mp3rocket.exe

MP3 Rocket

SCCE Development Inc

The application mp3rocket.exe, “MP3 Rocket Setup Program” by SCCE Development Inc has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from cdn.mp3rocketdownloadfiles.com and multiple other hosts.
Publisher:
MP3 Rocket Inc.  (signed by SCCE Development Inc)

Product:
MP3 Rocket

Description:
MP3 Rocket Setup Program

Version:
7.3.0

MD5:
a2197b373abb04c36033e63f9531eede

SHA-1:
b37d4a77cdd5d2941db9bac28f9f9ddd44d15e23

SHA-256:
4bbcf4108049bf0f21a25dbc5ae9a12c818a4ceda724e304643daad78a937879

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/5/2024 4:47:10 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OpenCandy
2015.04.18

avast!
Win32:Malware-gen
2014.9-150820

AVG
Generic
2016.0.2962

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.15820

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.OpenCandy.163
9.0.1.0232

ESET NOD32
Win32/OpenCandy.E potentially unsafe (variant)
9.12062

Fortinet FortiGate
Riskware/OpenCandy
8/20/2015

G Data
Win32.Trojan.Agent.95WKEY
15.8.25

herdProtect (fuzzy)
2015.10.8.20

IKARUS anti.virus
AdWare.MultiBundleS
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.207.16825

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1551

McAfee
Artemis!087198B1243C
5600.6667

Panda Antivirus
Generic Suspicious
15.08.20.08

Reason Heuristics
Win32.Generic.SCCE.Installer.Meta
15.8.20.20

Sophos
Generic PUA JB
4.98

Trend Micro House Call
Suspicious_GEN.F47V0413
7.2.232

VIPRE Antivirus
Trojan.Win32.Generic
42710

Zillya! Antivirus
Downloader.Agent.Win32.260269
2.0.0.2351

File size:
1.1 MB (1,126,064 bytes)

Product version:
7.3.0

Copyright:
Copyright © MP3 Rocket Inc.

Original file name:
MP3 RocketSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mp3rocket.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
2/23/2015 9:00:00 PM

Valid to:
2/23/2017 8:59:59 PM

Subject:
CN=SCCE Development Inc, O=SCCE Development Inc, L=Lehi, S=Utah, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1FEC5D7B86418BE6C86668F0B194584C

File PE Metadata
Compilation timestamp:
6/30/2015 10:29:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:9AEN3pHN5/CEz6moGFC1C948vJDgBBTxaMTw1+c5+0puLoF5WY98rqADScLsrtXr:9AO3pHNRCEl4EDgDTxEKoGm8OVtXVG

Entry address:
0x57424

Entry point:
E8, 75, 98, 00, 00, E9, 79, FE, FF, FF, CC, CC, 68, 00, 70, 45, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, B8, A2, 49, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 6A, 0C, 68, F8, 19, 49, 00, E8, 9B, FF, FF, FF, 6A, 0E, E8, BC, 22, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08...
 
[+]

Code size:
499.5 KB (511,488 bytes)

The file mp3rocket.exe has been seen being distributed by the following 26 URLs.

http://cdn.mp3rocketdownloadfiles.com/c?x=Q5yf4kGwx8cl8sno/kHdaLGfFKD7ylzQrnmSXrEHiCA=&c=z5lY3OkXgwTDJdnOmkjO2Ke5gzJy9X dP6DrZlo40pBTVfva2VYJdWv2z5gQ4Y29cSuTeQfvnhpzbQvhKirTLzt0Si GBe8da4dyqM0Oc8sl9sPFHqaagWJZcd5eJCvbxFtlaBCPSmV8cRn3nt6iRQ==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

http://cdn.mp3rocketdownloadfiles.com/c?x=WtvKcHVTOO2mVkQQvKtSk62UrcxoI4VyD10vK7D5eZc=&c=k7IXgNRcspnc7csyg60pMkfJeQNqTEX//tN/n8RGoIb7didrcyQd pg0h6H13WTh4XkWMpOGjQhQ GITqoeebhoYD5FwTU2mpPfzVNOCBU0dfSXYsQDV27qbPtHHwP88lCLNlLB1xvVnrnC741TTlA==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

