kcdjbmnhiiikniahhnckenokmoepfknf.crx

Dolphin Deals

This is a Chrome web browser extension which contains the installable app and manifest file. The file kcdjbmnhiiikniahhnckenokmoepfknf.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of Dolphin Deals. While running, it connects to the Internet address wwwsqeedolphinde-a.akamaihd.net on port 80 using the HTTP protocol.
MD5:
7e0a15ab2ab71a43d23b2578722b5e8e

SHA-1:
d64f2634e8c1543c4d787548339e33107c6e91fe

SHA-256:
31d87ca2d1b3cdfe0b894ab9a5a33011e45be631776bf2fea007fc010e449f62

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/21/2017 10:45:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo.ChromePlugin
16.3.7.18

File size:
5.1 KB (5,225 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\dolphin deals\kcdjbmnhiiikniahhnckenokmoepfknf.crx

Google Chrome Extension
ID:
Dolphin Deals

Display name:
Dolphin Deals

Update URL:
http://wwwsqeedolphinde-a.akamaihd.net/update/chrome


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to wwwsqeedolphinde-a.akamaihd.net  (63.88.100.139:80)

 
http://wwwsqeedolphinde-a.akamaihd.net/update/chrome

{
  "manifest_version": 2,
  "name": "Dolphin Deals",
  "description": "",
  "version": "1.0.1",
  "icons": {
    "48": "icon.png"
  },
  "homepage_url": "http://sqeedolphindeals.com",
  "update_url": "http://wwwsqeedolphinde-a.akamaihd.net/update/chrome",
  "content_security_policy": "script-src 'self' 'unsafe-eval' https://apisqeedolphinde-a.akamaihd.net https://api.sqeedolphindeals.com; object-src 'self'",
  "background": {
    "scripts": [
      "background.js"
    ]
  },
  "content_scripts": [
    {
      "matches": [
        "<all_urls>"
      ],
      "js": [
        "content.js"
      ],
      "run_at": "document_end"
    }
  ],
  "permissions": [
    "storage",
    "tabs",
    "webRequest",
    "webRequestBlocking",
    "management",
    "<all_urls>"
  ]
}
Remove kcdjbmnhiiikniahhnckenokmoepfknf.crx - Powered by Reason Core Security