eclkcpbjjlpncalijmdmacomclegpdio.crx

Vgrabber v1.1 A2

This is a Chrome web browser extension which contains the installable app and manifest file. The file eclkcpbjjlpncalijmdmacomclegpdio.crx has been detected as a potentially unwanted program by 6 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of Vgrabber v1.1 A2. The extension is part of the Conduit search platform and injects a HTML iframe in every Chrome web page loaded with a custom toolbar based on the publisher who distributes the search monetized Conduit (CodeFuel) toolbar.
Remove eclkcpbjjlpncalijmdmacomclegpdio.crx - Powered by Reason Core Security
MD5:
4595e034f34fc45244235b093c83cfe3

SHA-1:
e35e9e96bf593d9445ef2261ac7e76ce99a6e6cf

SHA-256:
ed91da2169f3a77698cd636df44b26cf8e137d940ee029f2418b831882bfe39c

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
12/2/2016 5:16:02 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Conduit.33
9.0.1.0161

ESET NOD32
Win32/Toolbar.Conduit.AH potentially unwanted application
7.0.302.0

NANO AntiVirus
Trojan.Win32.Conduit.ctbwbm
0.28.0.57630

Panda Antivirus
PUP/Conduit.A
14.06.10.04

Reason Heuristics
Adware.ConduitToolbar.ChromePlugin.d
14.6.10.16

VIPRE Antivirus
Conduit Toolbar
26620

Remove eclkcpbjjlpncalijmdmacomclegpdio.crx - Powered by Reason Core Security
File size:
2.7 MB (2,881,103 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\users\{user}\appdata\local\cre\eclkcpbjjlpncalijmdmacomclegpdio.crx

Google Chrome Extension
ID:
eclkcpbjjlpncalijmdmacomclegpdio

Version:
10.20.105.11

Display name:
Vgrabber v1.1 A2

Description:
Vgrabber v1.1 A2

Update URL:
http://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3316660&extensionData=<extension_data>


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to autoupdate.chromewebtb.conduit-services.com  (199.101.114.99:80)

 
http://autoupdate.chromewebtb.conduit-services.com/sb/?productid=ct3316660&extensiondata=<extension_data>

{
  "manifest_version": 2,
  "background": {
    "page": "js/chromeBackStage.html"
  },
  "content_scripts": [
    {
      "js": [
        "js/bcview.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": true,
      "run_at": "document_start"
    },
    {
      "js": [
        "js/conduitEnv.js",
        "js/compatibility.start.js",
        "js/match.js",
        "js/verlyEarly.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": false,
      "run_at": "document_start"
    },
    {
      "js": [
        "js/contentScript.js",
        "js/compatibility.end.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": false,
      "run_at": "document_end"
    },
    {
      "js": [
        "js/navigationHandler.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": true,
      "run_at": "document_end"
    }
  ],
  "plugins": [
    {
      "path": "plugins/ConduitChromeApiPlugin.dll",
      "public": true
    },
    {
      "path": "plugins/np-cwmp.dll",
      "public": true
    },
    {
      "path": "plugins/ChromeApproveTBPlugin.dll",
      "public": true
    },
    {
      "path": "search/plugins/npConduitNewTabPlugin.dll",
      "public": true
    }
  ],
  "default_locale": "en",
  "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr8vYNYn7xUJak+mL7ktDJuUheJq6k44KEK2woZyQiDfOcJ/6x4QMtZavpvtXZqe/9+hOwMM27x9GfGkZ+wvS6bA1gjo7xp6ZeJXNhOZGKAfndlt5uOFNTB9YEFagdB5i5Oq9PoCeaICQpqfr8OCNkNlRJnDQn4rcdvXW7DnezewIDAQAB",
  "description": "Vgrabber v1.1 A2",
  "name": "Vgrabber v1.1 A2",
  "update_url": "http://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3316660&extensionData=<extension_data>",
  "icons": {
    "128": "634471226665245738.png",
    "48": "634471226664483990.png",
    "16": "634471226665245738.png"
  },
  "chrome_url_overrides": {
    "newtab": "Search/NewTabPages/html/new_tab.html"
  },
  "permissions": [
    "storage",
    "tabs",
    "http://*/*",
    "https://*/*",
    "notifications",
    "management",
    "unlimitedStorage",
    "bookmarks",
    "contextMenus",
    "cookies",
    "geolocation",
    "history",
    "idle",
    "webNavigation",
    "chrome://favicon/*",
    "webRequest",
    "webRequestBlocking"
  ],
  "version": "10.20.105.11",
  "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
  "web_accessible_resources": [
    "js/iframeHost.html*",
    "js/toolbarAPI/toolbarAPI.js*",
    "shouldShowTB.txt",
    "tb/al/wa/RADIO_PLAYER/embedded.html",
    "tb/al/wa/RADIO_PLAYER/bgpage.html",
    "tb/al/wa/RADIO_PLAYER/popup2.html",
    "tb/al/wa/NOTIFICICATION/bgpage.html",
    "tb/al/wa/NOTIFICATION/NotificationPopup.html*",
    "tb/al/wa/NOTIFICATION/Settings.htm*",
    "tb/al/wa/NOTIF...
Remove eclkcpbjjlpncalijmdmacomclegpdio.crx - Powered by Reason Core Security