52924.crx

HQ-Video-Pro-1.6

This is a Chrome web browser extension which contains the installable app and manifest file. The file 52924.crx has been detected as a potentially unwanted program by 4 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of HQ-Video-Pro-1.6. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address w9u6a2p6.ssl.hwcdn.net on port 443.
Remove 52924.crx - Powered by Reason Core Security
MD5:
8d82ffd2cccf70e3b032a9772ff14b2e

SHA-1:
01594c3195dfbf8f4b427523532f80c04cec63a3

SHA-256:
2fa55f828b5a89105e38d73eb2fa7631aff37eb72d93794a6ab83714c54984e0

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/6/2016 2:58:03 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
infected with Trojan.Crossrider.17413
9.0.1.05190

ESET NOD32
JS/Toolbar.Crossrider.B potentially unwanted application
7.0.302.0

G Data
Script.Application.Plush
14.6.24

Reason Heuristics
PUP.Crossrider.ChromePlugin.I
14.6.10.9

Remove 52924.crx - Powered by Reason Core Security
File size:
265.9 KB (272,290 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\hq-video-pro-1.6\52924.crx

Google Chrome Extension
ID:
52924

Display name:
HQ-Video-Pro-1.6

Description:
HQ Videos is an add-on for your Internet browser that enhances your online experience by displaying online videos in their highest quality format available.

Update URL:
https://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/52924.xml


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to w9u6a2p6.ssl.hwcdn.net  (205.185.208.11:443)

 
https://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/52924.xml

{
  "name": "HQ-Video-Pro-1.6",
  "version": "1.26.19",
  "manifest_version": 2,
  "description": "HQ Videos is an add-on for your Internet browser that enhances your online experience by displaying online videos in their highest quality format available.",
  "icons": {
    "16": "icons/icon16.png",
    "48": "icons/icon48.png",
    "128": "icons/icon128.png"
  },
  "background": {
    "page": "background.html"
  },
  "update_url": "https://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/52924.xml",
  "permissions": [
    "http://*/*",
    "https://*/*",
    "tabs",
    "cookies",
    "notifications",
    "contextMenus",
    "webNavigation",
    "webRequest",
    "webRequestBlocking",
    "unlimitedStorage",
    "storage"
  ],
  "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
  "content_scripts": [
    {
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "js": [
        "js/platformVersion.js",
        "js/lib/consts.js",
        "js/lib/logging.js",
        "js/lib/reports.js",
        "js/lib/xhr.js",
        "js/api/cookie.js",
        "js/api/message.js",
        "js/api/pageAction.js",
        "js/lib/installer.js",
        "js/lib/app_api.js"
      ],
      "run_at": "document_start",
      "all_frames": true
    }
  ],
  "web_accessible_resources": [
    "crossriderManifest.json"
  ]
}
Remove 52924.crx - Powered by Reason Core Security