kngjfmklipimnkegmcilmbhchklgjgfl.crx

BitAccelerator

This is a Chrome web browser extension which contains the installable app and manifest file. The file kngjfmklipimnkegmcilmbhchklgjgfl.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of BitAccelerator. While running, it connects to the Internet address api.bit-accelerator.com on port 80 using the HTTP protocol.
MD5:
a690836b5b36772b9611e61cf9fa9728

SHA-1:
0da1a438596a38917e1a94c591fe026bba79496c

SHA-256:
7cefd18b81c770aff6a87a87419197d7d001b3d4e668ea4008335f8386a121b6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/12/2018 11:28:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CrazyApps (M)
16.7.8.8

File size:
24.2 KB (24,783 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\extensions\kngjfmklipimnkegmcilmbhchklgjgfl.crx

Google Chrome Extension
ID:
kngjfmklipimnkegmcilmbhchklgjgfl.crx

Display name:
BitAccelerator

Description:
BitAccelerator

Update URL:
http://api.bit-accelerator.com/updates/ewuut/chrome


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to api.bit-accelerator.com  (107.23.198.240:80)

 
http://api.bit-accelerator.com/updates/ewuut/chrome

{
  "manifest_version": 2,
  "content_scripts": [
    {
      "js": [
        "bootstrap.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "run_at": "document_end"
    }
  ],
  "description": "BitAccelerator",
  "icons": {
    "16": "ext_16x16.png",
    "48": "ext_48x48.png",
    "128": "ext_128x128.png"
  },
  "minimum_chrome_version": "5",
  "name": "BitAccelerator",
  "update_url": "http://api.bit-accelerator.com/updates/ewuut/chrome",
  "version": "1.1"
}
Remove kngjfmklipimnkegmcilmbhchklgjgfl.crx - Powered by Reason Core Security