mp3rocket_is.exe

Program Application

MP3TECH

The application mp3rocket_is.exe, “Program Application Setup ” by MP3TECH has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts.
Publisher:
Installer   (signed by MP3TECH)

Product:
Program Application

Description:
Program Application Setup

MD5:
b8ae6ddc09333e29917312e353714588

SHA-1:
ec2e59c65ecc7f0676276a8c8c7f74b57fc7b804

SHA-256:
a621da640e3dd367bf03a8264c29df86ba01d42c550f0249202372a5b610e219

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 12:49:45 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Application.Win32.InstallCore.KRG
21327

Reason Heuristics
PUP.Optional.Installer.SCCE
15.3.9.1

File size:
1.1 MB (1,199,712 bytes)

Product version:
4.6

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mp3rocket_is.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
2/23/2015 7:00:00 PM

Valid to:
2/23/2017 6:59:59 PM

Subject:
CN=MP3TECH, O=MP3TECH, L=Whitby, S=Ontario, C=CA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3F8F62D6A8D9D325F1BB141E188A6941

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:EgEDmHauD3f7g3Paa0W0/K3j+i1vgcTXdwzRKJIfJQfP5:E/vu7E0KTh14cLdERKJp5

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.7822

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file mp3rocket_is.exe has been seen being distributed by the following 5 URLs.

http://software-files-a.cnet.com/s/software/14/11/83/.../mp3rocket_is.exe

http://software-files-a.cnet.com/s/software/14/13/52/.../mp3rocket_is.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-52-206-2-43.compute-1.amazonaws.com  (52.206.2.43:80)

Remove mp3rocket_is.exe - Powered by Reason Core Security