manifest.json

Search All

This is the Google Chrome manifest for the extension named 'Search All' and contains the URLs that the app uses, including the launch page, background pages, icons and images and permissions for the app.
MD5:
bdf33f1b6bd579388e244f2c1369cf2e

SHA-1:
11b7c3d448d2931428bf5efc0b23bdd985200d95

SHA-256:
8236d0dd1bfb24b3b3c448b3ed682c3e29352bd519c0b1ff96db4c68a98d1b38

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
While the manifest file itself is not malware, it is linked to an unwanted Chrome extension.

What can it do?
  • The extension has full access to the Chrome browser's record of visited pages
  • Can access the browser's bookmarks as well as add or remove items
  • Can add context menu items to any web page or frame
  • Observes and analyzes traffic and has the ability to intercept, block, or modify requests

Analysis date:
8/21/2018 4:57:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Koko.Chrome.Extension (L)
15.9.15.10

File size:
2.9 KB (2,919 bytes)

File type:
Google Chrome extension, installable web app, and theme JSON-formatted manifest file that provides configuration information.

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\extensions\eekjldapjblgadclklmgolijbagmdnfk\2.2.25_0\manifest.json

Google Chrome Extension
ID:
eekjldapjblgadclklmgolijbagmdnfk

Version:
2.2.25

Display name:
Search All

Description:
The easiest way to access different search engines.

Update URL:
https://mynamedomain.koko/00service/update2/crx


{
  "background": {
    "page": "bg.html"
  },
  "browser_action": {
    "default_icon": "icon19.png",
    "default_popup": "popup.html",
    "default_title": "__MSG_browserActionDefaultTitle__"
  },
  "content_scripts": [
    {
      "css": [
        "style/cs.css",
        "style/searchdiv.css"
      ],
      "js": [
        "js/jquery.js",
        "js/contentscript.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "run_at": "document_end"
    },
    {
      "all_frames": false,
      "js": [
        "js/DCM/page-state-tracker.js"
      ],
      "matches": [
        "*://*/*"
      ],
      "run_at": "document_start"
    }
  ],
  "content_security_policy": "script-src 'self' https://cdn.extensionanalytics.com; object-src 'self'",
  "default_locale": "en",
  "description": "__MSG_extDesc__",
  "icons": {
    "128": "icon128.png",
    "16": "icon16.png",
    "32": "icon32.png",
    "48": "icon48.png"
  },
  "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD1BhOUWGRJc/Bv8AoWA0YDwitK4X4f4bsDvEE5qUMehDA1sT3v9N1OnYc9yiTjxFl1sTduWa55QXNCWa0NTXn+jlNmyo3yOmGi5Ti8QNBlINC1S8tzisBDdgwhA6VbcOE8pBpdczvGhUt9jsCqkZTgY74U1nKUpwUYsvVpPjVSOQIDAQAB",
  "manifest_version": 2,
  "minimum_chrome_version": "6.0",
  "name": "__MSG_extName__",
  "options_page": "options.html",
  "permissions": [
    "contextMenus",
    "unlimitedStorage",
    "tabs",
    "bookmarks",
    "history",
    "cookies",
    "http://*/",
    "*://*/*",
    "https://*/",
    "chrome://favicon/",
    "webRequest",
    "webNavigation",
    "storage",
    "webRequestBlocking",
    "idle"
  ],
  "update_url": "https://mynamedomain.koko/00service/update2/crx",
  "version": "2.2.25",
  "web_accessible_resources": [
    "style/favicons/google.ico",
    "style/favicons/yahoo.ico",
    "style/favicons/bing.ico",
    "style/favicons/wikipedia.ico",
    "style/favicons/amazon16.png",
    "style/favicons/ebay.ico",
    "style/favicons/baidu.ico",
    "style/favicons/facebook.ico",
    "style/favicons/twitter.ico",
    "style/favicons/linkedin.ico",
    "style/favicons/googleplus.ico",
    "style/favicons/tumblr.gif",
    "style/favicons/dictionary.ico",
    "style/favicons/slideshare.ico",
    "style/favicons/scribd.ico",
    "style/favicons/ebookee.ico",
    "style/favicons/pricewatch.ico",
    "style/favicons/pricegraber.ico",
    "style/favicons/shopping.ico",
    "style/favicons/neweggs.ico",
    "style/favicons/taobao.ico",
    "style/favicons/360buy.ico",
    "style/favicons/etao.ico",
    "style/favicons/flicker.ico",
    "style/favicons/pinterest.ico",
    "style/favicons/imdb.ico",
    "style/favicons/youtube.ico",
    "style/favicons/allrecipes.ico",
    "style/favicons/foodnetwork.ico",
    "style/favicons/quora.ico",
    "style/favicons/stackoverflow.ico",
    "style/favicons/yahooanswer.ico",
    "style/favicons/yandex.ico",
    "style/close.png",
    "st...
Remove manifest.json - Powered by Reason Core Security