home

frameworkengine.exe

Framework

Exciting Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application frameworkengine.exe by Exciting Apps has been detected as adware by 20 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Exciting Apps  (signed and verified)

Product:
Framework

Description:
FrameworkEngine

Version:
1.1.0.0

MD5:
115d152d3a7f51c7e4ad350e6d8c4993

SHA-1:
c3d46676ca644bf258db29dbd027a0b32f390f31

SHA-256:
c6968af61ebd6898288f1c2d67411e1f074a421a128dc81f46d13eb386c8fa04

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/19/2024 8:08:24 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.SmartApps
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-160212

AVG
Generic5
2017.0.2835

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-33507
0.98/21511

Comodo Security
ApplicUnwnt
21436

Dr.Web
Adware.GamePlayLabs.41
9.0.1.043

ESET NOD32
Win32/AdWare.SmartApps
10.11329

G Data
Win32.Adware.Smartapps
16.2.24

IKARUS anti.virus
AdWare.Smartapps
t3scan.1.8.6.0

K7 AntiVirus
Adware
13.201.15277

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.672

McAfee
Artemis!A8DD78AB6640
5600.6491

NANO AntiVirus
Riskware.Win32.Agent.dhzzwy
0.30.0.296

Quick Heal
AdWare.Agent.r5 (Not a Virus)
2.16.14.00

Reason Heuristics
Adware.GamePlayLabs.50OnRed (M)
16.2.12.16

SUPERAntiSpyware
Adware.GamePlayLabs/Variant
9328

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38484

Zillya! Antivirus
Adware.Agent.Win32.14987
2.0.0.2102

File size:
258.5 KB (264,752 bytes)

Product version:
1.1.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\protectedbrowsing\frameworkengine.exe

Digital Signature
Signed by:
Exciting Apps

Authority:
Thawte, Inc.

Valid from:
3/17/2014 8:00:00 PM

Valid to:
3/25/2015 7:59:59 PM

Subject:
CN=Exciting Apps, O=Exciting Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
534682E2D442EC8EA3320856DF2214DC

File PE Metadata
Compilation timestamp:
5/30/2014 12:34:39 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:2jU4m8pJAv1+B+yU/6/pcwkGUaP4DpT2SccS3sROxBzokCNOo09hpZQv90c1kZrF:ujm8p4/6/K/x5cpcwo09hpZQv90cWZR

Entry address:
0x18A32

Entry point:
E8, CD, 69, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 35, 1C, B7, 43, 00, FF, 15, AC, A0, 42, 00, 85, C0, 74, 0F, FF, 75, 08, FF, D0, 59, 85, C0, 74, 05, 33, C0, 40, 5D, C3, 33, C0, 5D, C3, 55, 8B, EC, 8B, 45, 08, A3, 1C, B7, 43, 00, 5D, C3, 55, 8B, EC, 51, 8D, 45, FC, 50, 68, F8, A5, 42, 00, 6A, 00, FF, 15, 3C, A1, 42, 00, 85, C0, 74, 17, 68, 10, A6, 42, 00, FF, 75, FC, FF, 15, B4, A1, 42, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 8B, E5, 5D, C3, 55, 8B, EC, FF, 75, 08, E8, C1, FF, FF, FF, 59, FF, 75, 08...
 
[+]

Entropy:
6.4634

Code size:
162.5 KB (166,400 bytes)

Remove frameworkengine.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.