 68 Path: C:\Users\<username>\Desktop\DATOS RECUPERADOS\DATOS ACER\C\AdwCleaner\Quarantine\C\Program Files\Discount Dragon\FrameworkBHO.dll.vir Group: Malware file Last Updated: February 27, 2022
3.	FrameworkBHO.dll	90aa68e19743fe6e14ccf8ea068349e2	29
Name: FrameworkBHO.dll MD5: 90aa68e19743fe6e14ccf8ea068349e2 Size: 258.08 KB (258088 bytes) Detections: 29 Type: Dynamic link library Path: %PROGRAMFILES%\Discount Dragon Group: Malware file Last Updated: June 11, 2014

More files

Registry Details

Discount Dragon may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110111271151}

SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\Discount Dragon-bg.exe

SOFTWARE\Wow6432Node\Discount Dragon

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\Discount Dragon-bg.exe

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

38900_Discount Dragon

Discount Dragon

Directories

Discount Dragon may create the following directory or directories:

%LOCALAPPDATA%\Discount Dragon

%LOCALAPPDATA%\Updater12751

%PROGRAMFILES%\Discount Dragon

%PROGRAMFILES(x86)%\Discount Dragon

URLs

Discount Dragon may call the following URLs:

Discount Dragon

Analysis Report

General information

Family Name:	Adware.DiscountDragon
Signature status:	No Signature

Known Samples

MD5: 8ebd3de6c3d385cd1541a4c22a991fff

SHA1: b16bcc129d55c793760c96c08201906970f2f3e2

SHA256: 1F2E012FB0A9871FB66BD61061321952F636264BC2758339A53435F9482DE8A9

File Size: 163.01 KB, 163008 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

Installer Manifest
nosig nsis
No Version Info
Nullsoft Installer
x86

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95c.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95c.tmp\nsexec.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95c.tmp\ping.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95c.tmp\splash.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95c.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa94b.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	쑰荜訯ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection Show More ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile UNKNOWN
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Process Terminate	TerminateProcess

Shell Command Execution


							"C:\WINDOWS\system32\cscript.exe" //Nologo "ping.js" "http://cdnstats-a.akamaihd.net/s.gif?t=prxask&ptsk=s&v=1.0.20141023&appid=38900&pid=1733&zone=0" "" ""

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Discount Dragon

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Discount Dragon

File System Details

Registry Details

Directories

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Agent.LFB

Trojan.PrintSpoofer.D

Trojan.Agent.IFSC

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...