mp3rocket_setup.exe

Putolafo

MP3 TechSupport LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mp3rocket_setup.exe, “Putolafo Setup ” by MP3 TechSupport has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.hostflashconcepts.com and multiple other hosts.
Publisher:
MP3 TechSupport LLC  (signed and verified)

Product:
Putolafo

Description:
Putolafo Setup

Version:
4.4.4.8

MD5:
96aaf933dcd32650f1fc2175cf198fe6

SHA-1:
2d5c1faebd086f03fa6a1dec5bd118b7d967c048

SHA-256:
084c9225d38691ec7cb8b50f73484ab744e9e3a6f4e4f948655daddd94135441

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 12:08:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.12.12.20

File size:
1.4 MB (1,477,832 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mp3rocket_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/20/2016 9:00:00 PM

Valid to:
4/21/2017 8:59:59 PM

Subject:
CN=MP3 TechSupport LLC, O=MP3 TechSupport LLC, STREET=3051 W Maple Loop Dr Ste 201, L=Lehi, S=Utah, PostalCode=84043, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0081ECF0B90414131BF9016277516512CB

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, A7, 86, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file mp3rocket_setup.exe has been seen being distributed by the following 50 URLs.

http://www.hostflashconcepts.com/hxIKOzwHLkBsrNjwr1LudaZxT5m0fhWC2SkRzsVRJFFIz7V3xHOKVqNhjJhh4V6HDN8Yq9q2fPRqwwgyvQnUpPOIRREkQCOyhLL4Q92ybJt2GRmiam2mhtQ9WmSoTiHnm5hJokj8DKIT4zokH9mZlcG37Y1XPA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/iHfKuw3tiwtv 43FhMKe9EYZEgm LtnkbZTzZv0RokxlZ3jy8H8sazE6PBti4frvDXQ6Om7tqZGxIz_VtcbmmOtOFcHsryHUuS1QYvJCpjc8CAUeEyWq4vauaslyPwrhazO4rulnP7qeuFra7xyjWCDWK0ppIQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/nfSFcZxh 6ZIyqQ9RIL0 158L_9v2PFpZMMmVTzJuE3Wo5Y F_NrooZzVBq3hr4fDgboWlP oKEU9xXG9X0G6ry190IaHqikHLPq JH0 w75xj0AXjfxkQD3XLORh9BBPQhcGYEUQ5 yasR5hBX2X7PK_HJ4A==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/VRSvVJ6OowPXxDa3DthK79Lo3rtyJ9xLfYMKzHxJUufqeD1dkr3bJak7KKFwEmTF8680QUXH_XDwk8yukOygDO_2cxQPxqx_CH94QA5mxJdlLM2OSzX4V44yKWrP26btMm9g6XEwNv_ij4Ki1IxiVNHahwCz2w==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/kDS_awekNukS75A45YgejPmv9z1SxgG16NuNyEjpUb2yxsMw6wRHiCk_kU83cm6Kje6ZkXsG50qKyFZQk2nXGYWzUjaQ9jtq3iGchB2YwWRSGELh9ZhilfkF CN1Xcf0kfnIfJAMhy_hCIGgYH7bP5QTuXcZAQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/K4wAgvDbQofzIDRx_YYL4xFGUBfXBj8A_QEFbZzbdog1Whr0jrTnN2QuRabKa6xIgMyz7xVabvcvK3z_Kj7AXsJlHhV4w6wB64NF57Mz8yx WbMmDIbOrbyav9Ed9V3ndL2N9CfWCxWNNHexrcVJHK_T4WA0 g==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/Pyw0_08rKtCvnsAh3XaTpqIJ 