home

fraps.exe

FRAPS

Beepa Pty Ltd

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Fraps’. The file has been seen being downloaded from mega.nz and multiple other hosts.
Publisher:
Beepa P/L  (signed by Beepa Pty Ltd)

Product:
FRAPS

Version:
3, 5, 99, 15618

MD5:
9e45c606cfeb50db4576533b6902ea19

SHA-1:
5cb8a5194c0aad2901d6b79200a03833534707e3

SHA-256:
188ad0def854013f007218b20632c76ee3f8a7b1c9fd111aa467c4eafae485c9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 9:54:50 AM UTC  (today)

File size:
2.4 MB (2,547,384 bytes)

Product version:
3, 5, 99, 15618

Copyright:
Copyright © Beepa P/L 2013

File type:
Executable application (Win32 EXE)

Language:
English (Australia)

Digital Signature
Signed by:
Beepa Pty Ltd

Authority:
VeriSign, Inc.

Valid from:
8/21/2012 1:00:00 AM

Valid to:
9/5/2015 12:59:59 AM

Subject:
CN=Beepa Pty Ltd, OU=Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beepa Pty Ltd, L=Albert Park, S=Victoria, C=AU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
04DE5873E7090AE2F5ACEFB167A53573

File PE Metadata
Compilation timestamp:
2/26/2013 6:30:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:nFkmIdcKiBl3/gl3sMb0CopLi5U7lsu8ERXaiP/rNxB8PevZsr+OqIFwh4l1y:nFZ8cR/YlLb0Ccv7lHRqS/rXmPeOuivy

Entry address:
0x82D000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 90, 12, 00, 2D, 2F, D5, 09, 10, 05, 24, D5, 09, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 41, 29, 57, 1F, 68, AF, 4C, 16, 4F, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 14, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 15, 59, 1E, F7, 47, 5A, 39, 50, 50, 0B, C5, 71, 4B, 93...
 
[+]

Entropy:
7.8535  (probably packed)

Code size:
429.5 KB (439,808 bytes)

2 Scheduled Tasks
Task name:
FRAPS

Trigger:
Logon (Runs on logon)

Description:
Starts Fraps at log on.

Task name:
Fraps Skip UAC

Path:
\Skip UAC\Fraps Skip UAC


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Fraps

Command:
C:\fraps\fraps.exe


The file fraps.exe has been discovered within the following programs.

BitTorrent Sync  by BitTorrent, Inc.
Publisher's description - “Sync files between mobile devices, collaborators, or your home and work PC. Want to share and sync files on the go? BitTorrent Sync lets you share files with family and friends, share files between mobile devices, and backup your phone and tablets.”
labs.bittorrent.com/experiments/sync.html
About 3% of users remove it
Disney Infinity PC  by Disney Interactive Studios
Publisher's description - “Play Disney Infinity on your PC! You have the freedom to explore, take adventures, and create your own worlds with your favorite Disney and Disney/Pixar characters. Visit Toy Box Share to download and play amazing Toy Boxes created by the Disney Infinity community.”
www.DisneyInteractive.com
5% remove it
Fraps  by Beepa Pty Ltd
Publisher's description - “Fraps is a universal Windows application that can be used with games using DirectX or OpenGL graphic technology. Show how many Frames Per Second (FPS) you are getting in a corner of your screen. Perform custom benchmarks and measure the frame rate between any two points.”
8% remove it
iTunes  by Apple Inc.
Apple's iTunes is a proprietary media player computer program, used for playing and organizing digital music and video files on desktop computers. It can also manage contents on iPod, iPhone and iPad.
www.apple.com/itunes
9% remove it
LogMeIn Hamachi  by LogMeIn, Inc.
LogMeIn remote access products use a proprietary remote desktop protocol that is transmitted via SSL. An SSL certificate is created for each remote desktop and is used to cryptographically secure communications between the remote desktop and the accessing computer.
secure.logmein.com/products/hamachi/download.aspx
About 7% of users remove it
ShowBiz  by ArcSoft
www.arcsoft.com
4% remove it
SketchUp 8  by Trimble Navigation Limited
Publisher's description - “Redecorate your living room. Invent a new piece of furniture. Model your city for Google Earth. There's no limit to what you can create with SketchUp.”
www.sketchup.com/intl/en/product/gsu.html
9% remove it
Strife  by S2 Games
strife.com
About 4% of users remove it
TeamSpeak 3 Client  by TeamSpeak Systems GmbH
Publisher's description - “TeamSpeak 3 continues the legacy of the original TeamSpeak communication system previously offered in TeamSpeak Classic (1.5) and TeamSpeak 2.”
www.teamspeak.com
4% remove it
The Elder Scrolls Online  by Zenimax Online Studios
www.zenimaxonline.com
About 3% of users remove it
 
Latest 20 of 11 programs
Powered by Should I Remove It?

The file fraps.exe has been seen being distributed by the following 10 URLs.

https://mega.nz/temporary/.../9cUFzJiS

http://s6042.chomikuj.pl/File.aspx?e=fIBNxmtZzeLzTDODqAis6tSWll5ybWMQsm7286QdTEuEztkoqqLkf5rtaoVlq7H__f7s2vEdCepsBYM2J-SWYMSehtZMdHxpf232WAyhh_pTz8TZM7wtQsSOQXi_Zc3E2SeWg7-qoYBet-Yn-GzosQ&pv=2

https://weu1-api.asm.skype.com/v1/objects/0-weu-d2-a7036b51df804855fb8896fb698f73e6/.../original

http://s6042.chomikuj.pl/File.aspx?e=fIBNxmtZzeLzTDODqAis6tSWll5ybWMQsm7286QdTEuctwBKNAwpRkqzK54g5XvrW0Pbd9DSiloWr-2yOF07BgLsYdYyEFP0CrDTm8xGk-zpq_5pQwmctM618j2Lbfq338FpNLXxEta8pJzHxQUDvw&pv=2

http://etiiomc.de/Fraps.exe

http://s6042.chomikuj.pl/File.aspx?e=fIBNxmtZzeLzTDODqAis6tSWll5ybWMQsm7286QdTEvLwTqjyGyHw-m4z6M4GYkAkX7Ko9ti3kHudmh8HOsjrYJudGfrQgKH1qSBe8kj9OGBZaqqk4e62ya1x4hNRNQrZmKxjv9kYsZukAzhEId2Gg&pv=2

https://mail.aol.com/.../getPart?uid=37221&partId=2&saveAs=fraps.exe

https://docs.google.com/uc?authuser=0&id=0B7cKlo8W_-sfREZQdFF5LUZkLUk&export=download

https://dl.dropboxusercontent.com/.../tIDlC4fzl48OkQ4EMC2xpjAi2VxM4feYB9EdQlrlRtTIw0HnnkGya6e4EDR8flut?dl=1

https://www.dropbox.com/s/.../fraps.exe

Scan fraps.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.