home

mp3rocket_setup.exe

Gaki

MP3 TechSupport LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mp3rocket_setup.exe, “Gaki Setup ” by MP3 TechSupport has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.hostflashconcepts.com and multiple other hosts.
Publisher:
MP3 TechSupport LLC  (signed and verified)

Product:
Gaki

Description:
Gaki Setup

MD5:
f5b11e88cde7a5e6e668daa5eb271a94

SHA-1:
2f66fedb25c948e27170630dce185fd3fe093c30

SHA-256:
190b320545b5781e5ec28442ae8432e61c4629f31d03e71d7c2843202dee1821

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/23/2024 10:56:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.2.13.21

File size:
1.4 MB (1,421,832 bytes)

Product version:
1.8.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\mp3rocket_setup.exe

Digital Signature
Signed by:
MP3 TechSupport LLC

Authority:
Symantec Corporation

Valid from:
1/29/2017 7:00:00 PM

Valid to:
4/21/2018 7:59:59 PM

Subject:
CN=MP3 TechSupport LLC, O=MP3 TechSupport LLC, L=Lehi, S=Utah, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
5ADACEC02DE27C8BEEF159CC436D4A35

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9559

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file mp3rocket_setup.exe has been seen being distributed by the following 22 URLs.

http://www.hostflashconcepts.com/3C7OmDA4zM4UL7tS4LVnaHDocrzFOkT21iALRIEyZvgOUlQ6AVkExU zi8UDPSczEr8n8I3ImlrEdvP5RmLSmTOkY7J5jZnxK2hXNbiCka3f3CkbRfjUBL26ycBjeCz JtrDi0mrUtif4MUN2ca4B8uI4LmF w==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.mp3rocket.me/.../MP3Rocket_Setup.exe

