ntp.crx

New Tab Page

This is a Chrome web browser extension which contains the installable app and manifest file. The file ntp.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of New Tab Page. While running, it connects to the Internet address us-w1.rockmelt.com on port 80 using the HTTP protocol.
MD5:
b39456f55d8cf80fc5fd076c6213c141

SHA-1:
5b545148416d3903e3a68f0602319e62130f5f95

SHA-256:
441886f657e210a7cde7ce0bc487bd84f05427a5261056c6c083ca0fedb7d49e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
8/15/2018 7:20:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.5.11.21

File size:
490.8 KB (502,577 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\users\{user}\appdata\local\rockmelt\user data\temp\scoped_dir_9162\ntp.crx

Google Chrome Extension
ID:
ntp

Display name:
New Tab Page

Description:
Friends, Most Visited Sites, and more!

Update URL:
http://us-w1.rockmelt.com/extensions/1.0/xml


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to us-w1.rockmelt.com  (92.242.140.21:80)

 
http://us-w1.rockmelt.com/extensions/1.0/xml

{
  "name": "New Tab Page",
  "version": "1.0.22.0",
  "minimum_rockmelt_version": "0.9.71.0",
  "description": "Friends, Most Visited Sites, and more!",
  "icons": {
    "16": "icons/icon-16x16.png",
    "28": "icons/icon-28x28.png",
    "32": "icons/icon-32x32.png",
    "48": "icons/icon-48x48.png",
    "128": "icons/icon-128x128.png",
    "144": "icons/icon-144x144.png",
    "256": "icons/icon-256x256.png"
  },
  "permissions": [
    "tabs",
    "management",
    "rockmelt:metrics",
    "rockmelt:friends",
    "rockmelt:nntp",
    "rockmelt:sharing",
    "rockmelt:fbFeed",
    "rockmelt:invite",
    "chrome://favicon/",
    "https://us-w1.rockmelt.com/*"
  ],
  "chrome_url_overrides": {
    "newtab": "index.html"
  },
  "update_url": "http://us-w1.rockmelt.com/extensions/1.0/xml"
}
Remove ntp.crx - Powered by Reason Core Security