netscouttoolbar.crx

NetScout Toolbar

This is a Chrome web browser extension which contains the installable app and manifest file. The file netscouttoolbar.crx has been detected as a potentially unwanted program by 2 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of NetScout Toolbar. While running, it connects to the Internet address update.toolbar.widdit.com on port 80 using the HTTP protocol.
MD5:
727adb647e20be9a86dc056e3a2bbf25

SHA-1:
df7e6d99525c7b5648cea52c47e848f2e43d12f5

SHA-256:
02298aabc167d8439c47f767d5a6032ecb77a5fe797767a6b405e145ccd15239

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/13/2017 8:04:05 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Toolbar
2015.0.3511

Reason Heuristics
Adware.Widdit.ChromePlugin.S
14.2.17.4

File size:
734.1 KB (751,694 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\netscouttoolbar\chrome\netscouttoolbar.crx

Google Chrome Extension
ID:
ooepecapjfnpoblcjpgibomhcnlgbnbj

Version:
1.5

Display name:
NetScout Toolbar

Description:
NetScout Toolbar

Update URL:
http://update.toolbar.widdit.com/chrome/?si=39030&ti=619&ver=1.5


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to update.toolbar.widdit.com  (82.80.196.113:80)

 
http://update.toolbar.widdit.com/chrome/?si=39030&ti=619&ver=1.5

{
  "name": "NetScout Toolbar",
  "version": "1.5",
  "manifest_version": 1,
  "description": "NetScout Toolbar",
  "icons": {
    "16": "images/widdit_icon_small.png",
    "48": "images/widdit_icon_med.png",
    "128": "images/widdit_icon_large.png"
  },
  "background_page": "background.html",
  "browser_action": {
    "default_icon": "images/widdit_icon_small.png",
    "default_title": "NetScout Toolbar"
  },
  "update_url": "http://update.toolbar.widdit.com/chrome/?si=39030&ti=619&ver=1.5",
  "content_scripts": [
    {
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "css": [
        "css/widdit.css"
      ],
      "js": [
        "js/widdit.js"
      ],
      "run_at": "document_start"
    },
    {
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "js": [
        "js/widdit_end.js"
      ],
      "run_at": "document_end"
    }
  ],
  "plugins": [
    {
      "path": "npwiddit.dll",
      "public": true
    }
  ],
  "chrome_url_overrides": {
    "newtab": "bundler/newtab.html"
  },
  "permissions": [
    "contextMenus",
    "management",
    "tabs",
    "<all_urls>",
    "notifications",
    "unlimitedStorage",
    "bookmarks",
    "cookies",
    "geolocation",
    "history",
    "idle",
    "webRequest",
    "topSites",
    "webRequestBlocking"
  ]
}
Remove netscouttoolbar.crx - Powered by Reason Core Security