ntp.crx

New Tab Page

This is a Chrome web browser extension which contains the installable app and manifest file. The file ntp.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of New Tab Page. While running, it connects to the Internet address us-w1.rockmelt.com on port 80 using the HTTP protocol.
MD5:
788ade8c49539df191bbffa20ce3962f

SHA-1:
00bbf6c47cda719f7df1a794f2bc285e29255240

SHA-256:
3abf73d507251af4da76492cdfff7af677a19be0c822b14e27af2b31e68d788b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2017 2:26:01 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.5.11.21

File size:
590.8 KB (604,951 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\users\{user}\appdata\local\rockmelt\application\0.16.91.321\extensions\ntp.crx

Google Chrome Extension
ID:
ntp

Display name:
New Tab Page

Description:
Friends, Most Visited Sites, and more!

Update URL:
http://us-w1.rockmelt.com/extensions/1.0/xml


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to us-w1.rockmelt.com  (199.101.28.20:80)

 
http://us-w1.rockmelt.com/extensions/1.0/xml

{
  "name": "New Tab Page",
  "version": "1.0.26.2",
  "minimum_rockmelt_version": "0.9.72.698",
  "description": "Friends, Most Visited Sites, and more!",
  "icons": {
    "16": "icons/icon-16x16.png",
    "28": "icons/icon-28x28.png",
    "32": "icons/icon-32x32.png",
    "48": "icons/icon-48x48.png",
    "128": "icons/icon-128x128.png",
    "144": "icons/icon-144x144.png",
    "256": "icons/icon-256x256.png"
  },
  "permissions": [
    "tabs",
    "management",
    "rockmelt:dockwindows",
    "rockmelt:metrics",
    "rockmelt:friends",
    "rockmelt:nntp",
    "rockmelt:edge",
    "rockmelt:sharing",
    "rockmelt:fbFeed",
    "rockmelt:invite",
    "rockmelt:omnibox",
    "chrome://favicon/",
    "https://us-w1.rockmelt.com/*"
  ],
  "chrome_url_overrides": {
    "newtab": "index.html"
  },
  "update_url": "http://us-w1.rockmelt.com/extensions/1.0/xml"
}
Remove ntp.crx - Powered by Reason Core Security