ckehiapfbolghghlmopccocfnncldmao.crx

Adanak

This is a Chrome web browser extension which contains the installable app and manifest file. The file ckehiapfbolghghlmopccocfnncldmao.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of Adanak. While running, it connects to the Internet address wwwadanaknet-a.akamaihd.net on port 80 using the HTTP protocol.
MD5:
7f4f288ffd1e58e538d1eb96b11386c4

SHA-1:
44ffe335bf2a5993f54e8f0e0f5ba2dcc0f5b548

SHA-256:
149709087906ed8c7bee74f070530c53ea19a9cc25ba95e283d500a26d89f2d9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/18/2017 8:13:45 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo.ChromePlugin
16.3.10.14

File size:
5.6 KB (5,752 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\adanak\ckehiapfbolghghlmopccocfnncldmao.crx

Google Chrome Extension
ID:
Adanak

Display name:
Adanak

Update URL:
http://wwwadanaknet-a.akamaihd.net/update/chrome


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to wwwadanaknet-a.akamaihd.net  (63.88.100.139:80)

 
http://wwwadanaknet-a.akamaihd.net/update/chrome

{
  "manifest_version": 2,
  "name": "Adanak",
  "description": "",
  "version": "1.0.1",
  "icons": {
    "48": "icon.png"
  },
  "homepage_url": "http://adanak.net",
  "update_url": "http://wwwadanaknet-a.akamaihd.net/update/chrome",
  "content_security_policy": "script-src 'self' 'unsafe-eval' https://apiadanaknet-a.akamaihd.net https://api.adanak.net; object-src 'self'",
  "background": {
    "scripts": [
      "background.js"
    ]
  },
  "content_scripts": [
    {
      "matches": [
        "<all_urls>"
      ],
      "js": [
        "content.js"
      ],
      "run_at": "document_end"
    }
  ],
  "permissions": [
    "storage",
    "tabs",
    "webRequest",
    "webRequestBlocking",
    "management",
    "<all_urls>"
  ]
}
Remove ckehiapfbolghghlmopccocfnncldmao.crx - Powered by Reason Core Security