toolbarcr.crx

Ask Toolbar

This is the Google Chrome extension for the branded Ask.com (APN) Toolbar. It enables itself with permissions to access data on all websites, read and modify bookmarks, detect physical location, read and modiy browsing history, access tabs, manage apps and extensions and manipulate settings that control websites' access to cookies, JavaScript and plug-ins. The file toolbarcr.crx has been detected as a potentially unwanted program by 2 anti-malware scanners. It loads within the context of Google Chrome as a compliled extension with the display name of Ask Toolbar.
MD5:
694f5a9fc62e7fa77262a3b5e221d1e4

SHA-1:
5902bf9f6db6dcd1cdb4fc22d60542555c7e9068

SHA-256:
81a03f81b36fe2412a869e294b8319da015d83e868dbc302930213dff05151ff

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Installed by a third party (not from Chrome Web Store). Grants itself extended access permissions in Chrome such as access to all data on websites and ability to track physical location.

Analysis date:
9/24/2017 10:14:20 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.ChromePlugin.M
188838

Reason Heuristics
PUP.ChromePlugin.M
14.6.12.16

File size:
520 KB (532,510 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\ProgramData\askpartnernetwork\toolbar\cme-v7\crx\toolbarcr.crx

Google Chrome Extension
ID:
aaaajabnoiehionljhjpclogplgillib

Version:
26.60817

Display name:
Ask Toolbar

Description:
Convenient tools and links to make your browsing more enjoyable. If you wish to uninstall the toolbar, please try the following steps: Windows Start Menu > Control Panel > Programs (Add/Remove Progra...

Update URL:
http://apnmedia.ask.com/media/toolbar/everest/partners/CME-V7/YY/update.xml


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to apnmedia.ask.com  (63.88.100.139:80)

 
http://apnmedia.ask.com/media/toolbar/everest/partners/cme-v7/yy/update.xml

{
  "name": "Ask Toolbar",
  "version": "26.60817",
  "manifest_version": 2,
  "description": "Convenient tools and links to make your browsing more enjoyable. If you wish to uninstall the toolbar, please try the following steps: Windows Start Menu > Control Panel > Programs (Add/Remove Programs for older versions) > Programs and Features > Select your extension and click Uninstall. For more information, please visit: http://about.ask.com/apn/uninstall",
  "icons": {
    "128": "config/skin/images/logo/logo_128x.png",
    "32": "config/skin/images/logo/logo_32x.png",
    "24": "config/skin/images/logo/logo_24x.png"
  },
  "browser_action": {
    "default_icon": "config/skin/images/logo/logo_19x.png",
    "default_title": "Control the Ask Toolbar",
    "default_popup": "config/skin/chrome-options.html"
  },
  "background": {
    "page": "background/background.html"
  },
  "chrome_url_overrides": {
    "newtab": "config/skin/new-tab-page.html"
  },
  "content_scripts": [
    {
      "matches": [
        "*://*/*"
      ],
      "js": [
        "lib/constant.js",
        "lib/default-config.js",
        "config/tb-config.js",
        "lib/protocol.js",
        "lib/tb-message.js",
        "lib/widget-messaging.js",
        "content_script/inline-html.js"
      ],
      "all_frames": true,
      "run_at": "document_end"
    },
    {
      "matches": [
        "*://*/*"
      ],
      "js": [
        "lib/jquery.js",
        "lib/constant.js",
        "lib/default-config.js",
        "config/tb-config.js",
        "config/widget-config.js",
        "lib/protocol.js",
        "lib/tb-message.js",
        "lib/state-machine.js",
        "lib/window-position.js",
        "content_script/positioning.js",
        "content_script/toolbar.js",
        "content_script/widget.js",
        "content_script/injector.js"
      ],
      "run_at": "document_start"
    },
    {
      "matches": [
        "*://*.facebook.com/*"
      ],
      "css": [
        "content_script/hack/facebook.css"
      ]
    },
    {
      "matches": [
        "*://*.google.com/*",
        "*://*.ask.com/",
        "*://*.bagsbuy.com/*",
        "*://*.csaa.com/*",
        "*://*.childrenschorus.org/*",
        "*://*.wikipedia.org/*",
        "*://*.mercurynews.com/*",
        "*://*.usnews.com/*"
      ],
      "css": [
        "content_script/hack/relative.css"
      ],
      "run_at": "document_start"
    },
    {
      "matches": [
        "*://*.google.com/imgres*",
        "*://images.google.com/*",
        "*://codesearch.google.com/*"
      ],
      "css": [
        "content_script/hack/static.css"
      ],
      "run_at": "document_start"
    }
  ],
  "permissions": [
    "bookmarks",
    "contextMenus",
    "contentSettings",
    "cookies",
    "geolocation",
    "history",
    "idle",
    "management",
    "notifications",
    "tabs",
    "unlimitedStorage",
    "webRequ...
Remove toolbarcr.crx - Powered by Reason Core Security