torrenthandler.crx

Torrent Handler

This is a Chrome web browser extension which contains the installable app and manifest file. The file torrenthandler.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of Torrent Handler. While running, it connects to the Internet address cdn.1click-media.com on port 80 using the HTTP protocol.
MD5:
3d864ca1bf5a204d4fdca16870cdc27e

SHA-1:
c94b440fde81163ee5bf3b70a3a7dd3a6bf87c92

SHA-256:
9a67f4912ee77e4bc661d7ff64d46a455d25e1745d7103632803655b528aa7ef

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/17/2017 10:18:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.1ClickMedia (M)
16.7.1.15

File size:
56.9 KB (58,220 bytes)

File type:
CRX Package Format (zip file with special header)

Google Chrome Extension
ID:
Torrent Handler

Display name:
Torrent Handler

Description:
Torrent Handler

Update URL:
http://cdn.1click-media.com/Extensions/torrenthandler/chrome/update.xml


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to cdn.1click-media.com  (158.69.145.50:80)

 
http://cdn.1click-media.com/extensions/torrenthandler/chrome/update.xml

{
  "name": "Torrent Handler",
  "version": "1.1",
  "background": {
    "page": "html/background.html"
  },
  "update_url": "http://cdn.1click-media.com/Extensions/torrenthandler/chrome/update.xml",
  "description": "Torrent Handler",
  "icons": {
    "16": "images/icon.16.png",
    "48": "images/icon.48.png",
    "128": "images/icon.128.png"
  },
  "permissions": [
    "contextMenus",
    "tabs",
    "http://*/*",
    "https://*/*"
  ],
  "content_scripts": [
    {
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "js": [
        "js/jquery.js",
        "js/ex.js"
      ],
      "run_at": "document_end"
    }
  ],
  "manifest_version": 2,
  "content_security_policy": "script-src 'self' https://ssl.google-analytics.com; object-src 'self'"
}
Remove torrenthandler.crx - Powered by Reason Core Security