3pt BejNCshA8aAS71gP5lZM9CtLhu57oAkXPM4zZVwicQGv2St6FAeiZDEA5LtOcDBiwqv1iblLufy2tdJLL 7HEwd vKlObFGyAgvKFu6TNwH8Xq0lSNpscneAP N0xvIgA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/PsvPAZc4Rz6sy0vsK RadodEQjpMZVtXd03g3GXMa15U6kQ9oj0_3l5ChekTfFiM5RhkTrhepx5Y1srtGpLnsonOfEw2n6QAWIlJhP0p0 9v1yobG3ZpRtaXU9y0 6L_lH7xWEqn_mw79JXOSp 8nx_44w_yHw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/TIi0qJNjlIB axs1Ee9rHW0p35qafpATcQVhjyNk3x4nGRQN71Df12Y7WI_oeSkh3xmDFZT1868sfPLr TBNUJgcx5A0Vi60j1fsymcu _HpVg YkrPmdDxdR7fUyjjkZcqt3XMjjU0MLU3KsBxAmiolj8CYEg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/Xbxt5p6yrTe0hT86GqWFSR2gVSiDaziKWjBbtGYJH6NxOclJ6KyOMOSetddADVR2rXx7IXJCKRwltXjXBGWCdf4REGbWq38bm262gb0bKOnhgwiTXVDqpgC QnYbWwG2tSnlq8PC6cQOe_SpelTzEFUb8sTUxQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/wfRpMI4du24zoui6E6bJO45FZS7m06tLekJTyiwA2HG1MpmgMABPv_vvfLfV khCEVoEZ4LiECRWSNW4JQK3ELQSZEhdbsOv4_YIABSeIVi7RvWvRVaS3Wtv1QQCa3PPkiv0L24k24BVojDw2cnPdJbZiBFmhA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/uCVTXP4VQxz8I1jaixetc3_frufnL_TRqyX pyxXOJqq97fuZG8mERvtYAAapfxihPEC68ZApMOpMcHWcO9XyZyw5CfbiblNJ28MunPLcwwz EnT54l1pQzb0tBlZoXLf6pfjvF9uH0g7NoB4BdWvW3pQb_50Q==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/1jVPYuX84rGAnbWR_QQKt35RaXPUvIvaXqGbBYMufUTSCmR66r sqrpHQhMaPU83N4tIxHKMU8 Nv4Xt_j7sWnAeS6pFfprbVy6w4nBoVMEm9u8 qt _gTlsy_KTxm1lDYNtTbttvSAVB UGQljXjzVhQA1Ylw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/kKe1oXWwfgIWHa5uF7RLqNyHxkIO8HxNmkZDnMaXl8D9HAnHJWfQKULKJpxdFlHu5qe2OkAe5TM0guXPK8aAsEfUlq2Lgja2eaeVpOYFE_992XF1acOFHV38e7Nnur6kJ5bQK1s mVE78 TA6lXFadtjumoWYg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/EM3l4MTaPqbnFjQghY6ZRnZGN7N4_ZPpc_kqXb4DtYEr2el9_eS5GYf_NV6cZfIGFjVXpccuk0xJB5keHKeeTTcCYckbEKGluZEpDzJN0Ztw_p47z4hTAqE6a2Jc0kW_wAneprvD0R Rh6sG4C25zASi52KVBw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/TFxoBZHuDEUcM3 Y2uXNU1F3vhuqmwqQv_b0ljtHIkflc6Wf6SWb9IFiBmcv W8lCvs_VPDM66CNEH8J5sg4 tJfzhBO1PbruhSlRq2a36I 8Ss4ub44a0XryqMvA4vaw9FVi43hWiIA_FBUFRnOhMYJglip2g==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/RaAzOVKQ57usVTS_Mwl4ZFofjDGHPxPmBt4z250P6KXJUGVj3bigWt_5AQTlfO1dmDbfDmDQkswbQlEFgp PFmHWetmhooCEbj4DjaEoWYNupX5fgPP0IPTLnahWVkGOMDEaFKQ2oxft0Nfg4DCdFmNrktddPQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/HtXKN7pBGEZkeGmIEw5S cICqaKwV_U9c3rYT_MNym VItdJ4NnkJGxHs3G2OF5nGD5ami5auPfTcNjUwkUYzxEFfIBLpbuAWAsQZvBkohPf9DK2phJIWBWVmZSfGlAF4YAYJ5wynMu1sh_qSU4W_H22bVjIZw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/PDRmHFPbMw9S5bY1eVCSltqdQRJi9L64_RY0RIXkH