mp3rocket_setup.exe

MP3 TechSupport Inc.

The application mp3rocket_setup.exe, “Program Setup ” by MP3 TechSupport has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.mp3rocketnowbest.com and multiple other hosts.
Publisher:
Program   (signed by MP3 TechSupport Inc.)

Product:
Program

Description:
Program Setup

MD5:
e6fd59a0213e646cdf6a21408cf30f9b

SHA-1:
dabfb92da3afac2fc891948685434c8f21e21426

SHA-256:
84942ffe099188ffe53b18e199c499f1f2f11f5782f314413a160927ccd66db9

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 1:30:06 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2954

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.151016

Bkav FE
W32.HfsAdware
1.3.0.7237

ESET NOD32
Win32/InstallCore.ACZ potentially unwanted (variant)
9.12416

Reason Heuristics
Win32.Generic.SCCE.Installer.Meta
15.10.16.14

File size:
1.3 MB (1,377,536 bytes)

Product version:
4.0.2

Copyright:
Software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\mp3rocket_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/24/2014 5:00:00 PM

Valid to:
8/24/2016 4:59:59 PM

Subject:
CN=MP3 TechSupport Inc., O=MP3 TechSupport Inc., STREET=701 Rossland Road East, STREET=Suite 363, L=Whitby, S=Ontario, PostalCode=L1N 9K3, C=CA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00942502E50B09BD176D7FFDEDA742A257

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:+jn27zuLavIpaNyveOgYLiXfWI3/Ey1xmt14ZmlSvnqc4LD69XsuA:+z27K0IpaIrgYOv6yg1OmwvnjLk

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8773

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file mp3rocket_setup.exe has been seen being distributed by the following 22 URLs.

http://www.mp3rocketnowbest.com/c?x=PBJrmXx951JG4o Mj65CoBrffOji7awtWXuZJIfzEyE=&c=tDgTKJlKG8p2GPD7WIh BW9aOi9vpeS5UAq0YgoJzS9EGArBr0xGnNNVjKIVDVEUWadFyah0PrAnIM7jzaY0ivYmyIGqWVjh1erLmu4Ce5ZU1djWzeWIQJ I3 jZcLR8qfV93Dg4BKyHkJeK/ERmhw==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.safefiles.net/.../mp3rocket.exe

http://www.mp3rocketnowbest.com/c?x=txj54 5LvwGJ/LID5xQQhMuZ3G0EPOtgK0D7Wpidcec=&c=Qop0vgpZuT5SA/KZHAd3se/LF6Vo3eMH4s67IA80xbbx0AKvaMdhoF1S2bW2ItL wbQkxpKheCf4DsBkAaWjoMBtaxo5KLaOiDMQLiwqdyrKfjkObK4WA7qU74y8n9CDFy4kKQUU1hwJWimXgtE4JA==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

http://www.mp3rocketnowbest.com/c?x=5sBs0t3Zd3OYWCfWHQNGVL2gVc2nnKwbT0uQOOwmlQo=&c=FrjOE0/2Ah0Lx3hgWRhSvYxc6c9I0LJP VGjZJxlbjJ4N2GSiXuEWBdooDDBB36rBNQfkD TBoo7I245IuFL/XOwCqDLLapl82CBZCyLyKNMAdGWNtTYFdJsm/FA6VtxGCRUvkyVF8BxKLYqgJVF w==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.safefiles.net/.../mp3rocket.exe

http://www.mp3rocketnowbest.com/c?x=IdZXPiws5IqMmkEfsQHxgsupBSScqnfpxux0BPpiYqE=&c=g/iPFaYSusrznLwAp4T4D iIlnwmeRWIlZmmx5I3GFLHa3Uk/LfsMitL Gi0ph14sGEtmXcC1uAI9dIo8NmbizfViYCQmP2TZTNVNX7aWA1FdTSKjACMiz OU28N6lGXngH5m5uX0LjVSocu6kvH8g==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

http://www.mp3rocketnowbest.com/c?x=OlZr7nld0MPr nJr3cTDRqrClXkSDFdUpyz1uPl6Q4I=&c=y0 MZIj0/YoRLrsMfaxzFQrCOZtbijOYr 3Z8y83GmYNvz3IKlO28sVcEKInsSa50iFBvLUSoKbTiLXTc2RbSgEK53 lAnY8FAaqeltvE4t6Q3tboNo5Fu312Pac5H5It uVGu5j8QCnH3/gPpT0dg==&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (199.58.87.155:80)

TCP (HTTP):
Connects to 92b91b35.rdns.100tb.com  (146.185.27.53:80)

TCP (HTTP):
Connects to ec2-23-21-150-180.compute-1.amazonaws.com  (23.21.150.180:80)

TCP (HTTP):
Connects to ec2-54-232-235-7.sa-east-1.compute.amazonaws.com  (54.232.235.7:80)

TCP (HTTP):
Connects to ec2-52-67-76-234.sa-east-1.compute.amazonaws.com  (52.67.76.234:80)

TCP (HTTP):
Connects to ec2-52-45-150-52.compute-1.amazonaws.com  (52.45.150.52:80)

TCP (HTTP):
Connects to ec2-52-30-150-214.eu-west-1.compute.amazonaws.com  (52.30.150.214:80)

TCP (HTTP):
Connects to ec2-52-208-40-227.eu-west-1.compute.amazonaws.com  (52.208.40.227:80)

TCP (HTTP):
Connects to ec2-34-198-225-71.compute-1.amazonaws.com  (34.198.225.71:80)

TCP (HTTP SSL):
Connects to a23-7-125-208.deploy.static.akamaitechnologies.com  (23.7.125.208:443)

Remove mp3rocket_setup.exe - Powered by Reason Core Security