olekgnofofincahkppkdenpmjeffimph.crx

Wander Burst

This is a Chrome web browser extension which contains the installable app and manifest file. The file olekgnofofincahkppkdenpmjeffimph.crx has been detected as a potentially unwanted program by 2 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of Wander Burst. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. While running, it connects to the Internet address cdn.wanderburst.com on port 80 using the HTTP protocol.
MD5:
79655a97514221eaaa7b29374238f92d

SHA-1:
90ca9d03bfcdef4e5c1f3193edf9ed30e30927e6

SHA-256:
ed8d817245175e877e1090404f96279294da2c9812bea0ab7d1bef014af673e1

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/15/2017 3:13:17 PM UTC  (today)

Scan engine
Detection
Engine version

Kaspersky
not-a-virus:AdWare.JS.BrowseFox
15.0.0.562

Reason Heuristics
Adware.Yontoo.ChromePlugin
16.1.27.1

File size:
7 KB (7,141 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\wander burst\extensions\olekgnofofincahkppkdenpmjeffimph.crx

Google Chrome Extension
ID:
olekgnofofincahkppkdenpmjeffimph.crx

Display name:
Wander Burst

Update URL:
http://cdn.wanderburst.com/update


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to cdn.wanderburst.com  (23.0.160.32:80)

 
http://cdn.wanderburst.com/update

{
  "background": {
    "scripts": [
      "background.js"
    ]
  },
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "matches": [
        "<all_urls>"
      ],
      "run_at": "document_end"
    }
  ],
  "content_security_policy": "script-src 'self' 'unsafe-eval' https://wanderburst-a.akamaihd.net https://wanderburst-a.akamaihd.net https://cdn.wanderburst.com; object-src 'self'",
  "description": "",
  "homepage_url": "http://www.wanderburst.com",
  "icons": {
    "48": "icon.png"
  },
  "manifest_version": 2,
  "name": "Wander Burst",
  "permissions": [
    "management",
    "storage",
    "tabs",
    "webRequest",
    "webRequestBlocking",
    "<all_urls>",
    "webNavigation"
  ],
  "version": "1.0.5810.4486",
  "update_url": "http://cdn.wanderburst.com/update"
}
Remove olekgnofofincahkppkdenpmjeffimph.crx - Powered by Reason Core Security