toolbar.crx

Search App by Ask

This is a Chrome web browser extension which contains the installable app and manifest file. The file toolbar.crx has been detected as a potentially unwanted program by 2 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of Search App by Ask. While running, it connects to the Internet address apnmedia.ask.com on port 80 using the HTTP protocol.
MD5:
db1777586c4fd53b4a0f59214b2018b7

SHA-1:
7dddfaad4dd3dd3e190315f75522b730377c0d0a

SHA-256:
3654248e900e83625965f6b1a79f9a42e24d81e53ee13f891efacd216c5acf34

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/18/2017 5:55:16 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.ChromePlugin.K
188838

Reason Heuristics
PUP.Ask.ChromePlugin.K
14.9.11.1

File size:
543.9 KB (556,950 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\askpartnernetwork\toolbar\ff3-sp\source\common appdata\askpartnernetwork\toolbar\{partnerid}\crx\{crx_version}\toolbar.crx

Google Chrome Extension
ID:
toolbar

Display name:
Search App by Ask

Description:
Convenient tools and links to make your browsing more enjoyable.

Update URL:
http://apnmedia.ask.com/media/toolbar/everest/partners/FF3-SP/YY/update.xml


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to apnmedia.ask.com  (63.88.100.139:80)

 
http://apnmedia.ask.com/media/toolbar/everest/partners/ff3-sp/yy/update.xml

{
  "name": "Search App by Ask",
  "version": "45.1",
  "manifest_version": 2,
  "description": "Convenient tools and links to make your browsing more enjoyable.",
  "icons": {
    "128": "config/skin/images/logo/logo_128x.png",
    "32": "config/skin/images/logo/logo_32x.png",
    "24": "config/skin/images/logo/logo_24x.png"
  },
  "browser_action": {
    "default_icon": "config/skin/images/logo/logo_19x.png",
    "default_title": "Control the Search App by Ask",
    "default_popup": "config/skin/chrome-options.html"
  },
  "background": {
    "page": "background/background.html"
  },
  "chrome_url_overrides": {
    "newtab": "config/skin/new-tab-page.html"
  },
  "content_scripts": [
    {
      "matches": [
        "*://*/*"
      ],
      "js": [
        "lib/constant.js",
        "lib/default-config.js",
        "config/tb-config.js",
        "lib/protocol.js",
        "lib/tb-message.js",
        "lib/widget-messaging.js",
        "content_script/inline-html.js"
      ],
      "all_frames": true,
      "run_at": "document_end"
    },
    {
      "matches": [
        "*://*/*"
      ],
      "js": [
        "lib/jquery.js",
        "lib/constant.js",
        "lib/default-config.js",
        "config/tb-config.js",
        "config/widget-config.js",
        "lib/protocol.js",
        "lib/tb-message.js",
        "lib/state-machine.js",
        "lib/async-gate.js",
        "lib/window-position.js",
        "lib/DataStore.js",
        "lib/logger.js",
        "lib/tb-config-update.js",
        "content_script/positioning.js",
        "content_script/toolbar.js",
        "content_script/widget.js",
        "content_script/injector.js"
      ],
      "run_at": "document_start"
    },
    {
      "matches": [
        "*://*.facebook.com/*"
      ],
      "css": [
        "content_script/hack/facebook.css"
      ]
    },
    {
      "matches": [
        "*://*.ask.com/",
        "*://*.bagsbuy.com/*",
        "*://*.csaa.com/*",
        "*://*.childrenschorus.org/*",
        "*://*.wikipedia.org/*",
        "*://*.mercurynews.com/*",
        "*://*.usnews.com/*"
      ],
      "css": [
        "content_script/hack/relative.css"
      ],
      "run_at": "document_start"
    }
  ],
  "permissions": [
    "management",
    "nativeMessaging",
    "tabs",
    "storage",
    "http://*/*",
    "https://*/*"
  ],
  "update_url": "http://apnmedia.ask.com/media/toolbar/everest/partners/FF3-SP/YY/update.xml",
  "web_accessible_resources": [
    "config/skin/css/containers.css",
    "config/skin/toolbar.html",
    "widgets/search-suggestion/search-suggestion.html",
    "widgets/options/options.html",
    "widgets/templates/feed.html",
    "widgets/templates/menu.html",
    "config/skin/widgets/SPE-options/options.html"
  ]
}
Remove toolbar.crx - Powered by Reason Core Security