home

mp3rocket.exe

Software Program

MP3 Support

The application mp3rocket.exe, “Software Program Setup ” by MP3 Support has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.safefiles.net and multiple other hosts.
Publisher:
MP3 Support  (signed and verified)

Product:
Software Program

Description:
Software Program Setup

MD5:
ddc73152f4557a2fa30f159cba481132

SHA-1:
7544992a06ca893f18580f8c6cb070e14f210a6a

SHA-256:
729d2f9496eca2597f7528f533d0b26c625b96a8079544fc0af3f4074de58a09

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 10:05:14 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.199.206

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15112

ESET NOD32
Win32/InstallCore.UF (variant)
9.10973

K7 AntiVirus
Unwanted-Program
13.1814554

McAfee
Artemis!DDC73152F455
5600.6887

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Reason Heuristics
PUP.Installer.MP3Support.J
15.1.12.16

Sophos
Generic PUA HF
4.98

File size:
861 KB (881,704 bytes)

Product version:
3.0

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mp3rocket.exe

Digital Signature
Signed by:
MP3 Support

Authority:
Thawte, Inc.

Valid from:
6/26/2013 7:00:00 PM

Valid to:
7/11/2015 6:59:59 PM

Subject:
CN=MP3 Support, OU=SECURE APPLICATION DEVELOPMENT, O=MP3 Support, L=Oshawa, S=Ontario, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
146C2E323177663B9DF87FFF1B9C31D8

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:msfowXaiu4gUGy1VBJ1pklV0R/6UbvS7l3ec:mErGoJ1pgVG6UTS7tt

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8528

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file mp3rocket.exe has been seen being distributed by the following 10 URLs.

http://www.safefiles.net/.../mp3rocket.exe

http://www.imusicsearch.com/.../mp3rocket.exe

http://d5.mp3rocket.com/.../mp3rocket.exe

http://www.mp3rocket.me/.../mp3rocket.exe

http://www.allmusicdownloads.com/.../mp3rocket.exe

http://www.rocketbackups.com/.../mp3rocket.exe

http://www.musicrocket.com/.../mp3rocket.exe

http://www.allcoolmusic.com/.../mp3rocket.exe

http://www.safefiles.com/.../mp3rocket.exe

http://global-shared-files-l3.softonic.com/754/499/.../file?nvb=20150111220908&nva=20150112101008&token=0d65ea7b169b226f25a92&SD_used=0&channel=WEB&fdh=no&id_file=54821&instance=softonic_en&type=PROGRAM&filename=mp3rocket.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-191-59-48.us-west-2.compute.amazonaws.com  (54.191.59.48:80)

TCP (HTTP):
Connects to ec2-52-25-117-203.us-west-2.compute.amazonaws.com  (52.25.117.203:80)

Remove mp3rocket.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.