» frameworkengine.exe
Overview
Analysis
File Details

frameworkengine.exe

Framework

Exciting Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application frameworkengine.exe by Exciting Apps has been detected as adware by 20 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

frameworkengine.exe

Publisher:

Exciting Apps (signed and verified)

Product:

Framework

Description:

FrameworkEngine

Version:

1.1.0.0

MD5:

c53d46ae7d60bc87c8a3338156a4cb43

SHA-1:

ec933ad8ee906957695e64c09f105b05c58072dd

SHA-256:

1e93418f3b2a8f1a3de632676d92babf86f05a71c6e43d566e3fa2e54d5d91f9

Scanner detections:

20 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/26/2024 5:12:57 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.SmartApps

7.1.1

avast!

Win32:PUP-gen [PUP]

2014.9-160209

AVG

Generic5

2017.0.2838

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Agent-33507

0.98/21511

Comodo Security

ApplicUnwnt

21436

Dr.Web

Adware.GamePlayLabs.41

9.0.1.040

ESET NOD32

Win32/AdWare.SmartApps

10.11329

G Data

Win32.Adware.Smartapps

16.2.24

IKARUS anti.virus

AdWare.Smartapps

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.201.15277

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.687

McAfee

Artemis!A8DD78AB6640

5600.6494

NANO AntiVirus

Riskware.Win32.Agent.dhzzwy

0.30.0.296

Quick Heal

AdWare.Agent.r5 (Not a Virus)

2.16.14.00

Reason Heuristics

Adware.GamePlayLabs.50OnRed (M)

16.2.9.12

SUPERAntiSpyware

Adware.GamePlayLabs/Variant

9334

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38484

Zillya! Antivirus

Adware.Agent.Win32.14987

2.0.0.2102

File size:

289.6 KB (296,544 bytes)

Product version:

1.1.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\savings wizard\frameworkengine.exe

Digital Signature

Signed by:

Exciting Apps

Authority:

Thawte, Inc.

Valid from:

3/17/2014 5:00:00 PM

Valid to:

3/25/2015 4:59:59 PM

Subject:

CN=Exciting Apps, O=Exciting Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

534682E2D442EC8EA3320856DF2214DC

File PE Metadata

Compilation timestamp:

4/20/2014 11:52:15 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:AqGpx2G4+a+Wv0/AGDX5kH/QwwUWNhFRvVPwdW4yMEyAXvigH7FVmT09hpZQalz:AckNX2fkUdJmyAXRbOT09hpZQaR

Entry address:

0x1FC52

Entry point:

E8, EE, 89, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 51, 8D, 45, FC, 50, 68, 04, 38, 43, 00, 6A, 00, FF, 15, 38, 11, 43, 00, 85, C0, 74, 17, 68, 1C, 38, 43, 00, FF, 75, FC, FF, 15, CC, 11, 43, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 8B, E5, 5D, C3, 55, 8B, EC, FF, 75, 08, E8, C1, FF, FF, FF, 59, FF, 75, 08, FF, 15, 3C, 11, 43, 00, CC, 55, 8B, EC, E8, EB, 04, 00, 00, FF, 75, 08, E8, 40, 05, 00, 00, 59, 68, FF, 00, 00, 00, E8, A3, 00, 00, 00, CC, 6A, 01, 6A, 01, 6A, 00, E8, 4D, 01, 00, 00, 83, C4, 0C, C3, 6A... 
[+]

Entropy:

6.3897

Code size:

192 KB (196,608 bytes)

Remove frameworkengine.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.