drop_to_s.crx

DropToS

This is a Chrome web browser extension which contains the installable app and manifest file. The file drop_to_s.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of DropToS. While running, it connects to the Internet address utility.torchbrowser.com on port 80 using the HTTP protocol.
MD5:
de2218ed37ce81079d282c78d19f9281

SHA-1:
f28fe9323ef0f662c90299d770cb38baf735c3a6

SHA-256:
6633f32a1789308b7ea72a5816529492151f008680ecd5b63a205185b7679edb

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/17/2018 4:06:18 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Chrome.Extension (M)
15.9.30.17

File size:
1.6 MB (1,630,528 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\users\{user}\appdata\local\torch\application\42.0.0.10338\torch_extensions\drop_to_s.crx

Google Chrome Extension
ID:
DropToS

Display name:
DropToS

Update URL:
http://utility.torchbrowser.com/extensions/droptos/


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to utility.torchbrowser.com  (23.67.242.43:80)

 
http://utility.torchbrowser.com/extensions/droptos/

{
  "name": "DropToS",
  "version": "1.2.0.10170",
  "author": "Torch Media",
  "manifest_version": 2,
  "default_locale": "en",
  "permissions": [
    "management",
    "storage",
    "tabs",
    "<all_urls>",
    "torch.env",
    "torch.search"
  ],
  "content_security_policy": "script-src 'self' 'unsafe-eval' https://ssl.google-analytics.com; object-src 'self'",
  "icons": {
    "16": "images/search16.png",
    "32": "images/search32.png",
    "48": "images/search48.png",
    "128": "images/search128.png"
  },
  "background": {
    "page": "background.html"
  },
  "content_scripts": [
    {
      "matches": [
        "<all_urls>"
      ],
      "exclude_matches": [
        "http://localhost/torchtorrent/web/*",
        "http://torchbrowser.com/",
        "http://*.dev.torchbrowser.com/client/share/*",
        "http://*.stage.torchbrowser.com/client/share/*",
        "http://*.int.torchbrowser.com/client/share/*",
        "http://*.torchbrowser.com/client/share/*",
        "http://*.torchbrowser.com/welcome",
        "http://*.torchbrowser.com/welcome?*",
        "http://*.torchbrowser.com/whats-new",
        "http://*.torchbrowser.com/start",
        "http://*.torchbrowser.com/start?*",
        "http://*.torchbrowser.com/support*",
        "http://dev.torchbrowser.com/client/share/*",
        "http://stage.torchbrowser.com/client/share/*",
        "http://int.torchbrowser.com/client/share/*",
        "http://torchbrowser.com/client/share/*",
        "http://torchbrowser.com/support",
        "http://music.torchbrowser.com/*",
        "http://home.torchbrowser.com/*",
        "http://support.torchbrowser.com/*",
        "http://torchbrowser.kayako.com/*",
        "http://games.torchbrowser.com/*",
        "*://client.hola.org/*",
        "https://*.facebook.com/login*",
        "https://*.facebook.com/dialog/feed*",
        "https://twitter.com/login/*",
        "https://twitter.com/intent/tweet*",
        "https://*.pinterest.com/join/*",
        "https://*.pinterest.com/pin/create/bookmarklet/*",
        "https://plus.google.com/share*",
        "https://accounts.google.com/ServiceLogin*",
        "https://*.linkedin.com/uas/login*",
        "https://*.linkedin.com/shareArticle*"
      ],
      "js": [
        "js/lib/jquery-2.1.1.min.js",
        "js/extensions.js",
        "js/content.js",
        "js/classes/ActionProvider.js",
        "js/classes/DragAndDropController.js",
        "js/classes/DropAreas.js",
        "js/classes/DropHints.js",
        "js/classes/DragObject.js",
        "js/classes/DragSurface.js",
        "js/classes/UrlTokinizer.js"
      ],
      "css": [
        "css/content.css",
        "css/fonts.css"
      ],
      "run_at": "document_end",
      "all_frames": true
    }
  ],
  "options_page": "src/options.html",
  "update_url": "http://utility.torchbrowser.com/extensions/droptos/",
  "web_accessible_resources": [
    "images/sear...
Remove drop_to_s.crx - Powered by Reason Core Security