» mp3rocket.exe
Overview
Analysis
File Details
Downloads (12)

mp3rocket.exe

MP3Rocket

MP3 Support

The application mp3rocket.exe, “MP3Rocket Setup Program” by MP3 Support has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d.baixakifiles2.com and multiple other hosts.

File name:

mp3rocket.exe

Publisher:

MP3 Rocket Inc (signed by MP3 Support)

Product:

MP3Rocket

Description:

MP3Rocket Setup Program

Version:

6.5.1

MD5:

36b39884fd1d5604e7d74447a09bff98

SHA-1:

fbe2f93f2232f93680ea51ae4cddca08c06f9bc6

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/25/2024 2:39:04 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy (variant)

8.10464

Reason Heuristics

PUP.Installer.MP3Support.J

14.9.25.15

File size:

496.5 KB (508,408 bytes)

Product version:

6.5.1

Original file name:

MP3RocketSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\mp3rocket.exe

Digital Signature

Signed by:

MP3 Support

Authority:

Thawte, Inc.

Valid from:

6/26/2013 7:00:00 PM

Valid to:

7/11/2015 6:59:59 PM

Subject:

CN=MP3 Support, OU=SECURE APPLICATION DEVELOPMENT, O=MP3 Support, L=Oshawa, S=Ontario, C=CA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

146C2E323177663B9DF87FFF1B9C31D8

File PE Metadata

Compilation timestamp:

9/3/2014 4:40:07 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:1ON8hl9P2PE6ruDsXirNe3NIp8al2102bc:1ONy9ehWYcJ8al2XQ

Entry address:

0xE7F40

Entry point:

60, BE, 00, C0, 47, 00, 8D, BE, 00, 50, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.7637

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

436 KB (446,464 bytes)

The file mp3rocket.exe has been seen being distributed by the following 12 URLs.

http://d.baixakifiles2.com/?ic_user_id=254&data=qlvdhbAjTNP7P0BLopguL7YU5pb3qbFyOaXK9/dhIL1FIo7xgSjnTvrCyFka0B heL7gytody/Ff2AwQdU0d2Bo8RDURtJPjO/hwZDSr7KBIJt3z1On7 E Rt6wTgk5yU2PIjtc05DW0 ebQhP6msJIgUkL1d 7MLhNHnWGSAE90/mW67gXYpei0x3rI8ZjwITasDACcq63onvsyeTI/1cbtFb3DQzOYnklSSh9qm1ASKVI9P4eoxV94WEwJ2RcICOULiuL/7GxyogzUGM2daq08EE3EWoytD5Fnoyx9grhLXUJv3y4jcqq 2nLUC4k3Ras8Q2E7RDsmoFNG2hmAyuEEffw8fLqbj0H76xbqf7A71rdivIDs0Rjk88hcUI71gMB7Fz2/uKZ/p1qoJkzvhAHoYFeJLov83grhiGziOUFuQnUn3w9d4St7Mn lFrSaSq7T v0UN77tEPdAaxNNxzOT128 e A4i4PFajW1R1iaJRPT85QgP2f9NJtqADfTwYxH8Wvdwup9ZI f1hTT9YyhXBz/5YvGTNqu6lRv3OJouMaPX4uzRuo4GKRJkz/YCEIdZS3PDib YS50laM1qd6/BKkazHaTwTij5ch 80jRGsmUWReGvhthMRedhAB1cyTgTZbZXt yvKCYYhMcY/ r2n2Gtld2FcnDO3COZX7MA7l4bY0eXcWrv0XCW6Ylr0W2xPlmqK/ZrE4Gfa6YjjlYmKjeYbHRUuJCdpCGS4CLBNlH&key=UP7eR22od5woqd0w7sodBN Rb13MbNqzVs2a/p di ik1TfkdXtNtzZU W1BmSZ5UhE/.../XLfU bhayCkhyU8DE7UIg3B7xMLkurihe9xFs2enR

http://d.baixakifiles2.com/?ic_user_id=254&data=ZySGUAHg6BgVGOAAP aE16lucVpgf3ao0pkmOeNlvEnffC6E3Jj9VP3Blo18pmxOwTHURtmAirFCgOJiqWT5xE4Kd1DmxXoByOKv0CcpZ47d2i077I3UzepqHwLRyKwgn6avr4ThN/IquhVo4V8cgT39Rd/MTGXLLM1oLzMma1keZPHJeP6wXPFf/pj0VQlKiGkL4fqoDO1tFCXfumTP6XSyS8 oJ4jFw/tagpeCClL3UOBrwvWmLWsnztiqZsoxnF1kIV9Frgw2jvDJYxa3PrieK44aeycel7O2lTiuwJgQtOlxA47VQ7L1l9XcumHgOfg6yuDNmxEroxUfDLaZsuSzMNF9Y5fxGUJ/lE/i/DlgmiDsrbVM7itekq0isNoVJAr2T4oDgt7s7PolD9wPld3hWMT/7F7avEyBlGqcI1lf1OQgObW 9xy8Pzl4W7xYjbcIo6xSoSsrEdSdTpQvkroWpDVdOKpdA4kBf2iiqr7EEUC6itZeYTZYBk3aTTBd pCoV1uTbAHshpbeukEhN1AUYITiXX85KwXXB27XRA7wMGcVD0CMVia6KI7pndohH1PLQZxNqZKrxUkCyIBnhAce05C3Db0P5yXx/Wo7fUCHtsSnKho27MxT2cF5CWp6H8nhj5lm lA k26O2o vlXKqtkR0enEIOvU03XN0ck3WahON0znZnTudHwMAqIhvk8wMN8AE729svpHTiwvl1ok3uzm52QXLg6b4 fToeZ9pa6yi&key=MXrU34sLPZJRSEGxcrOoXA9EFegjBX3nlSVWNO4vTz6p6p7N4vbPlx16qnl6XhG0lNO8qTx84qqsblU /w6tQ8ZLEm9XqOErlZPiWY1FDmKNGw3RL Ag/.../VmWErbTqVl XoTVSvdfRTCfECr6h1

http://global-shared-files-l3.softonic.com/fbe/2f9/.../file?nvb=20140929131615&nva=20140930011715&token=038ff703981a7d38830b5&instance=softonic_en&filename=mp3rocket.exe

http://www.all-free-songs.com/.../mp3rocket.exe

http://www.musicrocket.com/.../mp3rocket.exe

http://www.allmusicdownloads.com/.../mp3rocket.exe

http://www.safefiles.com/.../mp3rocket.exe

http://www.limesearchbar.com/.../mp3rocket.exe

http://www.rocketbackups.com/.../mp3rocket.exe

http://www.safefiles.net/.../mp3rocket.exe

http://www.psprocket.com/.../mp3rocket.exe

http://www.mp3rocket.me/.../mp3rocket.exe

Remove mp3rocket.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.