58028.crx

Fre_Ven_s Pro 23

This is a Chrome web browser extension which contains the installable app and manifest file. The file 58028.crx has been detected as a potentially unwanted program by 4 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of Fre_Ven_s Pro 23. This file is typically installed with the program Fre_Ven_s Pro 23 by Kimahri Software inc. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Remove 58028.crx - Powered by Reason Core Security
MD5:
61f004ffcb707873a0246af891d18b4d

SHA-1:
ff262507139bc29b714eecc172af17be2f605905

SHA-256:
61508a55a7476f76564d26354631f37a5474d062cb14d7733a3c11f5346346a2

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/9/2016 10:42:57 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
infected with Trojan.Crossrider.17413
9.0.1.05190

ESET NOD32
JS/Toolbar.Crossrider.B potentially unwanted application
7.0.302.0

G Data
Script.Application.Plush
14.6.24

Reason Heuristics
Adware.Feven.ChromePlugin.I
14.6.10.12

Remove 58028.crx - Powered by Reason Core Security
File size:
282.8 KB (289,620 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\fre_ven_s pro 23\58028.crx

Google Chrome Extension
ID:
58028

Display name:
Fre_Ven_s Pro 23

Description:
Feven Shopping Companion

Update URL:
https://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/58028.xml


The file 58028.crx has been discovered within the following program.

Fre_Ven_s Pro 23  by Kimahri Software inc.
Fre_Ven_s Pro 23 is an adware browser extension that will display banner and text-context link ads aimed to promote the installation of additional questionable content including web browser toolbars, optimization utilities and other products.
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to w9u6a2p6.ssl.hwcdn.net  (205.185.208.11:443)

 
https://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/58028.xml

{
  "name": "Fre_Ven_s Pro 23",
  "version": "1.26.61",
  "manifest_version": 2,
  "description": "Feven Shopping Companion",
  "icons": {
    "16": "icons/icon16.png",
    "48": "icons/icon48.png",
    "128": "icons/icon128.png"
  },
  "background": {
    "page": "background.html"
  },
  "update_url": "https://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/58028.xml",
  "permissions": [
    "http://*/*",
    "https://*/*",
    "tabs",
    "cookies",
    "notifications",
    "contextMenus",
    "webNavigation",
    "webRequest",
    "webRequestBlocking",
    "unlimitedStorage",
    "storage"
  ],
  "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
  "content_scripts": [
    {
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "js": [
        "js/platformVersion.js",
        "js/lib/consts.js",
        "js/lib/logging.js",
        "js/lib/reports.js",
        "js/lib/xhr.js",
        "js/api/cookie.js",
        "js/api/message.js",
        "js/api/pageAction.js",
        "js/lib/installer.js",
        "js/lib/app_api.js"
      ],
      "run_at": "document_start",
      "all_frames": true
    }
  ],
  "web_accessible_resources": [
    "crossriderManifest.json"
  ]
}
Remove 58028.crx - Powered by Reason Core Security