icreinstall_mp3rocket_setup.exe

Gaki

MP3 TechSupport LLC

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_mp3rocket_setup.exe, “Gaki Setup ” by MP3 TechSupport has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.hostflashconcepts.com and multiple other hosts. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
Publisher:
MP3 TechSupport LLC  (signed and verified)

Product:
Gaki

Description:
Gaki Setup

MD5:
74c5c1ece078630d3cac5ddd2fb72fa1

SHA-1:
63729cff000d4f90b73e6631a62e9e2c982a2b2d

SHA-256:
a027807503c5377e8f50b6893fb1defc2feb87a42060ef8c850457e7cdc1f5c2

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 1:29:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.2.13.2

File size:
1.4 MB (1,421,832 bytes)

Product version:
1.8.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_mp3rocket_setup.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
1/29/2017 6:00:00 PM

Valid to:
4/21/2018 6:59:59 PM

Subject:
CN=MP3 TechSupport LLC, O=MP3 TechSupport LLC, L=Lehi, S=Utah, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
5ADACEC02DE27C8BEEF159CC436D4A35

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9559

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file icreinstall_mp3rocket_setup.exe has been seen being distributed by the following 50 URLs.

http://www.hostflashconcepts.com/q8uziEadVE3ox4A8bRuZdL3UeGmRiJGZ4sXtYaA2Y9Q4CkBjavY09VD457wIZshevzWoZWAk AXtvH9mIkXewR_L_ljOzHcUHNo2Ofx_rdyJ3FLCBIWx8nSV5C3SUNpUYo9vj oDjas1bCghU31CZvWj9k vTw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/Yq7WCoIbjCSCz_A aLFN8QUdaSB5zg0DF9FAH74RFHaymTRDXa4nan96ZhSKtaxHrqNTpsowQ5qVac2t2eus1_U3YBqFprXtRqxe2ZEb3E06CGw e1JqnP7YTgC_w9jW3wjyGDJi65EH5GCXzbZijjc9V9oYsg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/Ali25ANy4UyLeqksH2AJgLCf1e0EQsziYPrCalN_GKlHjXf543SPIo0GHyGjrveOSayohtLdhZfYFBI2DrWaoFwRtR4hj9X0 oWXUYQVUw2h6D8okAyvGlyvR30hIpUq_ anxe9yW6kySfjgWgcHApE0l Kanw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/o17rc2U8V2yS6JRoxzQRKtXs2lnAsPrzlPKxz3erWdLvAkIhfeVdDqzc9Us KMBTWqu_9dDQc4o3LkqSmX08FQuVBpCk723Wduyu1FUyD3D7WhB0jd6Ut5Blmbcm3AizwS2xfKUDBLqDZqegFf1YatDOVyN2iQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/OspvuxAsNZwB4Uyv8vNEELY5HZCxTAYWc6oExAaGsW 0MmGdbB8puqNmaPvg3ZWXDAhcfeyBG0o9wuvuyQQ 996R7M2yz1IwT8dZj_atYU tEV1Om8aQvKIiUTQaO1KJlOJv xfSEBoBtM_v r_JDRMAqyvSTw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/0gOQuKnEbsaWUMz0FIhFeu HORaCUC0M9w7DTYZLdfVZdoUtQgB25gkdoNzRk6WZbxLV3aON7RID_sJZP5L0d7QyKle_dd6FwtOizFGy7CrKEVnsLDN1u2CHewNuPT1rZ65i8RM4QThOr2HrlaYlu4bpqO78lg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/sMTH0jSI_hCxcg5_gXkM2Qbh2o51eU1fQ5 