r5DOgupu6yJ0KfYokX5KLJLK9yRVErTwCNCwf9y1weTJnN Ul4NyPFaTw3fkOd6 vcAtrkwaNyRU2y7X4nEfUl1tx3l5q4TVC5sWDoHqDoUjiVLzLdvQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/8bKLhKnDGUjtS8WsmjDXC40b3xkriMe 0KFd16ASSQtdDkxN1 1JrILvwHyqaAreGyqSyA0Go4l4KUGy2zxHk7zywIuYwjwXMwxjiQ7KAv9Gd3Y484B915OtwhUyGP8hulKi2fSqWDx0SDmS_f1rW3KeI95rGA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/W4dNFXVl6eFKvMQ5BPYDxnbegwEAv1KNK8P_qQ20mEGJlsS7vnvQsB6tnjLyiae0zTuiwOHdOezyzqKJh_4QAl7N9f M3XAFb37 M4Z_cw03PNwZOWsh9cYAbNmdad0Inm5VSuCox7sjIZFoegQUWMBOAmsQPw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/PKj_hiazsPwdNQDRjm2ceenp8x3saAjwu7IZ_OaHhhcTX_CaBqLlrY Pr3s8VuusjgfbghUD2pyGhNTVBLrW zin zcMuQdkiEq7nunUG9ZXBaAhb8uSKfdwH8x01 rUlgRidS2rxD4QsIDzHRRPeNDoypCzAg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/KlII84OwTpVO6xgt9LjC VkIwAMalhzi7CsHC EANvfveX93bkPhkx2t0m7bfePT7w_S54KLG0W61qlSc d3v_YrIbxklvfFu3cq1 Hjyp_hiN5AsV4CAnUQ8tuHDNR9oWuHPxmVI 0nrJfm1AlwPb6_7xFOw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/yG_bQs3TBODSaLhawBm28sKU6yyZDCfoZOg_DzLDhLJTplLY4I5Bcdf5LSH5fUieaZZ2LLvbkY3AD_Z0u0eqacLCRRau57pZghTu9OEaMqVLhsWiUQVGV5FTddiJZKJBov4Nf6XN7K9giojtrt6ESU22ow_tBA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/95uzbiL6CQBvRschifQPkFkyqSAL kgEFuejiSoop75SqOvC7291sG0FMZXFRPSLyEKD0dH0tt443Th7JTBAO0IhuYliD8kZu2R9f_c xAdfoYr1NgBDXs3t1vZLo BuylU8T3 W5Uf5iqhcESTSrv0VQvmPKw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/Ve05ZNDRU7VAtqLf7wmvYbgQoTbxVZJDueKfayW8wbdWxIJgG9ogqkBiugy57TqKGTj4dcn6LiWe65a7k7ovWDUQ02_C5 la3JN1tyic c2A2SXe08w8_mFfS9way 8RFcVlAMbZp1zcC0WFQOfOV53u ZObvg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/JwiacsXNj31OhMAbIdO4NlMAtU133LAIyYtMFCdTJqEegdyQq2MBfVY3vuaKGvVzwdYA9jodXgKHn1D5iwkqAQRX060z2nu_Jmc5BI_Ew5jFkVaKjcjORxkNBD2wHQh02dpgF5nWa26Y9Uu4f8P7DRn29lbe1Q==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/1LGvU3zk7bmI3s2MiMChurseSkaWhF5ZopY8NLmc2fq11C 8YMLcurQMYaI9teYxezbqcXRHkXn _NypadoPPn92t0vCiibehYZIYPwl9Cn33vaRpQ6MyVCw4DCeOPnyr_kXZO5ESUWNXKdL46MDncX5_64QnA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/vMV_YEPgrbzoSxYptGPQf8F_KAjqx4VmT5WGNijiljAT0ery7XlygepBxiG06ZP323cUISYPxPLEO30ysakocVFgEGWDiuvsTlyePVe6cLnJj_tAphEmJ6Mb5x8UUUl Y92WyrnV_9Aw47N8rtf4NHILSZ2x3Q==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/iCKlL4VftGNe6PypNsVQy4u9PjC844 j3iBhPvPqd llKwHWuD Z2EfCXijTTAJJhINU0wFXca579aX1KwRXRNq0tK cbU4vsCrpPLyptxo4LUPrXRD48977FEzfqR0NU2ROdQy51Z3Fwk FVQehmPnzynJjFA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

Latest 30 of 117 download URLs

Remove mp3rocket_setup.exe - Powered by Reason Core Security