http://cdn.mp3rocketdownloadfiles.com/c?x=mPRWP0oyZQ1dCaLZSQ//42dvLPRgOVl4QUv227F57Xs=&c=o3ydsfW72WbO OSc OQ2AvnIdrPF8hZuJDpcjFZxobGua/u5u4RlCX3izWc ial3CRG10TRTMLL9xb0nzS633XDSJr93MS HJHlZqSQAZ7FG8NmqSp0brSL7RKwUK1jsYkf7YacdOPvsejMFkuJDWg==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.safefiles.net/.../mp3rocket.exe

http://www.mp3rocket.me/.../download.php

http://cdn.mp3rocketdownloadfiles.com/c?x=y7Sa/oQmN /HmKHhYXIhHih/5QKQjiEn T5cA6SIKH0=&c=fIOYocKawLFDT2jqt3AkkYLgceaLe2VO9XmAw8Lyd681aR7p9NfgXc637GKtf2XLa8FBjwRxB9I7ZaQxde44xT7sP0B3BRSh3IB9CE9HBq95jh0sApKRwsvkG HfD QPhT8VlChRz7lNapWlSj0xsQ==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

http://cdn.mp3rocketdownloadfiles.com/c?x=l267MRSTLjJcxfGk7l3JU3e5tz27VLezLzMe35fPKk8=&c=MElFOUrO7PHOks/4ZzpccSP4BK1NW5G66zkvNhN5uf4zi8HfBILlnGLvDDSIiL3fyM7c5/ijshDnmiIkPY21sqWUtFDODxZdXK2I6xFJkQG5FpWaGjFLqnlsAWjLKiF70iNA3cLoe5mmKTJwY/HwAw==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.safefiles.net/.../mp3rocket.exe

http://www.rocketbackups.com/.../mp3rocket.exe

http://gsf-cf.softonic.com//f1d/e66/.../file?id_file=54821&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&Expires=1411258920&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=NmMvoQjo6zBq1wJuS115s0HQyQzhVx-pzYDqUN96IDY4oKQi~M9zBSM992Z42H4yT4C16wDBZZ4aVcp-~YmYjj0CgzrABONVsdp78qV~K1E8-AF32dbtpDu2xVk3nyfvCIjzB05NVJINT0jInz2Oh56FtmFWaMNGMEuhZNDmZTE_&filename=mp3rocket.exe

http://cdn.mp3rocketdownloadfiles.com/c?x=NFFtEGiPTf Q6 24QEDtiB6AiRQZKjbxpbOw/inZ4SM=&c=sNp9hQj uumYVXWxK1npCKmwrEtWSF2whnyU2cn7FOyJtY8swfxlIrCGNiJB/3nH/UasdbVV/5fwo0xPDPwB4W/ONwZNPo9RkxP N9BMCN9KqTphMVd8v7uRK2OQuN5jv9BwPkRyUsEwpXYZZPmXPA==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.safefiles.net/.../mp3rocket.exe

http://cdn.mp3rocketdownloadfiles.com/c?x=UaKx7oSlf3tHPzU/94owZhyHwDqwNSLOdv7 Zx2G9PQ=&c=drBjysLGMbFJDWCRvirD0miTlkcx3RxL 3jqWf/GYwrb8geBeMi/irM4gMyKibuV0IUUf3BvaynHubQ76iUEGc58sVWHsGcN4wiNGkcxEDV63i7ipl82Vxnw3gU8aO 86aNAwJFvZYBEQgRxOtjdgQ==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.safefiles.net/.../mp3rocket.exe

http://cdn.mp3rocketdownloadfiles.com/c?x=8yqaGSNFA1RD2pNCwf4mTAD09k jsozqL3vEFe2cuyo=&c=kxjb/8NjBNDgOzMnO1okRex1IS97dLNTJXJcpZjXCe1IcPRmxh9K1IbFai2AMQaoflYTM46cxgwjCk8mJkc/FmDRp/radp/sueoVvJv2/2XmLp ti 6ZGTKN01O4r57/fkXCdvBG 2OKaZKB7NddZQ==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.safefiles.net/.../mp3rocket.exe

http://d6.mp3rocket.me/.../mp3rocket.exe

Remove mp3rocket.exe - Powered by Reason Core Security