cAgeigVKQMY_P0h55GB6Fbz45wOxaLCV 9Me3Kvw6p6W0HiIXCqH3Eh59VAG0yNNvz1SufpM0fX_7F4B2NcIeAXATf37AfvcDAWsM2 sBbvGwK3hAYnOM6w5AXg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/MBjpbj8DKzzLq10oxC5BORbqjJYgZl648YkYQ4AgrAVqZxqdktGv2wGUdSGgIks0gzuIT3IE271fjoWcvVH5 WMY37FKifH_Rbgufk1_DyweNV71rfm1ZYwW8xLuZiqnHPRkEC8IYtpYAAjko0jzJc7NxlMEjQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/0pv8_rqslWy9I4ynAU4ujKs_ inTO_LZqnQGtmSTtD56OZdl2DhXp9qAcYXRxB_ggoS7QcNa32nqCmKBUA67Dikf7J2CNcJRZYDsg4_r59EvYwode2W7bR3Zv1xxr 0WVm_TnfMTq6enG7JRbjCEONeR4gkthg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/JZvaz0ESL9Nes8hOGjjiyS n544OrZhGPiu N9J8NZyu3eVqldpksQhHzn kOg2dDWELJV3txAY53jIy5iUUH05KWd_geiEpQ7ZF1RYqb92QCpmJMeobYFusmx C5DqzIRarK8Hn0moxYugVIWS0SLvoT61BJw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/2f_b3NR5Okj1lFXLvZjmKA WF6u5RRJvMRwLdpKk_sRnGBmkEgRsQKqXDmHXwENKUAj102Q287Hxs04xfZAtC _1eKQWLiXyTf3LMOnVLvv97Pr_U0SugMS dmoqYxbiYp8oesknoEL4mS99Fh4gnQcTUcfoqQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/mkqF0W1JL21pa975lQ98PmMaqKEOc9S52CloniV_tlB5rSWSIDVHXIgrPjSvyyPDhFcwSeieGPuPIJWmzKilmnESSaOiFDpMn L3q2sikwiLsgAGyK05rr85C2KNtnXMVgBHvrouMKqa P3K Og_YmUK2NHRYQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/FMLofMd9ezgDHuORLUg2DpnlutC_UROpvGjjUYOwWhPWvTyOg0haEVkbu7jWJAsOuFO7y4717SWy7fJKrv7bpJhkIo9ncVprG7CV1y_cFPzrHlLUx7y2vAf4tDdpdSK VN0r156EUEytYi6tYtIlJmTja5RM8A==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/coiV3UoHFPRb8kzWXrccQJppgnkbxaC HSWHhkslwl2XrQ K0cH6h0bqJs22WMkCM1dDC2wXVhJ92UdAWEzHEz7dpXoqNEJRQz gyBkpqlXJDtctx5UPamzH5wtIzMnq6WZwLOpytV2vOivlHkpIScw1c_fbyQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/pQnVBcp7KAhOKUTnKFc2Dnvl716EK7Y9aKL2lvZ_t27Ij2iZ7Nf0zOVq4jG 1Za2Y18QFC9kLSzwJnNrbkvPwJGjLQr05SBB44 9YakGefMaqCiGIY2qfDJ2Leygud3LbbgWq17taQPgTyoH8Xqy8atosqh1kw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/GySHStrSKyiUF2QLBwE68A5hpofe_NdBTfQNPq0r4qEQqF6uJmWBecwamKHAPbQyA0wfi73cGmBBe9wU1zB64ESO75cGvgARudNOwZpMkSSkDCpdxir5A_vTzzSyj9DMFHL2qG3AogGPdtVdpeCe8ojTNTmBOw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/QMISUSDuZjMylToNtVsXuAVfBPiWPjldscjycdXp8iBSIY0m39VKgm_CJdj_cI0UeKSrZdqyytBVraxRifKNYQ0ZjN2cyHaI6tAN5ePgTSDjHdpn4YILtVF2dYvY4NmbhfEsW225gq_M4SbFk deljHuCG7P7A==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/4dkMpsEVn4QyemE3DliDXTkgQqN9iFuupgdUFUdkRHKHJRQCPTFAfJ_TEepkqRf5GF2FtoVzG2Fxbb2n5_CeysmWiZY7PL_lP9EXuS38SEPZ20Rhuh8YuRPys09de9lZ_hvVjIbtrqsBh6niQCqInQmgTaBs3Q==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/_b89NwxQ8uBI0eoCnX1MhPAZ0qdQMkJ3UgUWD78tNiBfRUyTPTs2TlmIaUuh0ERw2eN4a9jz5MC482nZlHjp2zjuV1lhGrcS5apxBdWOhaVcY5DnNJ5_qESTA_Vh9WyPOWfppIfsgNGdwFMQHgphnrY 