felncgjlfjagiefilkndafoobalnpgki.crx

Express Find

This is a Chrome web browser extension which contains the installable app and manifest file. The file felncgjlfjagiefilkndafoobalnpgki.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of Express Find. While running, it connects to the Internet address cdn.myexpressfind.com on port 80 using the HTTP protocol.
MD5:
925a62a1fa717d48c7f2032dd4838cca

SHA-1:
e8ef99cb6a0faf1954cfe41c50d3628d9d880e14

SHA-256:
8ad302df56f6c08667e3b6deaaa683f2b5ae2cb7db5caf0ea516b823e8d6266b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
10/23/2018 5:39:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo.ChromePlugin
16.1.10.9

File size:
2.9 KB (3,014 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\express find\extensions\felncgjlfjagiefilkndafoobalnpgki.crx

Google Chrome Extension
ID:
felncgjlfjagiefilkndafoobalnpgki.crx

Display name:
Express Find

Update URL:
http://cdn.myexpressfind.com/update


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to cdn.myexpressfind.com  (23.67.250.89:80)

 
http://cdn.myexpressfind.com/update

{
  "background": {
    "scripts": [
      "background.js"
    ]
  },
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "matches": [
        "<all_urls>"
      ],
      "run_at": "document_end"
    }
  ],
  "content_security_policy": "script-src 'self' 'unsafe-eval' https://expressfind-a.akamaihd.net https://expressfind-a.akamaihd.net https://cdn.myexpressfind.com; object-src 'self'",
  "description": "",
  "homepage_url": "http://www.myexpressfind.com",
  "icons": {
    "48": "icon.png"
  },
  "manifest_version": 2,
  "name": "Express Find",
  "permissions": [
    "management",
    "storage",
    "tabs",
    "webRequest",
    "webRequestBlocking",
    "<all_urls>"
  ],
  "version": "1.0.5651.17777",
  "update_url": "http://cdn.myexpressfind.com/update"
}
Remove felncgjlfjagiefilkndafoobalnpgki.crx - Powered by Reason Core Security