translategenius.crx

Translate Genius

This is a Chrome web browser extension which contains the installable app and manifest file. The file translategenius.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of Translate Genius. While running, it connects to the Internet address translategenius.com on port 443.
MD5:
51b6676b3c5fb862683f020bae6d3d0b

SHA-1:
25f7766be7c802d09e2dfd74c93b52d53978fcde

SHA-256:
e44e5010cccc4e95ea29a75956cf6ac4bee1febeaa34cca3b048ad12e9dc11dc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
10/21/2017 6:44:36 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TranslateGenius (M)
16.3.23.23

File size:
111.3 KB (113,952 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\translategenius.crx

Google Chrome Extension
ID:
Translate Genius

Display name:
Translate Genius

Description:
Translations a your fingertips.

Update URL:
https://translategenius.com/extensions/chrome/update.xml


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to translategenius.com  (104.130.124.96:443)

 
https://translategenius.com/extensions/chrome/update.xml

{
  "default_locale": "en",
  "name": "Translate Genius",
  "version": "2.0.0",
  "manifest_version": 2,
  "description": "Translations a your fingertips.",
  "icons": {
    "16": "images/icon_16.png",
    "48": "images/icon_48.png",
    "128": "images/icon_128.png"
  },
  "background": {
    "page": "background.html"
  },
  "browser_action": {
    "default_icon": "images/icon_16.png",
    "default_popup": "popup.html"
  },
  "content_scripts": [
    {
      "matches": [
        "http://*/*"
      ],
      "css": [
        "style/translationgenius.css",
        "style/balloon.css"
      ],
      "js": [
        "scripts/jquery-1.7.2.min.js",
        "scripts/internationalization.js",
        "scripts/translategenius.js",
        "scripts/affiliatehook.js"
      ]
    }
  ],
  "options_page": "options.html",
  "permissions": [
    "tabs",
    "contextMenus",
    "<all_urls>",
    "storage",
    "background"
  ],
  "update_url": "https://translategenius.com/extensions/chrome/update.xml",
  "web_accessible_resources": [
    "images/*"
  ]
}
Remove translategenius.crx - Powered by Reason Core Security