mp3rocket.exe

MP3 Rocket

MP3 TechSupport LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mp3rocket.exe, “MP3 Rocket Setup Program” by MP3 TechSupport has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the installCore installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
MP3 Rocket Inc.  (signed by MP3 TechSupport LLC)

Product:
MP3 Rocket

Description:
MP3 Rocket Setup Program

Version:
7.3.2

MD5:
f5fe82201a3225f61be8bb5fc0c7b9ad

SHA-1:
d13ba579f2a282d879bae43e959b2f682cfca10e

SHA-256:
f3d6824a25735eb87b7b996df3ea94c603ab83e86f5b33ac7504b738b01212d1

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 1:23:00 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
PUA/OpenCandy.Gen
8.3.2.4

avast!
Win32:Malware-gen
2014.9-160213

AVG
Generic
2017.0.2834

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.16213

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.OpenCandy.171
9.0.1.044

ESET NOD32
Win32/OpenCandy.E potentially unsafe (variant)
10.12392

Fortinet FortiGate
Riskware/OpenCandy
2/13/2016

G Data
Win32.Trojan.Agent.95WKEY
16.2.25

K7 AntiVirus
Unwanted-Program
13.210.17499

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.666

McAfee
Artemis!03401FFC6A8D
5600.6490

Panda Antivirus
Generic Suspicious
16.02.13.06

Reason Heuristics
PUP.installCore.MP3TechSupport.Installer (M)
16.2.13.18

Rising Antivirus
PE:Malware.RDM.37!5.2B[F1]
23.00.65.16211

Sophos
Generic PUA JB
4.98

SUPERAntiSpyware
PUP.MP3Rocket/Variant
9325

Trend Micro House Call
Suspicious_GEN.F47V0418
7.2.44

VIPRE Antivirus
Trojan.Win32.Generic
44482

Zillya! Antivirus
Downloader.Agent.Win32.260269
2.0.0.2302

File size:
1.1 MB (1,193,408 bytes)

Product version:
7.3.2

Copyright:
Copyright © MP3 Rocket Inc.

Original file name:
MP3 RocketSetup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mp3rocket.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
4/14/2015 9:00:00 PM

Valid to:
4/14/2017 8:59:59 PM

Subject:
CN=MP3 TechSupport LLC, O=MP3 TechSupport LLC, L=Lehi, S=Utah, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
16A1E50EC9A3D10A9B18242160B68883

File PE Metadata
Compilation timestamp:
1/29/2016 3:27:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
24576:OeMTCNix5ykhnKfca+OT0v7C0q7S6oGm8OAhcBh5SM:O1FxQkh/a+OT0vm9mGQgKLSM

Entry address:
0x4F6F2

Entry point:
E8, DD, 04, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 83, 25, 2C, AE, 4A, 00, 00, 83, EC, 2C, 53, 33, DB, 43, 09, 1D, D0, 82, 4A, 00, 6A, 0A, E8, D2, 84, 02, 00, 85, C0, 0F, 84, 74, 01, 00, 00, 83, 65, EC, 00, 33, C0, 83, 0D, D0, 82, 4A, 00, 02, 33, C9, 56, 57, 89, 1D, 2C, AE, 4A, 00, 8D, 7D, D4, 53, 0F, A2, 8B, F3, 5B, 89, 07, 89, 77, 04, 89, 4F, 08, 89, 57, 0C, 8B, 45, D4, 8B, 4D, E0, 89, 45, F4, 81, F1, 69, 6E, 65, 49, 8B, 45, DC, 35, 6E, 74, 65, 6C, 0B, C8, 8B, 45, D8, 35, 47, 65, 6E, 75, 0B, C8, F7, D9...
 
[+]

Code size:
527 KB (539,648 bytes)

The file mp3rocket.exe has been seen being distributed by the following 26 URLs.

http://www.mp3rocketnowbest.com/c?x=veRUOxSgQT9T3KKuTvIaxbV0oWMbJ3E57saHNuqwiZk=&c=TSHUlpzbx5iHCPlvzkojgnK0PjWBL Wy/ow6o7P5Hq8zIC375pYOImGyQmQJs8RvmvHR8LZq4MD7pWN6yXa9xRNWKbFQeclA7rvHN/7ZZJajftr051YvLHvPaQSCiQxm&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

http://www.mp3rocketnowbest.com/c?x=zMvDmRdq2mkdBECu esgpnbl6ez60Borl9rhoemrfeg=&c=FgGDEQ3iLrIVKA7wuuIUu/get3CzpRG2FvTGnvs YijTkrt5y43P/004PL7gIcBcsMKizIKNaCRmMS5/fZrPAsLRXs3IHQ6YDvpPVFh1ZjFteNN2xIvwaWEc2LwGeNQoNja8wVdztIAzFmaY8Dip/w==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

http://www.techtudo.com.br/_/software/.../download

http://www.mp3rocketnowbest.com/c?x=VmejWJnLplnpuAoOAAUKlk3EDTgtJfeosnD/OAhgmaM=&c=16xACKzW8pOjlHRUV1oPRh37vAJbqU/j7t FRtWQpAuKEKihswTujJRopQSdK3TaX5zBNnZBnwfQct740C5Ja9NlcngiZCei849TqyhbBeSEdezfJKaslIWOS62I58La&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

http://201.31.162.84/cache/www.rocketbackups.com/.../mp3rocket.exe

http://www.mp3rocketnowbest.com/c?x=nHIj9MXzfl3rMRILipZOcA2N9uTRUZTowZz2xwuaUkc=&c=WwnYxgZjXq5KX8VHdwaZqv8sNJOYtZyGMnNlrolI8sTFnFmsZT92abZIKbOH6qOi0jI9eWt83fs3pRctti0rnUh7pyaMTFf37zcmL0cVnQZ6rjm6PNEQwl5cMbiYedVFUIZEbEZ9gK0QSUzCUUgpKQ==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

http://www.mp3rocketnowbest.com/c?x=5PMlGDv5ourCJczhAsmEdt9 7w9S2db LoIb8 7hExs=&c=RsxS1hdXvkRUcCZ3/e1cl1z97YG1ewdgEdvddQ2Qz7orr3gQkc4UQ1ZnpAN/qbhMWLRq92NlkpFa06L 2TEnrXSg7hDCaYqtrjsj7eHASeXgrHfBSZjpuxL3Du1tGcoTI9ZLV/CtBAjD9mqts9k lA==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

http://www.mp3rocketnowbest.com/c?x=Grdra/n imPqDTxt/9t9ulqlWnUzL00g sTu1jELNks=&c=N0io21FZt0aQIJhzQ6RDeyueC0B3WeXWLd8gKd e4t2xhPpPjTFgIqmINyCWLdeH/vc36xbTBqXD8GyQSSXlukEkuEPFzQ/IGcwxUUXSR0sraPzth/Px06gpncX4Trdi&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

http://www.mp3rocketnowbest.com/c?x=zFWbqyffak/izkhpn4uJQrpvGUIryqblOU1I0NIjZHw=&c=wb1cMTf2pLTup0RiBJIxlWOkkdg1tnyPuU4eoDdOUVBz1Ku0kD1n9y6X/i9cdvpaEPRh5FiQD5k6UVQj7myCTcDzuR4WHh4KvxT2J9Py0uzrqJqwaOjQBjf8j9tQ0QB3NHtbhzzbATjvFjI9 3APmg==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

Remove mp3rocket.exe - Powered by Reason Core Security