5/5 - (1 votes)

ZHPDiag – Module P2 – Firefox Extensions

For Wikipedia, the extensions are very numerous and allow you to add new functionalities to the browser, such as the weather in the status bar, blocking of website advertisements, web development tools, etc.

The extension should not be confused with the plugin, which is a kind of complementary application, external to the software that uses it; the extension here should rather be taken as a modification of the program. Linked to the FPN (Firefox Plugin Navigator) module. It allows you to list all the plugins installed for the Mozilla Firefox browser. Some plugins may be malware programs. ZHPLite analysis will identify them.

– The search is carried out in the folder “%Program Files%\Mozilla Firefox\Plugins\"

An additional search is carried out in the following Registry base keys:
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins]
[HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins]

ZHPDiag Overview

—\\ Firefox, Plugins, Startup, Search, Extensions (11) – 0s
P2 – EXT FILE: (.Mozilla Corporation.) — C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi =>.Mozilla Corporation
P2 – EXT FILE: (.Mozilla Corporation.) — C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi =>.Mozilla Corporation

Example of detection

—\\ Firefox, Plugins, Startup, Search, Extensions (11) – 1s
P2 – EXT FILE: (.Tables – .) — ​​C:\Users\Coolman\AppData\Roaming\Mozilla\Firefox\Profiles\v84dtymq.default\extensions\378507@extcorp.net.xpi =>Adware.CloudAtlas
P2 – FPN: [HKLM] [@qvod.com/QvodShare] – (.Shenzhen QVOD Technology Co.,Ltd – QvodShareModule.) — D:\QvodPlayer\npShareModule_x64.dll =>PUP.Optional.Qvod

About the Author

Back to top