Reason Labs

findit.xml

The file findit.xml has been detected as malware named Hijacker.SnapDo.Search. This is a Mozilla Firefox web browser search plugin called ‘findit’ which enables the search engine provider as well as search suggestions.
MD5:
6a0bfd61952f6800fcb13c3a2b926944

SHA-1:
80ce0dc6082c117451d4b9da8a2d230551706d00

SHA-256:
41938c2faa87b30752b05ce1952d06671382953fb44271dd6dd1d8f7f47c81ec

Detection:
Hijacker.SnapDo.Search

Risk:
Medium

Explanation:
This potentially unwanted findit search plugin for Firefox is used to direct web searches from the search bar and runs as the browser's search engine.

Analysis date:
10/19/2018 3:35:40 AM UTC  (today)

File size:
2.3 KB (2,395 bytes)

File type:
OpenSearch plugin for Firefox

Common path:
C:\users\{user}\appdata\roaming\mozilla\firefox\profiles\{user}.default\searchplugins\findit.xml

Mozilla Search Plugins
Name:
findit

Description:
findit description

Search Form:
search.snap.do

Search Template:
https://feed.helperbar.com/


<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
  <ShortName>findit</ShortName>
  <Description>findit description</Description>
  <InputEncoding>UTF-8</InputEncoding>
  <Image width="16" height="16">data:image/x-icon;base64,{removed}</Image>
  <Url type="application/x-suggestions+json" method="GET" template="http://suggestqueries.google.com/complete/search?output=firefox&amp;client=firefox&amp;hl={moz:locale}&amp;q={searchTerms}" />
  <Url type="text/html" method="GET" template="https://feed.helperbar.com/">
    <Param name="p" value="mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPmlMHrD_xlOeu95SQM_Hyy8mXPEOndzWUIe4kzRAQOUlI6TFehfvp8XhhArPsKf7EL49UJWQPDeaylSRi9Xtzr0ZxxnBGc9Me8X0pngbEUFYodXAy185rlPDGgtIg-5ZktBeCi8MBcxM2DtXZKlqoLEcBLSXuc9rLMYrkAJ9f" />
    <Param name="q" value="{searchTerms}" />
    <MozParam name="client" condition="defaultEngine" trueValue="firefox-a" falseValue="firefox" />
  </Url>
  <SearchForm>search.snap.do</SearchForm>
</SearchPlugin>
Download Reason Core Security - Powerful anti-malware software