» frameddisplayuninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

frameddisplayuninstall.exe

Framed Display

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application frameddisplayuninstall.exe by Framed Display has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Framed Display by Framed Display. Additionally, the file is typically installed by a number of programs including Framed Display by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

Framed Display (signed and verified)

MD5:

98b46bc8267cedc30796a0f537618f47

SHA-1:

c622b4bfa8409566592f10c315b6af4db795fb29

SHA-256:

927d2bcc29706e9108a5df7e77f443ea3801bedd1dbf9d035b68998c7d355e36

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/26/2024 9:44:48 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Adware.Agent.PAB

802

AhnLab V3 Security

Win-PUP/BrowseFox.Gen

2014.11.22

Avira AntiVirus

Adware/BrowseFox.aog

7.11.188.20

avast!

NSIS:BrowseFox-D [PUP]

2014.9-141124

AVG

Generic

2015.0.3280

Baidu Antivirus

Adware.Win64.BrowseFox

4.0.3.141124

Bitdefender

Dropped:Adware.Agent.PAB

1.0.20.1640

Emsisoft Anti-Malware

Dropped:Adware.Agent.PAB

8.14.11.24.02

ESET NOD32

Win64/BrowseFox (variant)

8.10762

F-Secure

Dropped:Adware.Agent.PAB

11.2014-24-11_2

G Data

Dropped:Adware.Agent.PAB

14.11.24

K7 AntiVirus

Unwanted-Program

13.185.14098

McAfee

Artemis!98B46BC8267C

5600.6936

MicroWorld eScan

Dropped:Adware.Agent.PAB

15.0.0.984

nProtect

Dropped:Adware.Agent.PAB

14.11.21.01

Reason Heuristics

PUP.FramedDisplay.W

14.11.24.14

Sophos

Browse Fox

4.98

Trend Micro House Call

Suspicious_GEN.F47V1104

7.2.328

VIPRE Antivirus

Adware.BrowseFox

34998

File size:

252.9 KB (258,976 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\framed display\frameddisplayuninstall.exe

Digital Signature

Signed by:

Framed Display

Authority:

VeriSign, Inc.

Valid from:

9/2/2014 1:00:00 AM

Valid to:

9/3/2015 12:59:59 AM

Subject:

CN=Framed Display, O=Framed Display, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0D3806B0A949749DBCBC82C1D4C58407

File PE Metadata

Compilation timestamp:

12/5/2009 10:52:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:sZ+11kSqLy/1RWBT5bmug+zDShJnwZm/G/HcUR:wSqLs1s153h6hJnp/G/8q

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 6F, 44, 00, E8, F1, 2B, 00, 00, A3, 84, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 2E, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Program Uninstaller

Program name:

Framed Display

Display publisher:

Framed Display

Display version:

2014.10.20.125806

Uninstall string:

C:\Program Files\Framed Display\FramedDisplayuninstall.exe

The file frameddisplayuninstall.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Framed Display by Yontoo Technology, Inc.

This is an adware program.

frameddisplay.com/support

88% remove it

Remove frameddisplayuninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.