home

mp3rocket_2.exe

MP3Rocket

MP3 Support

The application mp3rocket_2.exe, “MP3Rocket Setup Program” by MP3 Support has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from www.mp3rocket.me.
Publisher:
MP3 Rocket Inc  (signed by MP3 Support)

Product:
MP3Rocket

Description:
MP3Rocket Setup Program

Version:
6.4.7.0

MD5:
ed33c742f028df6338c20e7e5694a633

SHA-1:
d95afdcd687d2e02b713c28a85127ffa7ab5a48d

SHA-256:
9cbaa854fa7cff9e7a465ac6e118eabacaea4cc51c9aae89c878f89c1ad8e30b

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/25/2024 2:57:09 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy (variant)
8.10058

Reason Heuristics
PUP.Installer.MP3Support.L
14.7.11.22

File size:
469.4 KB (480,656 bytes)

Product version:
6.4.7.0

Copyright:
Copyright © MP3 Rocket Inc

Original file name:
MP3RocketSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mp3rocket_2.exe

Digital Signature
Signed by:
MP3 Support

Authority:
Thawte, Inc.

Valid from:
6/27/2013 10:00:00 AM

Valid to:
7/12/2015 9:59:59 AM

Subject:
CN=MP3 Support, OU=SECURE APPLICATION DEVELOPMENT, O=MP3 Support, L=Oshawa, S=Ontario, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
146C2E323177663B9DF87FFF1B9C31D8

File PE Metadata
Compilation timestamp:
6/20/2014 10:26:35 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:VM4miJa5oVhrw4Fu49QP1Ot7/cJZDE+8bNollZG:VM4pJ9cOu4mPAEZD8bClfG

Entry address:
0xD9A60

Entry point:
60, BE, 00, 40, 47, 00, 8D, BE, 00, D0, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.7653

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
408 KB (417,792 bytes)

The file mp3rocket_2.exe has been seen being distributed by the following URL.

http://www.mp3rocket.me/.../mp3rocket_2.exe

Remove mp3rocket_2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.