» frameworkengine.exe
Overview
Analysis
File Details

frameworkengine.exe

Framework

Smart Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application frameworkengine.exe by Smart Apps has been detected as adware by 7 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkengine.exe

Publisher:

Smart Apps (signed and verified)

Product:

Framework

Description:

FrameworkEngine

Version:

1.0.0.0

MD5:

c65a5fb92380cdac27004ba3c1aefc0d

SHA-1:

5629342d78e8908d770dd826b132447f5f007787

SHA-256:

2be7e41afc36342699ca04724a247674c8ad252fe08babfa4d6a6681b2d6a7b4

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/26/2024 6:19:13 PM UTC (today)

Scan engine

Detection

Engine version

AVG

AdPlugin

2015.0.3389

Comodo Security

ApplicUnwnt

18815

ESET NOD32

Win32/AdWare.SmartApps.B application

8.7.0.302.0

IKARUS anti.virus

AdWare.Win32.Smartapps

t3scan.1.6.1.0

Reason Heuristics

Adware.GamePlayLabs.SmartApps.P

14.8.7.20

Trend Micro House Call

TROJ_GEN.F47V0225

7.2.219

VIPRE Antivirus

GamePlayLabs

23092

File size:

240 KB (245,800 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\deal slider\frameworkengine.exe

Digital Signature

Signed by:

Smart Apps

Authority:

Thawte, Inc.

Valid from:

3/24/2013 5:00:00 PM

Valid to:

3/25/2014 4:59:59 PM

Subject:

CN=Smart Apps, O=Smart Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7CAFCF7841E5BDDF79F61691D678D0EC

File PE Metadata

Compilation timestamp:

8/7/2013 1:51:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:4eXUSPYk6qhs5wroqj+smDPnYrB+UNf63zLwZRsBqW2FoZi4mhEbHQuc3P5GvHo:nTfhsgXd0sB+UHZSQW2FoZi4mhEKReI

Entry address:

0x18991

Entry point:

E8, 66, 72, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, D8, 4F, 43, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, DC, 4F, 43, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, EB, 19, 00, 00, 85, C0, 75, 06, B8, 40, 51, 43, 00, C3, 83, C0, 08, C3, E8, D8, 19, 00, 00, 85, C0, 75, 06, B8, 44, 51, 43, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08... 
[+]

Entropy:

6.4281

Code size:

153 KB (156,672 bytes)

Remove frameworkengine.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.