Reason Labs

webssearches.xml

The file webssearches.xml has been detected as malware named PUP.SearchPlugin.webssearches. This is a Mozilla Firefox web browser search plugin called ‘webssearches’ which enables the search engine provider as well as search suggestions.
MD5:
13a2bf3219bd000cfcd4dfdb258bb213

SHA-1:
355979fcde6745ded9d291d6dc82504bdba03a07

SHA-256:
b21cfa169f26f2d9ed5f47ea686a5df1c33a2f0a50644507bc79a86d37a3ae71

Detection:
PUP.SearchPlugin.webssearches

Risk:
Medium

Explanation:
This potentially unwanted webssearches search plugin for Firefox is used to direct web searches from the search bar and runs as the browser's search engine.

Analysis date:
10/21/2018 12:25:04 AM UTC  (today)

File size:
582 Bytes

File type:
OpenSearch plugin for Firefox

Common path:
C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml

Mozilla Search Plugins
Name:
webssearches

Description:
webssearches Search

Search Form:
http://istart.webssearches.com/web/


<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
  <ShortName>webssearches</ShortName>
  <Description>webssearches Search</Description>
  <InputEncoding>ISO-8859-1</InputEncoding>
  <Url type="text/html" method="GET" template="http://istart.webssearches.com/web/">
    <Param name="from" value="tugs" />
    <Param name="uid" value="TOSHIBAXMQ01ABD075_53EKP4WMTXX53EKP4WMT" />
    <Param name="ts" value="1420913641" />
    <Param name="type" value="ds" />
    <Param name="q" value="{searchTerms}" />
  </Url>
  <SearchForm>http://istart.webssearches.com/web/</SearchForm>
</SearchPlugin>
Download Reason Core Security - Powerful anti-malware software