http://www.hostflashconcepts.com/LVYMTJeN4lDP5HsXeM2C7 OijZwVoWwLVYpELxtQu2k5qZ86JryjnJpnTlIiDTuFmx6umfRq2Fdv8v2ZO5OiMGQ9vxgc6p kq9_1ltQlJpXru6n7uu2 uSjrqU4yXfNj9pyJavBtYTwzA8GjHF8Iv0vEKwfbhA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/qkoe5E4YLlZKtPvCYghLHSXwOyKTAa MLM9 eba6Uq4PH0gt0BUFM nEJ0U13wgtv_p8vVfNpA28v_Hhf8a WNxS9BourJ7D7PVgVqJfX5h5KRxQE_ojgJR0LQeFMh6mqV1jg3bNulggeaHWJolsRdrVYLdH1Q==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/nHsFOfOHfEyTX1fpYK30_W44_B3Cn1GYV5aU88YSoebIDZH5IS3qF7URHSANNt975whVpi7aAgiHvmW5w7fuDsNbsA0xog89IYoiTi9N0ObvwAILVnTQSNb8tweKjP72ufqojzSdoeZVc ZoWhIHy2ZHSYqMEQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/jsBqEJ1BsBvbP1rpmWmqDVkjws8rkD50vLEFJ8iwdNgfu9Lk0LEfe1eIA8iWAT7PcmrZtRHqfYfcVxB QH_vt99kTml5sHUQNJm13heEaFv2mzM2BQdW_H5ba JtCdJ VmO4SwJnWzCGxFigow03nofSOb_v7A==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/dit1gkTt9B8vlKPCNZYnjLBnHSQ3g1wuGTDQFesqoRTITh1vQAopQkGPMf2ajFJQxzgvr5l0tqkYx4O3TcThYXVZtMdaNU5fmGjiX_n_CZ04ZjzdvPOjIFTc1Ho10TGcyf gDDpTBcNl3pG74aPSiemfE2i9iA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/YczCb_dYVmtSIudzhvxqVGx2mkB_RkzQfRIII3qbGIN6W4C yns8pxgdeLlUNSBlqy5BPb SgEm484PEOjZl9mdYXtCn47b1Sx1OKvq9_TjnXKSAK2A P5egx93jmNqLr_VVgxBZenxsVckF7aLLMrxKa6Ujtw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/HGUndk7gajzPn7EYEZg7BGIitVSJMKQOshuETfmN5dxN9G92YMmgeZI_0dq5TziZlEw5VJ wyWSmypkBTQz6XxKI5EYAG1vM4t6lU3FRfUkJthmREG6 YmTchFH_8gUlTnll5KtNDOK29_5eDaQwOiNP0lH4PA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/gpyHPWeOFB90JyJAWdQDoTIvYQRMZh52YB_PcthClMbyQbKOvMsdN7ApRoGmfNgoWuU7nByqQ1D26SAr6EU721Ba8Nl8BjXWzJm19NTGcrhObkzBIF6LtLoDkmXLmZCxm8dC6Aj4_04nb002renapXhhc8ZzQw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/nwTvy4_29flMj2YKbnWtTEyboYjelpvq9w7b33GiEIsNwGrBnOYoMKQ8hhVretPbiVNKFwLu0r6o90MoISlShlQSYQUbnrzpBOlEpbalvsgOw75qFsGKtAa7WkRdHLVMCBRysLAurD1earNu8gz5y_BGFiL7UA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/ghwgw6RaYCkF9JTef 4d5w2H4WVVBJc8wbEQpGL3LGTRf09Ckhj4bD7QIUPt yIE63kf NaaDxRLhaBTfyhH_Q0BaiSf9CBu8L6Ng896VfaoQ4B36Ft5_TyS0qbdPdIrdipnTJEnwoQStszPNfcFr1UsazeGAA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/L8X44ixPAtnRs5zzFQ4qPOzGxx gSBKwJfkz38SHDi321B_mTTckO2heZbNUSIFozG0wjy_IR5h5bwm7oAqVE_KZghrJDvO9XLtHHneM8 wLlXiERJGJ2B4G OapL0UBf7QWy_ymj5n1w45gtqWAoveeuKVJEQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/RQtwCeNMA2VyBgocBYSqvchkuvQxre56UchfiKvRR6gI7Xt7_mxz7Elf2V4uYSzKO62If3xCuENgU5ybahmqwEn5kSpMX0mEVzkzED3yaVe9lsSX 8pSq8WTyNjZTuUhl568CIOKhslmnUf5WJNspIoN66NbxQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/aJM7NK1bARrG79RgxF_zYsDbSjQamxZGzNmeE8VSWsK8BOKp0GQfj_2Rpk35g3nr6hsr0sYGVLKtqU8cV GvabYogvqU9zzFy8oBO2Joq8BJX5sJYsjADH15jhuvt6YlGCA8OcXMV0zDdygwkDyHi9HE B RgQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/BMXgGEPCxsANGCsX3tZ0xNY227T7cUkiLmZ4 zReN uFcsgy70Vq7gIcVd3ieq1glejHm6HyJ2_zV6fdOiqxz18_C6aqgniquzTZQeKK66ff4Yk6akwBNq_bnjjc6bXwi_dQSwNgnH046_6Yu7Gw9ME82p5aow==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/mtPs_JKsabgWg_JQX7AAHOLVNtqNjEuumXJri0ap4Ytc35F2dnSHqWLkDh qCcKWwLYydBdnoZFqsb1vNEhy9d6K0eaquay4ZmfZTNwckgJ8feEqDKwV9uYVvSEfMKCf5xcKhUF rXvolFZPdca6jmctHrJhhA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/zA00KazCiug8uKuYPyiepi FXxVRvInKP50vzpIWEaBgzOTNH2Veu2D2l4lncgPMM7RVJyapyR461eVFIM3X1pP 1OIWYyqDUnvkMFvAs97mfeFZf2WWBGby7kNogznGBitI75 REPnoDSF0Oa6QgoSk7VTkGw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/BDoo1UTTQkuT30ZzTe8P6xppNj0MlVniQ16NqZ24wUQp5RxXsykWYvu0hklQby3vhD0FST0XPjh_Zg5ulhMcYROFQ8ep2ywGQrxcPw2Glnz9CqIPw5FESpCdxgZkQGtdkx4eEBwIEp5gAZCxNVv9BE0cvcblKw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/HXrkzv6BoSBDxUhotN5eqwVtyrMPt9b NGeZnRiLxBmyPnE Qpt4gBaZEdw8EuG7LoiXfHl6 YQNSMN MSmgdUcbaFt_szRfHHO60Gmo04zHTaPN9 IQHOA4AEiakfRuhZ9UTJHYN6G4fwR3lodv4bdDHpF8vg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/GphbflG9Ub3ZYcoKT2e97ISgXDxZaZIvZApxD53Q6VI lmyfVkJGNnGZbuGBYxT6WBcO_d2_3wK8b3H3KUFluxeuksuvwjDHJdGmnzWOV0kWEENNqZ0CgBHnVcH7nrY R8QknehLhtqgU7iY8gEmudlzoStRFg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/GHfA8ax43tRBFgHtN8KJbU0jHGCIPIvbmwQsFg1MA8ZZIRgKacZNq2JfhgYzBtDrNqBJLgvOlyAar0x6ViZfELgsb6BeIVQVS3sBb7NiGsSmVzM3R6X2_vIQqPBzONJwphl2Mtgn3CElJqUbUvumK5mmHa_UaA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

Remove mp3rocket_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.