icreinstall_mp3rocket_setup.exe

Cegap

SCCE Development Inc

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_mp3rocket_setup.exe, “Cegap Setup ” by SCCE Development Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.farmsharebits.com and multiple other hosts. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
Publisher:
SCCE Development Inc  (signed and verified)

Product:
Cegap

Description:
Cegap Setup

MD5:
b2945bf8c173c6f8d5f22b5e730be1ee

SHA-1:
b2d982d3bad9e425a1bb2da173a22aa6fca47598

SHA-256:
75957c1968840a1fb0277a0f129ce8662133845c99fc7337671913435f15d603

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 12:48:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.4.12.4

File size:
1.1 MB (1,181,016 bytes)

Product version:
4.2

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_mp3rocket_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/1/2015 5:00:00 PM

Valid to:
11/1/2016 4:59:59 PM

Subject:
CN=SCCE Development Inc, O=SCCE Development Inc, STREET=3051 W Maple Loop Ste 201, L=Lehi, S=Utah, PostalCode=84043, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EE6BCFEEB3DE758C0292441353CB7413

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Yt0Gti9T8s5+Wwjd+55l1It15u0qZ1wpewlPxDKB0js0f:YOGt05HIHaw1lJd

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8800

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file icreinstall_mp3rocket_setup.exe has been seen being distributed by the following 36 URLs.

http://www.farmsharebits.com/c?x=7eZp oXfkpeA Qs4e8fs3IPcEl6dUBlHeTuxUD2//sM=&c=cHH44G2fFEtWUZOMmQpLLyxQPBsfawdT4cbZzgHhwIi8/f4TDHPzpQOK/BH1ZmfS2elY0ln0YgWoj0xoskBEW9pdisw2SjcY8Gui3e/rzICzMpELnY18jd/kDA6kuDxe&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.safefiles.com/.../mp3rocket.exe

http://www.vaultcapitaldownload.com/c?x=/Vbi4jnXpWkGNBXtYdo068J77s4t7VMGzUg3eceJTVE=&c=IOkgEOyX9XR6L8URyhyAHR GOB4Sh44ec4lj58E0wwyELl6Xv hY5fXZkSp3XAT g1GdVqwTofKBCyfT a ADfBlvKwAkUEeoOg1kIzSEsDKFPj5VPX5e5pHb9T7uISP&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.safefiles.com/.../mp3rocket.exe

Latest 30 of 36 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_mp3rocket_setup.exe - Powered by Reason Core Security