» mp3jamsetup.exe
Overview
Analysis
File Details

mp3jamsetup.exe

Orbita LLC

The application mp3jamsetup.exe, “MP3jam Setup ” by Orbita has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

mp3jamsetup.exe

Publisher:

MP3jam (signed by Orbita LLC)

Product:

MP3jam

Description:

MP3jam Setup

Version:

1.0.0.5

MD5:

375b03ebafb5afc98e9c6cd015a4325a

SHA-1:

76b90dd09070d9bb730c2b330e8042d6952e8fb3

SHA-256:

d3aec124969bc689c6a6740ca2f4e463607074700b36cfd40c42739f9221818e

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/23/2024 11:46:11 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AVG

OpenCandy

2016.0.3007

Baidu Antivirus

Adware.Win32.OpenCandy

4.0.3.15824

Dr.Web

Adware.OpenCandy.3

9.0.1.0236

ESET NOD32

Win32/OpenCandy

9.8116

McAfee

Artemis!7E3122464147

5600.6663

Reason Heuristics

PUP.OpenCandy.Installer (L)

15.8.24.14

Trend Micro House Call

Suspicious_GEN.F47V1204

7.2.236

VIPRE Antivirus

Trojan.Win32.Generic

37528

File size:

4.7 MB (4,891,328 bytes)

Product version:

1.0.0.5

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\mp3jamsetup.exe

Digital Signature

Signed by:

Orbita LLC

Authority:

GlobalSign nv-sa

Valid from:

11/14/2012 11:59:40 AM

Valid to:

11/13/2014 12:32:44 PM

Subject:

E=contact@mp3jam.org, CN=Orbita LLC, O=Orbita LLC, L=Nizhny Novgorod, S=Nizhny Novgorod oblast, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121680C4CC61E231584CCF3BC888E070A26

File PE Metadata

Compilation timestamp:

10/9/2012 9:48:22 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:bGANKxSihrEd9FPUIvpH2oPs3VKPJens1PPGwJPSbckZdnCWdbJIez955:bGAstxK9FPlhWoPs3LnsAwwwkvnZzZH

Entry address:

0xF3BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01... 
[+]

Entropy:

7.9818

Developed / compiled with:

Microsoft Visual C++

Code size:

59 KB (60,416 bytes)

Remove mp3jamsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.