2c3ZYQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/dRyvaXtvyInjG2Tz4moxMT_0nJHoloduBfel106uNdcWU3Q6jM4Jrn6Ki8XUy80h0giaPjjbEWWTHkwGkBrkcxlcAiK7niBWYq9fMD1ajnkjGgbQpKepIevTFYWyevHStw9m2AtQc0HERv5ge9ZLqW0syFQIVw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/lhJaEfV43Pq3GBmLwbwzqDD96jn9J agt7LgmPlAgQKn5JYdG246wWC3ggrsk9mGD933LJqsgjwWUaUNhZ_VsfFCwriWZi0Q8DJbZ zGsko pP_dUkVrE_58O8_MxzdiaOcyhjG1o_rWXnSz7MexIot1BZKcaw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/MruDUvgjaSCAF8ztZYDPMZUZImfs1U_bpvSu9YRbLhEQPRD6lc2UhShsLY6BGO98h4UVXLbcH09UrpuBHuHhq87oKpcqyZV8aWhDpMhdEJ2OLuC7kXQJdGvaSpqduIpIWRSskgIPeLwiNm3vTlQQBApsaXynaQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/55pC8TwJ4cgND08B9ZVcmU37Fz972KHp15sYBsv_KPr1c9H2jleHbyqqajbFRbqxOGqhM9j1dfH0tZ x2pdjiPusgUXG4KiABymnrFXnGOPTat2iQQvo73g66cLGEsIblX1da4g0zTkgcxf0yoLxQNaGtlKDAg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/bsuq2C6sBynBA36YhAoyyzclTNJUIdM6MKNGZFpac5zJsg3ukWi9Y2NHPDEXOvOHK4o1my7MUGdM9SNTz5rqxUmaV6cDAb7y9cW7LUVy2FYA5CZ4ewAUFAWXRVicCgQgDdMgahOC56Vk0GidfnE8wBVe6qT8VQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/UU0ms1bnWi u73aNwsGC3btwb3xnHQuXJIG3McI9uxvXFMevn jDteKFyQio94AMUpzRp0aXFMWFNa8CcKfsVXiWZGRtukmZ_RsMo1MGeZQqWi8c4mMXLNBoJ_L gRckCin00SWlF123t9aAJsVmdipmAxDDWg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/m DknPt1VHnvBT6GnscUY4GZ9RsVXF 5V7dxUmY4c6lJSjo3j0YvofPJZHAEBi0jzPTD3FJfuxDG88EiX9AtDo6Af3dW q0vJ36XkAjC8LjDxy9 4h0_OVYdyUgcgi_4K YMfQp6bqOjqOEvrKXoYwWEvEFZDw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/BvDsLn 63oBchD8_p9mI4tHzyra6nF hF_DGg9XxcpHjodXTDhxHUjXAmgYfXpyVqlrD1U3E53ikDgwdYExcdqrUmFk6aAvOA3Y v1SLyy2gLQOAuSrEKVsT7cLhVUCBT4koqjUxfRFfuUoy3ztfxiB8PhJbKQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/t2YhOjLK01xETmaQrW8xcU 5FTL0mQGAkvkdxxIAPIo 4SL0vk0bKfG1ke0bwfDiriiAESzzC6Z_nZaf9 nB8zFIVbpBvaoXHCKjutp5Ko 510bk5gHgMomL0FxghT3fMH3i_tNPxoDKUTzHCWj2btze1rrcxg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/SxVTfNGmPD5_PciNTe3TVrzRAK_vyIE _DzeXbl1DzXrOxqPJC8Y6oZdoQZj3BSvupSZmFR8tnb59l1jeYR7ssD16uDHab3EiunfD9__3UB9yeNXdpgnKf_MIR1Z82wAY4VjlhXSoL7RY7hni7mM51VokzHE0Q==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/ZTRmM6gYVLH34qeVrLZAnrsudWGPdLplUhhYBHguoBjmbXotZ2X5K bNZC9UEl1rd LaU6CvgMkQiUe6B3vJWok9tKEBBWj7oww3 F0WlIiVwTOp8iGE1zxq8xSLGI4X74kU3 olABaORDeF_Mgv9fOLoHUPww==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

Latest 30 of 156 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

Remove icreinstall_mp3rocket_setup.exe - Powered by Reason Core Security