fbdownloader.crx

FBDownloader

This is a Chrome web browser extension which contains the installable app and manifest file. The file fbdownloader.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of FBDownloader. While running, it connects to the Internet address fbdownloader.com on port 80 using the HTTP protocol.
MD5:
22696ee96778b870e53dc6d6848d122d

SHA-1:
c734dc27b35648dfb5c6f8f4970eaa605da69823

SHA-256:
01dbcc321a98e98aac7e4528aaa9db6c920d63d2cba237f67ef484fcf81f6bfc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/17/2018 6:51:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Extension.ChromePlugin
15.4.20.11

File size:
189.3 KB (193,844 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\sdiv 2.0\lib\fbdownloader.crx

Google Chrome Extension
ID:
pollkeobaahnbmpcgombjfibedabcddd

Version:
1.0.4

Display name:
FBDownloader

Description:
Download all facebook photos in a single click!.

Update URL:
http://fbdownloader.com/plugins/update.xml


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to fbdownloader.com  (54.245.81.123:80)

 
http://fbdownloader.com/plugins/update.xml

{
  "name": "FBDownloader",
  "version": "1.0.4",
  "description": "Download all facebook photos in a single click!.",
  "icons": {
    "16": "images/FacebookDownloader_16x16_Source.png",
    "48": "images/FacebookDownloader_48x48.png",
    "128": "images/FacebookDownloader_128x128.png"
  },
  "browser_action": {
    "default_icon": "images/FacebookDownloader_48x48.png"
  },
  "background_page": "background.html",
  "content_scripts": [
    {
      "matches": [
        "http://www.facebook.com/*",
        "https://www.facebook.com/*"
      ],
      "js": [
        "jquery.js",
        "json.js",
        "task.js",
        "content_script.js"
      ],
      "css": [
        "images/content.css"
      ]
    },
    {
      "matches": [
        "http://www.fbdownloader.com/ff.aspx",
        "https://www.fbdownloader.com/ff.aspx"
      ],
      "all_frames": true,
      "js": [
        "jquery.js",
        "all.js",
        "background.js",
        "task.js"
      ],
      "css": [
        "images/dialog.css"
      ]
    },
    {
      "matches": [
        "http://fbdownloader.com/plugins/SaveDialogApp.html"
      ],
      "all_frames": true,
      "js": [
        "login_utils.js",
        "json.js"
      ],
      "run_at": "document_start"
    },
    {
      "matches": [
        "http://www.fbdownloader.com/plugins/chrome_recommend.aspx"
      ],
      "all_frames": true,
      "js": [
        "login_utils.js",
        "json.js"
      ],
      "run_at": "document_start"
    },
    {
      "matches": [
        "*://*/*"
      ],
      "all_frames": true,
      "js": [
        "init_page.js"
      ],
      "run_at": "document_start"
    }
  ],
  "permissions": [
    "tabs",
    "*://*/*"
  ],
  "update_url": "http://fbdownloader.com/plugins/update.xml"
}
Remove fbdownloader.crx - Powered by Reason Core Security