home

mp3rocket.exe

Internet Installer Prog

MP3 Support

The application mp3rocket.exe, “Internet Installer Prog Setup ” by MP3 Support has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
MP3 Support  (signed and verified)

Product:
Internet Installer Prog

Description:
Internet Installer Prog Setup

MD5:
3fe38ff4b944c0c8786aaccdecfb2e9e

SHA-1:
2713752550ec57547e2db26c7cce664edecef917

SHA-256:
7d81be9e33e6180890606e78268e9a610e6b07083ef9bbd0c2582529c893b8ee

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 12:06:11 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen9
7.11.198.40

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.141228

ESET NOD32
Win32/InstallCore.UF (variant)
8.10931

Fortinet FortiGate
Riskware/InstallCore
12/28/2014

K7 AntiVirus
Unwanted-Program
13.188.14468

McAfee
Artemis!3FE38FF4B944
5600.6902

Qihoo 360 Security
Win32/Virus.Adware.f22
1.0.0.1015

Reason Heuristics
PUP.Installer.MP3Support.J
14.12.28.15

Sophos
Generic PUA CH
4.98

Trend Micro House Call
Suspicious_GEN.F47V1223
7.2.362

File size:
862.7 KB (883,448 bytes)

Product version:
3.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mp3rocket.exe

Digital Signature
Signed by:
MP3 Support

Authority:
Thawte, Inc.

Valid from:
6/27/2013 10:00:00 AM

Valid to:
7/12/2015 9:59:59 AM

Subject:
CN=MP3 Support, OU=SECURE APPLICATION DEVELOPMENT, O=MP3 Support, L=Oshawa, S=Ontario, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
146C2E323177663B9DF87FFF1B9C31D8

File PE Metadata
Compilation timestamp:
6/20/1992 8:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:zDUvVqAgIZkZX4/21XUhbXnygy4nR39G92wT:zDgVqAgI6DWn5y8NmT

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8309

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file mp3rocket.exe has been seen being distributed by the following 19 URLs.

http://gsf-cf.softonic.com//f1d/e66/.../file?id_file=54821&channel=WEB&instance=softonic_br&type=PROGRAM&fdh=no&SD_used=0&Expires=1408834824&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=bYXemSo2~cBk61EezY1QSQWytI5dF6TGdNH-9fAPFrkbKzfiLtTMqE~ubYXRcaYAHcQhI-xQjZzIbWwASYs5H4HigkU4ZPCgvZcyVNWTLzb41MSApX-AQc5OqH9MPNEt~YRaj~i8VQwPIHyQJkJug74nXAF1sk3dS~rXgFXid80_&filename=mp3rocket.exe

http://www.safefiles.com/.../mp3rocket.exe

http://e.ccm2.net/es.kioskea.net/download/.../mp3rocket-7.1.5.0.exe

http://www.imp3tunes.com/.../mp3rocket.exe

http://gsf-cf.softonic.com/271/375/.../mp3rocket.exe

http://www.limesearchbar.com/.../mp3rocket.exe

http://global-shared-files-l3.softonic.com/271/375/.../file?nvb=20141228172722&nva=20141229052822&token=0e9cea6d29c409180632b&SD_used=0&channel=WEB&fdh=no&id_file=54821&instance=softonic_en&type=PROGRAM&filename=mp3rocket.exe

http://www.ezmp3s.com/.../mp3rocket.exe

http://global-shared-files-l3.softonic.com/271/375/.../file?nvb=20150105030017&nva=20150105150117&token=0c6c215669f488af58a4a&SD_used=0&channel=WEB&fdh=no&id_file=54821&instance=softonic_en&type=PROGRAM&filename=mp3rocket.exe

http://www.safefiles.net/.../mp3rocket.exe

http://www.rocketbackups.com/.../mp3rocket.exe

http://global-shared-files-l3.softonic.com/271/375/.../file?nvb=20141229144135&nva=20141230024235&token=0d9c87890388571cc2643&SD_used=0&channel=WEB&fdh=no&id_file=54821&instance=softonic_en&type=PROGRAM&filename=mp3rocket.exe

http://global-shared-files-l3.softonic.com/271/375/.../file?nvb=20150101035927&nva=20150101160027&token=0071ece94ac6701101b97&SD_used=0&channel=WEB&fdh=no&id_file=54821&instance=softonic_en&type=PROGRAM&filename=mp3rocket.exe

http://www.allcoolmusic.com/.../mp3rocket.exe

http://www.allmusicdownloads.com/.../mp3rocket.exe

http://www.musicrocket.com/.../mp3rocket.exe

http://www.imusicsearch.com/.../mp3rocket.exe

http://www.mp3rocket.me/.../mp3rocket.exe

http://www.psprocket.com/.../mp3rocket.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-207-84-20.sa-east-1.compute.amazonaws.com  (54.207.84.20:80)

TCP (HTTP):
Connects to ec2-54-232-235-7.sa-east-1.compute.amazonaws.com  (54.232.235.7:80)

TCP (HTTP):
Connects to ec2-52-67-76-234.sa-east-1.compute.amazonaws.com  (52.67.76.234:80)

TCP (HTTP):
Connects to ec2-52-30-226-196.eu-west-1.compute.amazonaws.com  (52.30.226.196:80)

TCP (HTTP SSL):
Connects to a104-121-44-155.deploy.static.akamaitechnologies.com  (104.121.44.155:443)

TCP (HTTP):
Connects to 92b91b35.rdns.100tb.com  (146.185.27.53:80)

TCP (HTTP):
Connects to 50.115.122.45.static.westdc.net  (50.115.122.45:80)

Remove mp3rocket.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.