ohphmeifcnepailolgiakkkfhggmngam.crx

Dolphin Deals

This is a Chrome web browser extension which contains the installable app and manifest file. The file ohphmeifcnepailolgiakkkfhggmngam.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of Dolphin Deals. While running, it connects to the Internet address wwwsqeedolphinde-a.akamaihd.net on port 80 using the HTTP protocol.
MD5:
86d579ce0cee6e222ff8c20f0af0bc2e

SHA-1:
b308256f7488a48ed3087cffb4bdbdcbe8e226aa

SHA-256:
2ebad4248c5307efeef6f0279c7a73b54a6a22aa006c9ed3235dda358fa9fac4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
6/20/2018 4:18:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo.ChromePlugin
16.4.8.13

File size:
5.1 KB (5,225 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\dolphin deals\ohphmeifcnepailolgiakkkfhggmngam.crx

Google Chrome Extension
ID:
Dolphin Deals

Display name:
Dolphin Deals

Update URL:
http://wwwsqeedolphinde-a.akamaihd.net/update/chrome


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to wwwsqeedolphinde-a.akamaihd.net  (63.88.100.139:80)

 
http://wwwsqeedolphinde-a.akamaihd.net/update/chrome

{
  "manifest_version": 2,
  "name": "Dolphin Deals",
  "description": "",
  "version": "1.0.1",
  "icons": {
    "48": "icon.png"
  },
  "homepage_url": "http://sqeedolphindeals.com",
  "update_url": "http://wwwsqeedolphinde-a.akamaihd.net/update/chrome",
  "content_security_policy": "script-src 'self' 'unsafe-eval' https://apisqeedolphinde-a.akamaihd.net https://api.sqeedolphindeals.com; object-src 'self'",
  "background": {
    "scripts": [
      "background.js"
    ]
  },
  "content_scripts": [
    {
      "matches": [
        "<all_urls>"
      ],
      "js": [
        "content.js"
      ],
      "run_at": "document_end"
    }
  ],
  "permissions": [
    "storage",
    "tabs",
    "webRequest",
    "webRequestBlocking",
    "management",
    "<all_urls>"
  ]
}
Remove ohphmeifcnepailolgiakkkfhggmngam.crx - Powered by Reason Core Security