plmlpkfpkijnlijgalnjaacllnjmoamo.crx

DVDVideoSoftTB

This is a Chrome web browser extension which contains the installable app and manifest file. The file plmlpkfpkijnlijgalnjaacllnjmoamo.crx has been detected as a potentially unwanted program by 2 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of DVDVideoSoftTB. The extension is part of the Conduit search platform and injects a HTML iframe in every Chrome web page loaded with a custom toolbar based on the publisher who distributes the search monetized Conduit (CodeFuel) toolbar.
Remove plmlpkfpkijnlijgalnjaacllnjmoamo.crx - Powered by Reason Core Security
MD5:
d65b833b59c34395dd1b29a018e96b30

SHA-1:
fc30183e51edb8f56ea9a94e17071c0e09d5137a

SHA-256:
d9776d1d1aeb9af4981b6cfc147f48bdfebd9976c2c5bb7018f7c232b480d962

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
12/4/2016 9:28:22 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Threat.Undefined
9.0.1.05190

Reason Heuristics
PUP.Conduit
15.4.20.11

Remove plmlpkfpkijnlijgalnjaacllnjmoamo.crx - Powered by Reason Core Security
File size:
964.3 KB (987,439 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\users\{user}\appdata\local\cre\plmlpkfpkijnlijgalnjaacllnjmoamo.crx

Google Chrome Extension
ID:
plmlpkfpkijnlijgalnjaacllnjmoamo

Display name:
DVDVideoSoftTB

Description:
Delivers all our best apps to your browser.

Update URL:
http://autoupdate.chromewebtb.conduit-services.com/?productId=CT2269050&extensionData=<extension_data>


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to autoupdate.chromewebtb.conduit-services.com  (199.101.114.99:80)

 
http://autoupdate.chromewebtb.conduit-services.com/?productid=ct2269050&extensiondata=<extension_data>

{
  "background_page": "Controller.html",
  "browser_action": {
    "default_icon": "634345072769525000.png",
    "default_title": "DVDVideoSoftTB Community Toolbar",
    "popup": "js/popup/view/popup.html"
  },
  "content_scripts": [
    {
      "all_frames": false,
      "js": [
        "js/everypage_early.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "run_at": "document_start"
    },
    {
      "all_frames": true,
      "js": [
        "js/clicksHandler.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "run_at": "document_start"
    },
    {
      "all_frames": true,
      "css": [
        "css/ctbmain.css"
      ],
      "js": [
        "js/contentScript.js",
        "js/API/component/view/BrowserCompApi.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "run_at": "document_end"
    }
  ],
  "description": "Delivers all our best apps to your browser.",
  "icons": {
    "128": "634345074602493750.png",
    "48": "634345074601556250.png",
    "16": "634345074602493750.png"
  },
  "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0lhYP432Zj9T5sLFgzwFDXoab6BuaqOVyZeWV2mb340iv3t2cp3K25b1um1RI7uiI0Pq2flfwxES4ouh1sxoiNMjeoeDJ/qOVBdUA0UpCFYdsny4EhanyPwS5B6I/V+lgaN46R/U3Us40Gwi1fobvFZX0XLud/LJXE2H+RmDoswIDAQAB",
  "name": "DVDVideoSoftTB",
  "options_page": "options.html",
  "permissions": [
    "tabs",
    "http://*/*",
    "https://*/*",
    "notifications",
    "management",
    "unlimitedStorage",
    "bookmarks",
    "contextMenus",
    "cookies",
    "geolocation",
    "history",
    "idle"
  ],
  "update_url": "http://autoupdate.chromewebtb.conduit-services.com/?productId=CT2269050&amp;extensionData=&lt;extension_data&gt;",
  "version": "2.3.4.700"
}
Remove plmlpkfpkijnlijgalnjaacllnjmoamo.crx - Powered by Reason Core Security