» frameworkengine.exe
Overview
Analysis
File Details

frameworkengine.exe

Framework

Exciting Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application frameworkengine.exe by Exciting Apps has been detected as adware by 20 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkengine.exe

Publisher:

Exciting Apps (signed and verified)

Product:

Framework

Description:

FrameworkEngine

Version:

1.1.0.0

MD5:

d20fa3c8d12fd912616690ab9fe9d7aa

SHA-1:

4378c52b555af8dcd1696e28ded959795499cbb2

SHA-256:

5fc482e39474f8f5bad2c3b7504acc4525d3081819cdca4c5881eb2a1ec02017

Scanner detections:

20 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/25/2024 10:43:08 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.SmartApps

7.1.1

avast!

Win32:PUP-gen [PUP]

2014.9-160215

AVG

Generic5

2017.0.2832

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Agent-33507

0.98/21511

Comodo Security

ApplicUnwnt

21436

Dr.Web

Adware.GamePlayLabs.41

9.0.1.046

ESET NOD32

Win32/AdWare.SmartApps

10.11329

G Data

Win32.Adware.Smartapps

16.2.24

IKARUS anti.virus

AdWare.Smartapps

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.201.15277

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.657

McAfee

Artemis!A8DD78AB6640

5600.6488

NANO AntiVirus

Riskware.Win32.Agent.dhzzwy

0.30.0.296

Quick Heal

AdWare.Agent.r5 (Not a Virus)

2.16.14.00

Reason Heuristics

Adware.GamePlayLabs.50OnRed (M)

16.2.15.13

SUPERAntiSpyware

Adware.GamePlayLabs/Variant

9322

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38484

Zillya! Antivirus

Adware.Agent.Win32.14987

2.0.0.2102

File size:

289.6 KB (296,544 bytes)

Product version:

1.1.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\discount dragon\frameworkengine.exe

Digital Signature

Signed by:

Exciting Apps

Authority:

Thawte, Inc.

Valid from:

3/17/2014 8:00:00 PM

Valid to:

3/25/2015 7:59:59 PM

Subject:

CN=Exciting Apps, O=Exciting Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

534682E2D442EC8EA3320856DF2214DC

File PE Metadata

Compilation timestamp:

4/21/2014 2:52:15 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:RqGpx2G4+a+Wv0/AGDX5kH/QwwUWNhFRvVPwdW4yMEyAXoigH7FVm209hpZQal8:RckNX2fkUdJmyAX6bO209hpZQam

Entry address:

0x1FC52

Entry point:

E8, EE, 89, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 51, 8D, 45, FC, 50, 68, 04, 38, 43, 00, 6A, 00, FF, 15, 38, 11, 43, 00, 85, C0, 74, 17, 68, 1C, 38, 43, 00, FF, 75, FC, FF, 15, CC, 11, 43, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 8B, E5, 5D, C3, 55, 8B, EC, FF, 75, 08, E8, C1, FF, FF, FF, 59, FF, 75, 08, FF, 15, 3C, 11, 43, 00, CC, 55, 8B, EC, E8, EB, 04, 00, 00, FF, 75, 08, E8, 40, 05, 00, 00, 59, 68, FF, 00, 00, 00, E8, A3, 00, 00, 00, CC, 6A, 01, 6A, 01, 6A, 00, E8, 4D, 01, 00, 00, 83, C4, 0C, C3, 6A... 
[+]

Entropy:

6.3893

Code size:

192 KB (196,608 bytes)

Remove frameworkengine.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.