trz1802.tmp

Framework

Exciting Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The file trz1802.tmp by Exciting Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Exciting Apps  (signed and verified)

Product:
Framework

Description:
FrameworkEngine

Version:
1.1.0.0

MD5:
18eb5aaa82f2e06b75bb23e20cb0e99b

SHA-1:
1b74e0749338ae54c8c2a82c79c68ee4fbf7bb1e

SHA-256:
86340e6832af2f590b6e3c107d6f273db1b645f81424edb66195cd6d4dba510a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 11:33:31 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.50OnRed (M)
17.3.12.18

File size:
290.5 KB (297,520 bytes)

Product version:
1.1.0.0

Language:
English (United States)

Common path:
C:\Program Files\savings avenger\trz1802.tmp

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/18/2014 1:00:00 AM

Valid to:
3/26/2015 12:59:59 AM

Subject:
CN=Exciting Apps, O=Exciting Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
534682E2D442EC8EA3320856DF2214DC

File PE Metadata
Compilation timestamp:
4/21/2014 8:52:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1FC52

Entry point:
E8, EE, 89, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 51, 8D, 45, FC, 50, 68, 04, 38, 43, 00, 6A, 00, FF, 15, 38, 11, 43, 00, 85, C0, 74, 17, 68, 1C, 38, 43, 00, FF, 75, FC, FF, 15, CC, 11, 43, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 8B, E5, 5D, C3, 55, 8B, EC, FF, 75, 08, E8, C1, FF, FF, FF, 59, FF, 75, 08, FF, 15, 3C, 11, 43, 00, CC, 55, 8B, EC, E8, EB, 04, 00, 00, FF, 75, 08, E8, 40, 05, 00, 00, 59, 68, FF, 00, 00, 00, E8, A3, 00, 00, 00, CC, 6A, 01, 6A, 01, 6A, 00, E8, 4D, 01, 00, 00, 83, C4, 0C, C3, 6A...
 
[+]

Code size:
192 KB (196,608 bytes)

Remove trz1802.tmp - Powered by Reason Core Security