frameworkengine.exe

Framework

Smart Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application frameworkengine.exe by Smart Apps has been detected as adware by 7 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Smart Apps  (signed and verified)

Product:
Framework

Description:
FrameworkEngine

Version:
1.1.0.0

MD5:
86ce4de87ee6e9573a9db9a7f6051eb3

SHA-1:
409a8c110dbe980e9f5a642e85de861d2127c343

SHA-256:
275d490e33aa7705c68fb5623d243878d95122e9504572bb231a6e919b1d4f69

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
12/27/2024 11:08:19 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
AdPlugin
2015.0.3334

Comodo Security
ApplicUnwnt
18815

ESET NOD32
Win32/AdWare.SmartApps.B application
8.7.0.302.0

IKARUS anti.virus
AdWare.Win32.Smartapps
t3scan.1.6.1.0

Reason Heuristics
Adware.GamePlayLabs.SmartApps.P
14.10.2.6

Trend Micro House Call
TROJ_GEN.F47V0307
7.2.275

VIPRE Antivirus
GamePlayLabs
28196

File size:
242 KB (247,848 bytes)

Product version:
1.1.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\bee coupons\frameworkengine.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/24/2013 5:00:00 PM

Valid to:
3/25/2014 4:59:59 PM

Subject:
CN=Smart Apps, O=Smart Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7CAFCF7841E5BDDF79F61691D678D0EC

File PE Metadata
Compilation timestamp:
11/14/2013 3:56:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:4q42PsoK9OsWPS/hsuBab/HbJ/YT+Tb09hpZQD:4l92PSpTM/N/IhKD

Entry address:
0x18F51

Entry point:
E8, 67, 72, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, F8, 4F, 43, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, FC, 4F, 43, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, EB, 19, 00, 00, 85, C0, 75, 06, B8, 60, 51, 43, 00, C3, 83, C0, 08, C3, E8, D8, 19, 00, 00, 85, C0, 75, 06, B8, 64, 51, 43, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Entropy:
6.4298

Code size:
154.5 KB (158,208 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to a184-51-126-10.deploy.static.akamaitechnologies.com  (184.51.126.10:80)

Remove frameworkengine.exe - Powered by Reason Core Security