» mp3rocket_setup.exe
Overview
Analysis
File Details
Downloads (22)

mp3rocket_setup.exe

Defomi

MP3 TechSupport LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mp3rocket_setup.exe, “Defomi Setup ” by MP3 TechSupport has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.mp3rocket.me and multiple other hosts.

File name:

mp3rocket_setup.exe

Publisher:

Segipine (signed by MP3 TechSupport LLC)

Product:

Defomi

Description:

Defomi Setup

Version:

5.7.5.6

MD5:

c26f47fb72e9dd2ea93bade73657a22a

SHA-1:

4f1ceba10d4f82f6f5f9c54fc8ba433f321e4e3f

SHA-256:

089f4e9e357ee70a1935fd68d1a92026a3a801205949ae43aef63692a8425320

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/5/2024 9:42:42 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore.MP3TechS.Installer (M)

16.7.14.9

File size:

1.1 MB (1,133,224 bytes)

Product version:

5.4.0

Wizard

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\mp3rocket_setup.exe

Digital Signature

Signed by:

MP3 TechSupport LLC

Authority:

COMODO CA Limited

Valid from:

4/20/2016 5:00:00 PM

Valid to:

4/21/2017 4:59:59 PM

Subject:

CN=MP3 TechSupport LLC, O=MP3 TechSupport LLC, STREET=3051 W Maple Loop Dr Ste 201, L=Lehi, S=Utah, PostalCode=84043, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0081ECF0B90414131BF9016277516512CB

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:3liQjCteoLy/WES/koxnh6lc2Nbo5XWQSKje0LVnycr+Fk6xcJ4MkdvuICcP:3sQjror/k6h67pFGDZr+FnxbdvuInP

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9002

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file mp3rocket_setup.exe has been seen being distributed by the following 22 URLs.

