» frameworkengine.exe
Overview
Analysis
File Details

frameworkengine.exe

Framework

Engaging Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application frameworkengine.exe by Engaging Apps has been detected as adware by 5 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkengine.exe

Publisher:

Engaging Apps (signed and verified)

Product:

Framework

Description:

FrameworkEngine

Version:

1.1.0.0

MD5:

d3c991bad9cf4daa844bfdb866ea511e

SHA-1:

9e2b7746c0c180dae00bbd9bee6047c3a8c1398f

SHA-256:

4672a69ea26a7e09c1ad9d778b9878256881c6cdd80de1627c3e232d1def3e80

Scanner detections:

5 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/18/2024 8:16:45 PM UTC (today)

Scan engine

Detection

Engine version

AVG

AdPlugin

2017.0.2854

ESET NOD32

Win32/AdWare.SmartApps (variant)

10.9694

IKARUS anti.virus

AdWare.Smartapps

t3scan.1.6.1.0

Reason Heuristics

Adware.GamePlayLabs.50OnRed (M)

16.1.25.9

VIPRE Antivirus

GamePlayLabs

27526

File size:

276 KB (282,672 bytes)

Product version:

1.1.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\coupon server\frameworkengine.exe

Digital Signature

Signed by:

Engaging Apps

Authority:

Thawte, Inc.

Valid from:

6/3/2013 5:00:00 PM

Valid to:

6/4/2014 4:59:59 PM

Subject:

CN=Engaging Apps, O=Engaging Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

632EEBD9B987BC680D444D8675A26545

File PE Metadata

Compilation timestamp:

3/6/2014 12:49:35 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:xtScHFS2D0XsQqgfbpXs8UxP1G409hpZQ:LSLBrvVXshPSK

Entry address:

0x1FC87

Entry point:

E8, 1E, 75, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 08, E0, 43, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 0C, E0, 43, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 45, 1D, 00, 00, 85, C0, 75, 06, B8, 70, E1, 43, 00, C3, 83, C0, 08, C3, E8, 32, 1D, 00, 00, 85, C0, 75, 06, B8, 74, E1, 43, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08... 
[+]

Entropy:

6.3888

Code size:

184.5 KB (188,928 bytes)

Remove frameworkengine.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.