mp3rocket.exe

MP3Rocket

MP3 Support

The application mp3rocket.exe, “MP3Rocket Setup Program” by MP3 Support has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d.baixakifiles2.com and multiple other hosts.
Publisher:
MP3 Rocket Inc  (signed by MP3 Support)

Product:
MP3Rocket

Description:
MP3Rocket Setup Program

Version:
6.5.1

MD5:
36b39884fd1d5604e7d74447a09bff98

SHA-1:
fbe2f93f2232f93680ea51ae4cddca08c06f9bc6

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/17/2018 12:13:04 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy (variant)
8.10464

Reason Heuristics
PUP.Installer.MP3Support.J
14.9.25.15

File size:
496.5 KB (508,408 bytes)

Product version:
6.5.1

Copyright:
Copyright © MP3 Rocket Inc

Original file name:
MP3RocketSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\mp3rocket.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/26/2013 7:00:00 PM

Valid to:
7/11/2015 6:59:59 PM

Subject:
CN=MP3 Support, OU=SECURE APPLICATION DEVELOPMENT, O=MP3 Support, L=Oshawa, S=Ontario, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
146C2E323177663B9DF87FFF1B9C31D8

File PE Metadata
Compilation timestamp:
9/3/2014 4:40:07 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:1ON8hl9P2PE6ruDsXirNe3NIp8al2102bc:1ONy9ehWYcJ8al2XQ

Entry address:
0xE7F40

Entry point:
60, BE, 00, C0, 47, 00, 8D, BE, 00, 50, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.7637

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
436 KB (446,464 bytes)

The file mp3rocket.exe has been seen being distributed by the following 12 URLs.

http://d.baixakifiles2.com/?ic_user_id=254&data=qlvdhbAjTNP7P0BLopguL7YU5pb3qbFyOaXK9/dhIL1FIo7xgSjnTvrCyFka0B heL7gytody/Ff2AwQdU0d2Bo8RDURtJPjO/hwZDSr7KBIJt3z1On7 E Rt6wTgk5yU2PIjtc05DW0 ebQhP6msJIgUkL1d 7MLhNHnWGSAE90/mW67gXYpei0x3rI8ZjwITasDACcq63onvsyeTI/1cbtFb3DQzOYnklSSh9qm1ASKVI9P4eoxV94WEwJ2RcICOULiuL/7GxyogzUGM2daq08EE3EWoytD5Fnoyx9grhLXUJv3y4jcqq 2nLUC4k3Ras8Q2E7RDsmoFNG2hmAyuEEffw8fLqbj0H76xbqf7A71rdivIDs0Rjk88hcUI71gMB7Fz2/uKZ/p1qoJkzvhAHoYFeJLov83grhiGziOUFuQnUn3w9d4St7Mn lFrSaSq7T v0UN77tEPdAaxNNxzOT128 e A4i4PFajW1R1iaJRPT85QgP2f9NJtqADfTwYxH8Wvdwup9ZI f1hTT9YyhXBz/5YvGTNqu6lRv3OJouMaPX4uzRuo4GKRJkz/YCEIdZS3PDib YS50laM1qd6/BKkazHaTwTij5ch 80jRGsmUWReGvhthMRedhAB1cyTgTZbZXt yvKCYYhMcY/ r2n2Gtld2FcnDO3COZX7MA7l4bY0eXcWrv0XCW6Ylr0W2xPlmqK/ZrE4Gfa6YjjlYmKjeYbHRUuJCdpCGS4CLBNlH&key=UP7eR22od5woqd0w7sodBN Rb13MbNqzVs2a/p di ik1TfkdXtNtzZU W1BmSZ5UhE/.../XLfU bhayCkhyU8DE7UIg3B7xMLkurihe9xFs2enR

Remove mp3rocket.exe - Powered by Reason Core Security