360-58028.crx

Fre_Ven_s Pro 23

This is a Chrome web browser extension which contains the installable app and manifest file. The file 360-58028.crx has been detected as a potentially unwanted program by 5 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of Fre_Ven_s Pro 23. This file is typically installed with the program Fre_Ven_s Pro 23 by Kimahri Software inc. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Remove 360-58028.crx - Powered by Reason Core Security
MD5:
95f0c55fa4eb05cd2ef1981bd648b230

SHA-1:
241e86b30a5b3bb3c363133aafb59a0a71c1af4a

SHA-256:
6e4103f7c9a8b463259ffe2b92b281cd92d1f57d8ef09d78bfb59a3e4cd628af

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/9/2016 6:50:59 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.JS.Crossrider
4.0.3.14610

Dr.Web
infected with Trojan.Crossrider.17413
9.0.1.05190

ESET NOD32
JS/Toolbar.Crossrider.B potentially unwanted application
7.0.302.0

G Data
Script.Application.Plush
14.6.24

Reason Heuristics
PUP.Crossrider.ChromePlugin.M
14.6.10.12

Remove 360-58028.crx - Powered by Reason Core Security
File size:
284 KB (290,780 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\fre_ven_s pro 23\360-58028.crx

Google Chrome Extension
ID:
360-58028

Display name:
Fre_Ven_s Pro 23

Description:
Feven Shopping Companion

Update URL:
http://app-static.crossrider.com/chrome360/58028/0/0/0/frevens-pro-13.crx?ver=1.26.61


The file 360-58028.crx has been discovered within the following program.

Fre_Ven_s Pro 23  by Kimahri Software inc.
Fre_Ven_s Pro 23 is an adware browser extension that will display banner and text-context link ads aimed to promote the installation of additional questionable content including web browser toolbars, optimization utilities and other products.
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.42:80)

 
http://app-static.crossrider.com/chrome360/58028/0/0/0/frevens-pro-13.crx?ver=1.26.61

{
  "name": "Fre_Ven_s Pro 23",
  "version": "1.26.61",
  "manifest_version": 2,
  "description": "Feven Shopping Companion",
  "icons": {
    "16": "icons/icon16.png",
    "48": "icons/icon48.png",
    "128": "icons/icon128.png"
  },
  "background": {
    "page": "background.html"
  },
  "update_url": "http://app-static.crossrider.com/chrome360/58028/0/0/0/frevens-pro-13.crx?ver=1.26.61",
  "permissions": [
    "http://*/*",
    "https://*/*",
    "tabs",
    "cookies",
    "notifications",
    "contextMenus",
    "webNavigation",
    "webRequest",
    "webRequestBlocking",
    "unlimitedStorage",
    "storage"
  ],
  "content_scripts": [
    {
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "js": [
        "js/platformVersion.js",
        "js/lib/consts.js",
        "js/lib/logging.js",
        "js/lib/reports.js",
        "js/lib/xhr.js",
        "js/api/cookie.js",
        "js/api/message.js",
        "js/api/pageAction.js",
        "js/lib/installer.js",
        "js/lib/app_api.js"
      ],
      "run_at": "document_start",
      "all_frames": true
    }
  ],
  "web_accessible_resources": [
    "crossriderManifest.json"
  ]
}
Remove 360-58028.crx - Powered by Reason Core Security