» frameworkengine.exe
Overview
Analysis
File Details

frameworkengine.exe

Framework

Stunning Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application frameworkengine.exe by Stunning Apps has been detected as adware by 15 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkengine.exe

Publisher:

Stunning Apps (signed and verified)

Product:

Framework

Description:

FrameworkEngine

Version:

1.1.0.0

MD5:

d1ffc0b9f45a5358ecfd05b3e4320488

SHA-1:

779d667e27945cae764d3412eb67f12f5a1678ba

SHA-256:

fbe96ea395e9acd535b2166286e7f5b43e660c7740f4373bff02fa6cbf2fbb25

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/26/2024 5:18:04 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.GamePlayLabs

7.1.1

avast!

Win32:Adware-gen [Adw]

2014.9-160215

AVG

Generic

2017.0.2832

Baidu Antivirus

Adware.Win32.SmartApps

4.0.3.16215

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

ApplicUnwnt

21741

Dr.Web

Adware.GamePlayLabs.52

9.0.1.046

ESET NOD32

Win32/Adware.SmartApps (variant)

10.11463

Fortinet FortiGate

Riskware/SmartApps

2/15/2016

IKARUS anti.virus

PUA.SmartApps

t3scan.1.8.9.0

K7 AntiVirus

Adware

13.202.15567

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Adware.GamePlayLabs.50OnRed (M)

16.2.15.19

Trend Micro House Call

Suspicious_GEN.F47V0405

7.2.46

VIPRE Antivirus

Trojan.Win32.Generic

39280

File size:

287.8 KB (294,736 bytes)

Product version:

1.1.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\broadway partners browse safe split test\frameworkengine.exe

Digital Signature

Signed by:

Stunning Apps

Authority:

thawte, Inc.

Valid from:

5/19/2015 2:00:00 AM

Valid to:

4/30/2016 1:59:59 AM

Subject:

CN=Stunning Apps, O=Stunning Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

05CCA783C3E3CC9DFDAC6349C0C29F62

File PE Metadata

Compilation timestamp:

1/14/2015 11:49:38 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:Gb3awpX4PYEGwcCmMTNWCW09hpZQseTQd:Gb3CPY510NKs1d

Entry address:

0x1FD14

Entry point:

E8, EC, 89, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 51, 8D, 45, FC, 50, 68, 14, 38, 43, 00, 6A, 00, FF, 15, 38, 11, 43, 00, 85, C0, 74, 17, 68, 2C, 38, 43, 00, FF, 75, FC, FF, 15, CC, 11, 43, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 8B, E5, 5D, C3, 55, 8B, EC, FF, 75, 08, E8, C1, FF, FF, FF, 59, FF, 75, 08, FF, 15, 3C, 11, 43, 00, CC, 55, 8B, EC, E8, E9, 04, 00, 00, FF, 75, 08, E8, 3E, 05, 00, 00, 59, 68, FF, 00, 00, 00, E8, A3, 00, 00, 00, CC, 6A, 01, 6A, 01, 6A, 00, E8, 4D, 01, 00, 00, 83, C4, 0C, C3, 6A... 
[+]

Code size:

192 KB (196,608 bytes)

Remove frameworkengine.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.