jojhdgnandjllaeaaccnkddgieegmljj.crx

A Free Ride Games Bar

This is a Chrome web browser extension which contains the installable app and manifest file. The file jojhdgnandjllaeaaccnkddgieegmljj.crx has been detected as a potentially unwanted program by 4 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of A Free Ride Games Bar. The extension is part of the Conduit search platform and injects a HTML iframe in every Chrome web page loaded with a custom toolbar based on the publisher who distributes the search monetized Conduit (CodeFuel) toolbar.
Remove jojhdgnandjllaeaaccnkddgieegmljj.crx - Powered by Reason Core Security
MD5:
c3d99c6a34c7d3e19384219e21ee1f3b

SHA-1:
133ac120844fcbc9272d1376ef242a09376e6eb5

SHA-256:
c97463de79fb4ef61e5323fcf814cc144ea68756d5fd6047014ebb7798006b4d

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
12/3/2016 8:47:18 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/Toolbar.Conduit.AH potentially unwanted application
7.0.302.0

Reason Heuristics
Adware.ConduitToolbar.ChromePlugin.d
14.6.10.20

VIPRE Antivirus
Conduit Toolbar
24296

Remove jojhdgnandjllaeaaccnkddgieegmljj.crx - Powered by Reason Core Security
File size:
2.8 MB (2,931,615 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\users\{user}\appdata\local\cre\jojhdgnandjllaeaaccnkddgieegmljj.crx

Google Chrome Extension
ID:
jojhdgnandjllaeaaccnkddgieegmljj

Version:
10.16.70.1

Display name:
A Free Ride Games Bar

Description:
A Free Ride Games Bar

Update URL:
http://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT1320680&extensionData=<extension_data>


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to autoupdate.chromewebtb.conduit-services.com  (199.101.114.99:80)

 
http://autoupdate.chromewebtb.conduit-services.com/sb/?productid=ct1320680&extensiondata=<extension_data>

{
  "manifest_version": 2,
  "background": {
    "page": "js/chromeBackStage.html"
  },
  "content_scripts": [
    {
      "js": [
        "js/bcview.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": true,
      "run_at": "document_start"
    },
    {
      "js": [
        "js/conduitEnv.js",
        "js/compatibility.start.js",
        "js/match.js",
        "js/verlyEarly.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": false,
      "run_at": "document_start"
    },
    {
      "js": [
        "js/contentScript.js",
        "js/compatibility.end.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": false,
      "run_at": "document_end"
    },
    {
      "js": [
        "js/navigationHandler.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": true,
      "run_at": "document_end"
    }
  ],
  "plugins": [
    {
      "path": "plugins/ConduitChromeApiPlugin.dll",
      "public": true
    },
    {
      "path": "plugins/np-cwmp.dll",
      "public": true
    },
    {
      "path": "plugins/ChromeApproveTBPlugin.dll",
      "public": true
    },
    {
      "path": "search/plugins/npConduitNewTabPlugin.dll",
      "public": true
    }
  ],
  "default_locale": "en",
  "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZFSAuOUhkmuKfej9VI1nUXGuwmdfcusGm4s10FsNIoJK0aBPHL0XEDwmx4JyWlqYig2IwoawMFbWCHwe5jjifdUmK+NNdLRJkyEcqqE+rfeW3zvviGRYojqgQTpDcRKAXTs4AA3j8pMVzt6owGvh85vnJbQvXzqiZE9zqQpEecwIDAQAB",
  "description": "A Free Ride Games Bar",
  "name": "A Free Ride Games Bar",
  "update_url": "http://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT1320680&extensionData=<extension_data>",
  "icons": {
    "128": "128x128.png",
    "48": "128x128.png",
    "16": "128x128.png"
  },
  "chrome_url_overrides": {
    "newtab": "Search/NewTabPages/html/new_tab.html"
  },
  "permissions": [
    "storage",
    "tabs",
    "http://*/*",
    "https://*/*",
    "notifications",
    "management",
    "unlimitedStorage",
    "bookmarks",
    "contextMenus",
    "cookies",
    "geolocation",
    "history",
    "idle",
    "webNavigation",
    "chrome://favicon/*",
    "webRequest",
    "webRequestBlocking"
  ],
  "version": "10.16.70.1",
  "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
  "web_accessible_resources": [
    "js/iframeHost.html*",
    "js/toolbarAPI/toolbarAPI.js*",
    "shouldShowTB.txt",
    "tb/al/wa/RADIO_PLAYER/embedded.html",
    "tb/al/wa/RADIO_PLAYER/bgpage.html",
    "tb/al/wa/RADIO_PLAYER/popup2.html",
    "tb/al/wa/NOTIFICICATION/bgpage.html",
    "tb/al/wa/NOTIFICATION/NotificationPopup.html*",
    "tb/al/wa/NOTIFICATION/Settings.htm*",
    "tb/al/wa/NOTIFICATION/Settings.html*",
...
Remove jojhdgnandjllaeaaccnkddgieegmljj.crx - Powered by Reason Core Security