pricemeterexpress.crx

PriceMeter Express

This is a Chrome web browser extension which contains the installable app and manifest file. The file pricemeterexpress.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of PriceMeter Express. While running, it connects to the Internet address chromeupdate.filespm.com on port 80 using the HTTP protocol.
MD5:
de1db2e478c2dc123197ecb0b5ac750a

SHA-1:
a81ae895254f56be9859dc14f4be818aea54e7f6

SHA-256:
177373a33e41882de12232b05ea338cf855405cd1f96eed95201879ebac1a970

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/10/2017 11:34:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PriceMeter
16.2.28.12

File size:
43.8 KB (44,847 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\users\{user}\appdata\local\pricemeter express\pricemeterexpress.crx

Google Chrome Extension
ID:
pricemeterexpress

Display name:
PriceMeter Express

Description:
A companion for the PriceMeter product.

Update URL:
http://chromeupdate.filespm.com/updates.xml


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to chromeupdate.filespm.com  (92.242.140.21:80)

 
http://chromeupdate.filespm.com/updates.xml

{
  "name": "PriceMeter Express",
  "version": "7.7.0.0",
  "manifest_version": 2,
  "description": "A companion for the PriceMeter product.",
  "icons": {
    "16": "images/icon16.png",
    "48": "images/icon48.png",
    "128": "images/icon128.png"
  },
  "background": {
    "scripts": [
      "background.js"
    ],
    "persistent": true
  },
  "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
  "permissions": [
    "notifications",
    "tabs",
    "bookmarks",
    "http://*/",
    "https://*/"
  ],
  "update_url": "http://chromeupdate.filespm.com/updates.xml",
  "key": "oedoknoijoakeplhlghdcggkclkbmaje"
}
Remove pricemeterexpress.crx - Powered by Reason Core Security