home

framework.exe

Bon Don Jov

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application framework.exe by Bon Don Jov has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. It is also typically executed from the user's temporary directory.
Publisher:
Bon Don Jov  (signed and verified)

MD5:
f6a5ba90f2e498c2e7c289c0116341c8

SHA-1:
1616fd4150ebe96ce056acd1455327a1b34f5494

SHA-256:
3bc3b940fb6ab24b7a14d80b434aae8f6cee5a57339e0e989b9332345807ca86

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/2/2024 2:50:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.AS
615

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.03.18

Avira AntiVirus
PUA/Outbrowse.Gen
7.11.218.6

avast!
Win32:Adware-gen [Adw]
2014.9-150530

AVG
Generic
2016.0.3093

Bitdefender
Application.Bundler.Outbrowse.AS
1.0.20.750

Dr.Web
Trojan.OutBrowse.54
9.0.1.0150

ESET NOD32
Win32/OutBrowse.BU potentially unwanted
9.11334

F-Secure
Application.Bundler.Outbrowse
11.2015-30-05_7

G Data
Application.Bundler.Outbrowse.AS
15.5.25

K7 AntiVirus
Unwanted-Program
13.201.15291

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.1961

Malwarebytes
PUP.Optional.OutBrowse
v2015.05.30.06

McAfee
Adware-OutBrowse.e
5600.6749

MicroWorld eScan
Application.Bundler.Outbrowse.AS
16.0.0.450

NANO AntiVirus
Trojan.Win32.Generic.dorbni
0.30.0.296

Reason Heuristics
PUP.Outbrowse.Bundler
15.5.30.14

Sophos
OutBrowse Revenyou
4.98

Vba32 AntiVirus
Adware.Outbrowse
3.12.26.3

VIPRE Antivirus
OutBrowse
38510

File size:
624.5 KB (639,472 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\framework.exe

Digital Signature
Signed by:
Bon Don Jov

Authority:
GlobalSign nv-sa

Valid from:
11/19/2014 1:36:12 PM

Valid to:
11/20/2015 1:36:12 PM

Subject:
CN=Bon Don Jov, O=Bon Don Jov, L=Dublin, C=IE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112120D679EF1EE7D9572B904048A1A11800

File PE Metadata
Compilation timestamp:
12/6/2009 2:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:wyPBq3UvGkh/DQWgtOJRz/kxTiqJuVmN/B912z0Cj:wyxNyWgtOJRQNiqJu4zYg

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9486

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove framework.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.