» frameworkengine.exe
Overview
Analysis
File Details

frameworkengine.exe

Framework

Exciting Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application frameworkengine.exe by Exciting Apps has been detected as adware by 20 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkengine.exe

Publisher:

Exciting Apps (signed and verified)

Product:

Framework

Description:

FrameworkEngine

Version:

1.1.0.0

MD5:

c95de4169c5c023dbafb80c900e4697e

SHA-1:

241ba155d4033a2554a19667a1e2a788efdd40df

SHA-256:

9e5af5a3419c58252db0fcfa13d9eab0ed28e3d2c959924d1bfe2499edffd063

Scanner detections:

20 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/25/2024 9:09:02 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.SmartApps

7.1.1

avast!

Win32:PUP-gen [PUP]

2014.9-160214

AVG

Generic5

2017.0.2834

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Agent-33507

0.98/21511

Comodo Security

ApplicUnwnt

21436

Dr.Web

Adware.GamePlayLabs.41

9.0.1.045

ESET NOD32

Win32/AdWare.SmartApps

10.11329

G Data

Win32.Adware.Smartapps

16.2.24

IKARUS anti.virus

AdWare.Smartapps

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.201.15277

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.663

McAfee

Artemis!A8DD78AB6640

5600.6490

NANO AntiVirus

Riskware.Win32.Agent.dhzzwy

0.30.0.296

Quick Heal

AdWare.Agent.r5 (Not a Virus)

2.16.14.00

Reason Heuristics

Adware.GamePlayLabs.50OnRed (M)

16.2.14.8

SUPERAntiSpyware

Adware.GamePlayLabs/Variant

9324

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38484

Zillya! Antivirus

Adware.Agent.Win32.14987

2.0.0.2102

File size:

257.6 KB (263,776 bytes)

Product version:

1.1.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\coupon server\frameworkengine.exe

Digital Signature

Signed by:

Exciting Apps

Authority:

Thawte, Inc.

Valid from:

3/18/2014 1:00:00 AM

Valid to:

3/26/2015 12:59:59 AM

Subject:

CN=Exciting Apps, O=Exciting Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

534682E2D442EC8EA3320856DF2214DC

File PE Metadata

Compilation timestamp:

5/30/2014 6:34:39 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:JjU4m8pJAv1+B+yU/6/pcwkGUaP4DpT2SccS3sROxBHokCNOL09hpZQv90c1kZrC:1jm8p4/6/K/x5cpowL09hpZQv90cWZRc

Entry address:

0x18A32

Entry point:

E8, CD, 69, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 35, 1C, B7, 43, 00, FF, 15, AC, A0, 42, 00, 85, C0, 74, 0F, FF, 75, 08, FF, D0, 59, 85, C0, 74, 05, 33, C0, 40, 5D, C3, 33, C0, 5D, C3, 55, 8B, EC, 8B, 45, 08, A3, 1C, B7, 43, 00, 5D, C3, 55, 8B, EC, 51, 8D, 45, FC, 50, 68, F8, A5, 42, 00, 6A, 00, FF, 15, 3C, A1, 42, 00, 85, C0, 74, 17, 68, 10, A6, 42, 00, FF, 75, FC, FF, 15, B4, A1, 42, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 8B, E5, 5D, C3, 55, 8B, EC, FF, 75, 08, E8, C1, FF, FF, FF, 59, FF, 75, 08... 
[+]

Code size:

162.5 KB (166,400 bytes)

Remove frameworkengine.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.