zappaddon.crx

Zapp

This is a Chrome web browser extension which contains the installable app and manifest file. The file zappaddon.crx has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It loads within the context of Google Chrome as a compliled extension with the display name of Zapp. While running, it connects to the Internet address update.toolbar.widdit.com on port 80 using the HTTP protocol.
MD5:
7b51a2a76614ee243228e12e4d367551

SHA-1:
d802ddff31d1c7673c684f22cbc599e893745848

SHA-256:
ff86bb48ede433bf5f69b87cebd266fc96149af60580978b0fd7b702cdedaed7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/12/2017 2:02:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Widdit.ChromePlugin.M
14.5.12.1

File size:
806.4 KB (825,756 bytes)

File type:
CRX Package Format (zip file with special header)

Common path:
C:\Program Files\zappaddon\chrome\zappaddon.crx

Google Chrome Extension
ID:
zappaddon

Display name:
Zapp

Description:
Zapp

Update URL:
http://update.toolbar.widdit.com/chrome/?si=66920&ti=8089&ver=4.7


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to update.toolbar.widdit.com  (82.80.196.113:80)

 
http://update.toolbar.widdit.com/chrome/?si=66920&ti=8089&ver=4.7

{
  "name": "Zapp",
  "version": "4.7",
  "manifest_version": 2,
  "description": "Zapp",
  "icons": {
    "16": "images/widdit_icon_small.png",
    "48": "images/widdit_icon_med.png",
    "128": "images/widdit_icon_large.png"
  },
  "background": {
    "page": "background.html"
  },
  "web_accessible_resources": [
    "js/*.js",
    "*.html",
    "*.htm",
    "*.js",
    "*.png",
    "*.jpg",
    "*.gif"
  ],
  "content_security_policy": "script-src 'self' https://ajax.googleapis.com https://graph.facebook.com https://hometab.widdit.com https://widdit.com https://geo.widdit.com https://fad.widdit.com https://adds.widdit.com https://ads.widdit.com https://landing.widdit.com https://rp.widdit.com https://suggest.widdit.com https://ssl.google-analytics.com https://www.certified-toolbar.com https://cdn1.certified-toolbar.com https://cdn1.certified-apps.com https://www.certified-apps.com https://static.apps.widdit.com https://ssl.widdit.com https://sslcdn.widdit.com https://services.crossreader.net 'unsafe-eval'; object-src 'self' ",
  "update_url": "http://update.toolbar.widdit.com/chrome/?si=66920&ti=8089&ver=4.7",
  "content_scripts": [
    {
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "css": [
        "css/widdit.css"
      ],
      "js": [
        "js/widdit.js"
      ],
      "run_at": "document_start"
    },
    {
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "js": [
        "js/widdit_end.js"
      ],
      "run_at": "document_end"
    }
  ],
  "plugins": [
    {
      "path": "npwiddit.dll",
      "public": true
    }
  ],
  "chrome_url_overrides": {
    "newtab": "bundler/newtab.html"
  },
  "permissions": [
    "contextMenus",
    "management",
    "tabs",
    "<all_urls>",
    "notifications",
    "unlimitedStorage",
    "browsingData",
    "bookmarks",
    "cookies",
    "geolocation",
    "history",
    "idle",
    "webRequest",
    "topSites",
    "webRequestBlocking"
  ]
}
Remove zappaddon.crx - Powered by Reason Core Security