» mp3jamsetup.exe
Overview
Analysis
File Details

mp3jamsetup.exe

Orbita LLC

The application mp3jamsetup.exe, “MP3jam Setup ” by Orbita has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

mp3jamsetup.exe

Publisher:

MP3jam (signed by Orbita LLC)

Product:

MP3jam

Description:

MP3jam Setup

Version:

1.0.0.5

MD5:

c8c011525b10dad67dbccd05d502408a

SHA-1:

ce197bfb4679e48465e9e937abc86f68ecd66a10

SHA-256:

a014055d98616795675c262100450fa0f7609111d0b9cbcc8d61ec3c091ee871

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/26/2024 12:35:09 AM UTC (today)

Scan engine

Detection

Engine version

AVG

OpenCandy

2016.0.2961

Baidu Antivirus

Adware.Win32.OpenCandy

4.0.3.151010

Dr.Web

Adware.OpenCandy.3

9.0.1.0283

ESET NOD32

Win32/OpenCandy

9.8427

McAfee

Artemis!7E3122464147

5600.6617

Reason Heuristics

PUP.OpenCandy.Installer (L)

15.10.10.10

Trend Micro House Call

Suspicious_GEN.F47V1204

7.2.283

VIPRE Antivirus

Trojan.Win32.Generic

37528

File size:

4.7 MB (4,892,112 bytes)

Product version:

1.0.0.5

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\mp3jamsetup.exe

Digital Signature

Signed by:

Orbita LLC

Authority:

GlobalSign nv-sa

Valid from:

11/14/2012 12:59:40 PM

Valid to:

11/13/2014 1:32:44 PM

Subject:

E=contact@mp3jam.org, CN=Orbita LLC, O=Orbita LLC, L=Nizhny Novgorod, S=Nizhny Novgorod oblast, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121680C4CC61E231584CCF3BC888E070A26

File PE Metadata

Compilation timestamp:

10/9/2012 10:48:22 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:pGANKxSiyJiPolwCB9dCh+eLmecSeKPJenbu+bMpwJPSbckZdnCWdbJMez95M:pGAstZPOwCB9d65Lmex+nifwwwkvnZvs

Entry address:

0xF3BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

59 KB (60,416 bytes)

Remove mp3jamsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.