toolbar.crx

Search App by Ask

This is a Chrome web browser extension which contains the installable app and manifest file. The file toolbar.crx has been detected as a potentially unwanted program by 2 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of Search App by Ask. While running, it connects to the Internet address apnmedia.ask.com on port 80 using the HTTP protocol.
MD5:
c37d338d22589083be4fd6043be661b8

SHA-1:
26f75f239917f4497bbfc449930958e046fbcca0

SHA-256:
94808d89e7937e6b8bed9e9e79363dda0adf2b41405fc785595f3c11eb980cd3

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
9/24/2017 10:13:22 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.ChromePlugin.K
188838

Reason Heuristics
PUP.Ask.ChromePlugin.K
14.10.14.22

File size:
705.8 KB (722,782 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\askpartnernetwork\toolbar\wbv7-sp\source\common appdata\askpartnernetwork\toolbar\{partnerid}\crx\{crx_version}\toolbar.crx

Google Chrome Extension
ID:
Search App by Ask

Display name:
Search App by Ask

Description:
Convenient tools and links to make your browsing more enjoyable.

Update URL:
http://apnmedia.ask.com/media/toolbar/everest/partners/WBV7-SP/YY/update.xml


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to apnmedia.ask.com  (63.88.100.139:80)

 
http://apnmedia.ask.com/media/toolbar/everest/partners/wbv7-sp/yy/update.xml

{
  "name": "Search App by Ask",
  "version": "48.1",
  "manifest_version": 2,
  "description": "Convenient tools and links to make your browsing more enjoyable.",
  "icons": {
    "128": "config/skin/images/logo/logo_128x.png",
    "32": "config/skin/images/logo/logo_32x.png",
    "24": "config/skin/images/logo/logo_24x.png"
  },
  "browser_action": {
    "default_icon": "config/skin/images/logo/logo_19x.png",
    "default_title": "Control the Search App by Ask",
    "default_popup": "config/skin/chrome-options.html"
  },
  "background": {
    "page": "background/background.html"
  },
  "chrome_url_overrides": {
    "newtab": "config/skin/new-tab-page.html"
  },
  "content_scripts": [
    {
      "matches": [
        "*://*/*"
      ],
      "js": [
        "lib/constant.js",
        "lib/default-config.js",
        "config/tb-config.js",
        "lib/protocol.js",
        "lib/tb-message.js",
        "lib/widget-messaging.js",
        "content_script/inline-html.js"
      ],
      "all_frames": true,
      "run_at": "document_end"
    },
    {
      "matches": [
        "*://*/*"
      ],
      "js": [
        "lib/jquery.js",
        "lib/constant.js",
        "lib/default-config.js",
        "config/tb-config.js",
        "config/widget-config.js",
        "lib/protocol.js",
        "lib/tb-message.js",
        "lib/state-machine.js",
        "lib/async-gate.js",
        "lib/window-position.js",
        "lib/DataStore.js",
        "lib/logger.js",
        "lib/tb-config-update.js",
        "content_script/positioning.js",
        "content_script/toolbar.js",
        "content_script/widget.js",
        "content_script/injector.js"
      ],
      "run_at": "document_start"
    },
    {
      "matches": [
        "*://*.facebook.com/*"
      ],
      "css": [
        "content_script/hack/facebook.css"
      ]
    },
    {
      "matches": [
        "*://*.ask.com/",
        "*://*.bagsbuy.com/*",
        "*://*.csaa.com/*",
        "*://*.childrenschorus.org/*",
        "*://*.wikipedia.org/*",
        "*://*.mercurynews.com/*",
        "*://*.usnews.com/*"
      ],
      "css": [
        "content_script/hack/relative.css"
      ],
      "run_at": "document_start"
    }
  ],
  "permissions": [
    "management",
    "nativeMessaging",
    "tabs",
    "storage",
    "http://*/*",
    "https://*/*"
  ],
  "update_url": "http://apnmedia.ask.com/media/toolbar/everest/partners/WBV7-SP/YY/update.xml",
  "web_accessible_resources": [
    "config/skin/css/containers.css",
    "config/skin/toolbar.html",
    "widgets/search-suggestion/search-suggestion.html",
    "widgets/options/options.html",
    "widgets/templates/feed.html",
    "widgets/templates/menu.html",
    "config/skin/widgets/SPE-options/options.html"
  ]
}
Remove toolbar.crx - Powered by Reason Core Security