http://www.mp3rocket.me/.../MP3Rocket_Setup.exe

http://www.hostflashconcepts.com/ljAMhuToPJueQAQR fJxxuHO5mf2bLvUBnZgATC0v9aUMEoJvwUGCpHL3lXtb013N1SBd5hWkQHRGEsDrmK bTLVLvVfhvfU7AIzvCa9HCvwRBHwH0f4LjEY8x5PTx4r 9ZFxFvPlShvG4l0dqc97sC2MEsz0Q==-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/_T_9fUrvMIv0JNaEv2desXltnnLSu_VSeDotM8JX3qWLusjpeaZasgBpTiwqUeCLEi9D_RC_8iJzwLQ5EtMjSt7q8LJsOUbHR3OxAsVPO It7HxLysnYqJkKBFjatF0G2GYO6zIDWZ1FkTnwAo5TazMZCwXIRo5N8q fEATII7azUfYCXj8=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/4T0X_xmsNloucXo_TZlmp4n16VyyKyRrmVxqOqV NPy5IAbl_4inDSYZ6TKMFDc6b0QAbXotYt_eqwqGiLnQ4qoad25qjLdwqZj ogb0hh2g7i2YfGWB5yY86kyp8sLwQzwD3Mv1Ee7TrI5ZvoD5E4i81wZta TVOifEb4dbBIqsOfCekKE=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/gsazFwitAAThOPTsNNfiPicdrE5zmnj9RuZLkZCT2KhXjHGWEfM0buPDQ 0Qu5TqPu0lLKOJYCcpb8DgmTLddBVUhXrEMHfiD0yR9LfWOt68S9u52hn3cJf_eS2idbJ9LyuKX3TmtnejHmnGztBlXj_0XHz3TpppRIZbwNuo7rh1SzWeTK8=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/q_V05JcDZUuvHqU0S4LmkOJoUjTea5IGIFclgr8mg6TJLN8BaWtV3tWCx3PxTNOL6b6WrTOOkx8DWlMgDSyGolbQJnRtznYelxBX_3ReeqhWZoldWOFEosEsv0Kj8yOam3sNfwSsB680efI5S6LO5rrUStrdOQxyuidqVNRWBfR8P8tVs0Y=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/Nv6Y88cMJSOLjejxjswhZ3NFVFEDmAnZXFJQMfPVa3X4ssM3tXGNPQN8ot7hjaFmTztON43Yis7hAtFusm9Dp4BgO9P22HkYWFpeKVEO5haIHtl5hTw8xAj367MOqnqZsZeT9VpbIddbJhxgmCX8arGoiv7I9FPI5qOVaNhPEsiwVke5HFA=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/QFgL1LEzdeG1eLKSyl_3iveVJIhoAzLOShzjdW9gNgOMhx957HNSJVxbnvRoG3abqcwokXuZcaIg47o9W03K1w8Q2enqIKY06mgmXpPHfLfABHEhRyCuPXhTBXoYFEF h9NDCZc4uTZNdBIdSABZbAzFLQrglWQ9hmanOeOcK8Rl957IrGw=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/LLpOTqDbALi5hrDYKlalx9OMwtzQXlIawyCyhmtfaMhAzTg6xhfHHnvSJw5MPedbmt689YJq_krnll34ADPpqzvsM291d4QQVr2UH7_dYH5rk_d2FOj5b9mhDzHE_7K__P5seYbumsfsrDT9FFQlhEMY3VnRJJdMDCQMTMhup7hjRRiAmgk=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/B3Pznl7w m1tD0kC_0P1CCjFO8OafRbYu1UsCqz4h8983uMvhBxp1NUV35v gx117TKV lCs rrlUXOduvHUlO_yviS7B6qclNYPLmY o7Wq32bigbt6yAMKQcyPyQAqfYmffK1rlLIvz8T8WQffg9Acug9GxQ89u1UVponjqFP yXVcoW4=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/2sp6QmY16hi6sFQBHzb67Y2zRd0VdP_v1oZY7KnfcwudrlAET9K5a_mIrML Wxs yhVPoavA6tl4GsyRHTT4yH8G7cISDM9ygwTPGU5UcYUnV_8I 9LqxLn_h2HN00hVrizoHm6rtpqEynzjfFqXbYtNgzi8vrkpleTZ8mdHBEYusGmMHmY=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/0kde0YoL4g_i1cmJpe_cnaZFgs52pZHjZpdVDr9z8ZRoRtOvR3TabTmddDS_Neul NkcN1w_hcMNqo6 WuSqsJVWAIgxFsfQJasIkzgsDO2wfrTYi5cTSw4vPzQpaYmU6Eg76WzTDK3qSztzsqalcq31b8F44Q==-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/GBz85aeSDyupgmi9fJ2xE3K5j2yEZhEKdDUERISjws3hVLXkIIAQuIfVaRbX5bvuH826gE_rniZkuqOQnEy7m5QLY1FdRKd2Uj7ZdMDBRVqbjojfQ82flNUXhCI50sAJcR1xhIIl4_2kKl7td2_jwpFkzaYRApy_c2ek9hiUiUB1KQjWj3M=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/WAhuo81RHXqDgN90TcPCYvu_hHIZ78X6xJ_2NBbRKXQbxFOhrtlhNIGLSGeTkcFDmRHCXTIxhElW1t3R3LGw1cSv6gwIM_SXSFHuz0Gpj3W233h6TrNLDhtBAgR7PQb311IWXcwILymOGfdUwOBBK2ry803QCez p7XcofdLZNIjWi96l3w=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/kkQ15jq4h_AlZpup5HYQm_Ap4SlJmdecqVa5mEFFpYmIFYRZRh8mofNV UI pKVCnntm0Zdcn5HgF 6PDY5glpYZMV2nPMdbOo8fqEoQjC2vFKgVtV2uLjKc8rRM_oBsqpxhnFkVUhtVQqP7Fe8apy4NTlQbsjoU7dujpyh cMR6izt1iuw=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/PK84UGDK0laIb60TcV5dRZW3Q4wCybmzh7T4Cpok2Eo7XDvvVt80 oRtnBdIazEliIJcMqzJhH7M6gt13dq6Pn_icKNYvD46WbeILbDtDXwxlzO0F5LxBl9_cxRyPnFMlnkvjn6Zl1lWlgaf0exzSSKSfgp8XJL9dF9vTVOHjMjAXnB5Jlc=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/mrqClrG71qTdJltvrp331XHKalQqifBGlC469dMrADXqrXdBGEiKU5WsWVgOIzPGGxeWN1qS6oeySG i5ceNt5bYdLOVDaQ082moMLfzX_yAw8BEJcBOIJMcOSmmFlWpFtkcb 60B_XQo8820qv75gt094wJgbT2R34oXnCDw9c9IfeA4A=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/o0zd_9YpOsxioqrkLtdIv9fv Bma5xLt6mbaVlrBP7PqCvj8CKFJobwkdOg6G25HeX0UhlGfeJKrDyF2xjAetJ_RWjbsXh3CAzYJ_3UkEBDQnyxKK0dFzoH_7lYdN9U2beYwXd32zP_5iP8gyaAIj4PT7gF8ZulgGXZa5fLj0WrWP8j8kGM=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/wGEno0J2QMC iWU72l9hocuijjbqnKsHbMF_Zb_fk1W0thOOQCN8bqtA2D68ZGaySiwMMBzvg77TjEkWWSiRdB7AKlwuF8IMWGhJh6wusf_jckz5u9QkbLrzu_QDPS49axqvaR4vtHwxFMczi4EzLx9hkPlrLhjHtzolLSPhm nllWP8s44=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/n1sc 3Zje88hr VP4lR89QJ8dmlADCxDhja3pFPUxdPP0wja6cbM0kPL39U JyyUHAKpGIAkpOrL bVRduIgA4GGTeeMeObv O7P1EUTAEEyvAUZCl4Aletxns7pHNZJE4o3ruec5PHaPBr_gvMADv7eV5ybvFv904fwEzrbmrrXOp6Q3jE=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/NKT35Lxp0lU t_WuFxxdK6PWDKiqMAvvUgvXAR5479Y9lX4VLdnaahl4IELslQPGljCIQUPAyzV2DazpJoVC6PpYtyY1oFZy16L32Z6T6yQSbPAGxYLu61I0q8JVEwQZPyOlgBcqy3IcIOvgEJWrU9wDOV0ozLTY5uehxSoBBFTXEIz_hHM=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/ 3gDKIP mAAgrFVPa0SnyblzKqB7mHz0nd wfd0e_z2EiFG2gaAshPfl1Xm3rvbJRVsIcnZsoq8VfhqlKcTq4k5sU3rw76tWOQsSzoO8jHIpXR8rk_cDaFiH_qrUHIeXcaLfGrU9z3CopjwXfyVxYzRd_9a7odnndHmO33l6dT_XoPIoaqs=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

Remove mp3rocket_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.