» mp3rocket-win-pro.exe
Overview
Analysis
File Details

mp3rocket-win-pro.exe

MP3 Support

The application mp3rocket-win-pro.exe, “MP3Rocket-Win.exe” by MP3 Support has been detected as a potentially unwanted program by 17 anti-malware scanners. This version of the file will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.

File name:

Publisher:

MP3 Support (signed and verified)

Description:

MP3Rocket-Win.exe

Version:

5.0.3

MD5:

a0a727b278ef1683252e87e3f4aa8689

SHA-1:

ad0b845fcf9c3ea574d12054645083738f591201

SHA-256:

d21ae4770822ea5670e922c9f64ef4f2f07902259f1a5842486efdf88251c74b

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

6/17/2024 2:31:34 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.Askbar.B

7.1.1

Avira AntiVirus

APPL/AdInstaller.B

7.11.184.16

avast!

Win32:PUP-gen [PUP]

2014.9-151114

AVG

Skodna.Generic

2016.0.2926

Baidu Antivirus

Adware.Win32.MyWebSearch

4.0.3.151114

Bkav FE

HW32.Packed

1.3.0.4959

Clam AntiVirus

Win.Trojan.Delf-5738

0.98/21411

ESET NOD32

Win32/AdInstaller (variant)

9.10703

G Data

Win32.Trojan.Agent.AYE189

15.11.24

McAfee

Adware-WebSearch

5600.6582

NANO AntiVirus

Trojan.Win32.AdInstaller.bdazwt

0.28.6.62995

Norman

Suspicious_Gen2.CMBMF

11.20151114

Qihoo 360 Security

Win32/Virus.WebToolbar.c34

1.0.0.1015

Quick Heal

WebToolbar.MyWebSearch.r4 (Not a Virus)

11.15.14.00

Reason Heuristics

PUP.MP3Support (M)

15.11.14.8

Rising Antivirus

PE:Trojan.Win32.Generic.133B9575!322671989

23.00.65.151112

VIPRE Antivirus

MyWebSearch Toolbar (not malicious)

34692

File size:

3.2 MB (3,407,616 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\mp3rocket-win-pro.exe

Digital Signature

Signed by:

MP3 Support

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

7/12/2007 7:00:00 PM

Valid to:

7/12/2009 6:59:59 PM

Subject:

CN=MP3 Support, OU=Secure Application Development, O=MP3 Support, L=Oshawa, S=Ontario, C=CA

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

38EBE0F349F686E549C5BEC3BF8944F7

File PE Metadata

Compilation timestamp:

3/31/2007 10:09:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:/4HkeZoLf9DboTj11zNPM3Y3Yz63fezLORJbgHp4AUhYv:W6boPXz2ooz6WOUHpy

Entry address:

0x32D0

Entry point:

55, 8B, EC, 81, EC, 80, 01, 00, 00, 53, 56, 33, DB, 57, 89, 5D, F4, C7, 45, F8, 70, 91, 40, 00, 89, 5D, FC, C6, 45, EC, 20, FF, 15, 30, 70, 40, 00, 53, FF, 15, 70, 72, 40, 00, A3, F0, 43, 42, 00, 53, 8D, 85, 80, FE, FF, FF, 68, 60, 01, 00, 00, 50, 53, 68, 00, F9, 41, 00, FF, 15, 54, 71, 40, 00, 68, 88, 92, 40, 00, 68, 40, 3B, 42, 00, E8, 06, 28, 00, 00, FF, 15, B4, 70, 40, 00, BE, 00, A0, 42, 00, 50, 56, E8, F4, 27, 00, 00, 53, FF, 15, 08, 71, 40, 00, 80, 3D, 00, A0, 42, 00, 22, A3, 40, 43, 42, 00, 8B, C6... 
[+]

Entropy:

7.9913

Developed / compiled with:

Microsoft Visual C++

Code size:

22.5 KB (23,040 bytes)

Remove mp3rocket-win-pro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.