feejdmdjpdeipddnokkighlifglckngg.crx

Cantataweb

This is a Chrome web browser extension which contains the installable app and manifest file. The file feejdmdjpdeipddnokkighlifglckngg.crx has been detected as a potentially unwanted program by 3 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of Cantataweb. This file is typically installed with the program Cantataweb by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
MD5:
350b69ba31197283e0e12c82a85126d2

SHA-1:
18c17abc276f5ded0d89d8ab5f52ca208d84472f

SHA-256:
5bdf3fd09544848e9c69abc2f1718be1222d918b9275689752dab5df9b0d4947

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/16/2018 1:22:04 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
infected with Trojan.Yontoo.444
9.0.1.05190

ESET NOD32
Win32/BrowseFox.Q potentially unwanted application
7.0.302.0

Reason Heuristics
Adware.Yontoo.ChromePlugin.d
15.1.16.2

File size:
6.4 KB (6,586 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\cantataweb\feejdmdjpdeipddnokkighlifglckngg.crx

Google Chrome Extension
ID:
Cantataweb

Display name:
Cantataweb

Update URL:
http://wwwcantatawebnet-a.akamaihd.net/update/chrome


The file feejdmdjpdeipddnokkighlifglckngg.crx has been discovered within the following program.

Cantataweb  by Yontoo Technology, Inc.
Cantataweb is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.
cantataweb.net/support
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to wwwcantatawebnet-a.akamaihd.net  (63.88.100.144:80)

 
http://wwwcantatawebnet-a.akamaihd.net/update/chrome

{
  "manifest_version": 2,
  "name": "Cantataweb",
  "description": "",
  "version": "1.0.1",
  "icons": {
    "48": "icon.png"
  },
  "homepage_url": "http://cantataweb.net",
  "update_url": "http://wwwcantatawebnet-a.akamaihd.net/update/chrome",
  "content_security_policy": "script-src 'self' 'unsafe-eval' https://apicantatawebnet-a.akamaihd.net https://api.cantataweb.net; object-src 'self'",
  "background": {
    "scripts": [
      "background.js"
    ]
  },
  "content_scripts": [
    {
      "matches": [
        "<all_urls>"
      ],
      "js": [
        "content.js"
      ],
      "run_at": "document_end"
    }
  ],
  "permissions": [
    "storage",
    "tabs",
    "webRequest",
    "webRequestBlocking",
    "management",
    "<all_urls>"
  ]
}
Remove feejdmdjpdeipddnokkighlifglckngg.crx - Powered by Reason Core Security