mp3rocket_setup.exe

Putolafo

MP3 TechSupport LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mp3rocket_setup.exe, “Putolafo Setup ” by MP3 TechSupport has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.hostflashconcepts.com and multiple other hosts.
Publisher:
MP3 TechSupport LLC  (signed and verified)

Product:
Putolafo

Description:
Putolafo Setup

Version:
4.4.4.8

MD5:
85b420d62e0c2616f8dde1bf6015e155

SHA-1:
ee8b817d1b4bc108432603abbfafdbfc5ef781b5

SHA-256:
6e084a35b69250aca4158b57eba04d8c095013d3aeff1051297f83893025d979

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 12:54:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.12.19.18

File size:
1.4 MB (1,477,832 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\mp3rocket_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/21/2016 2:00:00 AM

Valid to:
4/22/2017 1:59:59 AM

Subject:
CN=MP3 TechSupport LLC, O=MP3 TechSupport LLC, STREET=3051 W Maple Loop Dr Ste 201, L=Lehi, S=Utah, PostalCode=84043, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0081ECF0B90414131BF9016277516512CB

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, A7, 86, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file mp3rocket_setup.exe has been seen being distributed by the following 50 URLs.

http://www.hostflashconcepts.com/6 F Furnhc57nSbUNawdxHI3UZ72H6xQiORpPZSwROyE8gOP08QJwMQd0sJOHvUOnhwoA0WwBzPbauB9_8YeDor5ZE39XntbtsLehXBDLVhBGPhD2TQXH9eVwvbNUA__G2M7kDodItxBMjPmcUnSDT2QPX0EsA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/N7Xiolpcwgw1lK5FeGXIr0H1z4QH9CNPeY1AzKbrYHXIhCCM6Lko1HTZv6MpIT IsR7nxAhycEtOf3vyDL_r71Eftt9As5FC4Tez8o8AyvUQFVb_Q_93YYbDjJITgL h9MF1ejg21CCGj6BrkkC OJ2QqSfK4g==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/8VepKr05qHD0kodSUY01T2NBwOpTO4Poq7UukphV1ic5hHLTh4r6zmUclQESNc4R9tqfoazkv7ua2BhYZz6NfsXFTUEjbupeJyMfFNrRMpuOKPGJF3e7_P7gT4FLd u9wcf3Q55HUqcZ PeCFiYAdmJx77LciQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/TyRh4VwR0SsF9aENli_T9fOoDayhShr0z eS5Mr6vzfsq2ZcOu29gJP7NsobVIGIclQkY3ymvvFu0FMwLB_0xeTxvFp32SU6oJoch9ogvxlc dxBEqp682nz7nWahpQk81fwndJC2s5sgcbNhKcqao1WRB9avg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/cm94E21F87UM9UC2I3Je0Cs33U wJb FHV884GflJytNji96MbOylXBotwYBdvE_9Bmetu_tMIFmVJ7XFDw1lV0Rdvh3OTrS07BeM9XZaeiGkthnaHRseKkNunh2Nsv NNBjqxhmfKBp3UPEdKvO5kLJJkst0g==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/qs7Ii0a2tsTYOxUTk5_nIgp63AJ929IJhUuIgHRZni8yN4aUcos971llcw3lM nOMh9SxTLcKuH4p09LMAKJlc2Y6SQe_JVTAREtCBWPG20Fstnp46xQDHirswOeRAe8cCDcUr283n3W jQvGbUZrV9kjID8dg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/769Jm m8whL51a58ncz5u3b17bruHMs93Ft42T3R4NuKklyPvfrgcM1NzTQ Z2la8C71KEbRAI5EM j0m2RfFSdUs6H6qs_q0_5GWpm3rYLuGdQWCETrGKV3y5Cam5wyWyvzeA1Rg5vcENGYwsahQCBrdlk2OQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/ldo1fBX4NPasv2u7ky2yHNzQaPuVIuMdD3tqP94PUafwkiG1U8sUEkh cX9VR6G6eqFvuhzz9xlO_LOrMMitJvRoaAEi28atw5cDi4c MY5mK_vpLvvNAt2g_noSgSo2LuMekKORNjrH729UXrSktuBQ3tsyzQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/hWUVWtjEEAfFvHXVrrmTGuSKjELJIsqDZWGFG9D0gDDmKYcZEEcRWAU1Yu_sdDoX9tMHAH3y5yaQM0U7XsjkXh9B9ygtBdurFvXCvuRZyqflHUUmclkuj_0XbApv8M8XcHfjWv88jXzgsJyN4LKdJHT3PdgQGg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/QJd9pbl9azHMyXvQCODiqLmPk9 orVoiKgZ1CvX8AoyndPhAprA0c35g3Un1goMQFDxfe8tmSKpJYxPcq0lHEphZa23UHnt_H3hZafftfASfspzTenH005b6W UDFiADTQzOE2An2FezoNbGLooyLB6vlk 88A==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/6H9jhyhMNUr5r5iezUA2F7lSgJuu0gJijWY6_cB4l7VT57caMTIp3z1XcWOlWq2cUF 9oqY1w8OEmx1pLW1pWms4phqxuc3IC8viTQjfRfC3H7nqU2u6h8LRnG8Ta2tOmzStQ17423E5iitQYjO3T6_MqweQuA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/A52 cxH68Hqv55bkODL83GXcM5VS4mR0rbL7hQgbpO YEDw20dkhbI8Vuwbvh8A2XT0YbMskClwAUbl0 NCJz4jX6YesI6nGAaCZiUuDNnPLNX6sbk6h9dxQQbNLYtwmjHIRiXjjTnA7aGwjYgUq51yS3tKFPQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/56LJl6Edvf3OMOgU1YGHBx8BShfMeYFsyYHYm0eCYs ZRYx8v36V3_cklt5q8Yqn8GOYadIxgwth3mTOw 55s aR5Mx9O8FRFtOMwFv9MTe9_yJAFE9ReEHXCVTVV5LgXX7awPrxYwDC4bAonVAT6svllg6s4A==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/E6cO1zWSY643GHS7F3_y8THtmwTQ6QBBTY1BvKJA 5bx168rvhxJGJ44C4J0uQ4vJSmwC4eR1M3H6hzMwi0IvwhH q4rDn Y08lMPGPBieMjboTVIwUaOuwh7h1rf8eZU_umwzsUfWJbTxHUNaF13aMHJKTvbA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/GVea9Pwhrm_V3l7XWKXFuvbDQ_3vYk_SCrU85xO8ZT24v9YdzY1dVKAQXX1lmFyY5lUdQ0DszNRo_CDbOjx56AjQVeMmuzw3WAG2lfXs7xojCA54eGVchPJsLCTkLBTkZHY szLUJWD4Ei2SLRwkUy_P_81D0Q==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/OMhC2icXLvPbHNV0c5BkP7Tb0TFVwjJRhaLPSwbsmtgtA5d80tsf4F8k0k_yt0YagpR8O1X0Atxx6R65_I2hRekgfkPGCltIAwxUekkVu25s6Dl3_9IfNcn9NiE6cWjuzJ5jSoZvT2129Ce8UbBcF1S5yyNONQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/ttyazUeeUVT6S7r2oFP5kP9gyaER8BpMeAmguzh69dsrBGlCeoaF0IGRtj1Q667y_LcTyR3WCnFpS9OilZ9qfIrStImrQrqu5Pta_EPe9d60DbjMNFSYz8JI5T66giKZidT0i0un2xKeHGiL6apOno8M VSb2w==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/uReNJbQ6wtlVSOyaKcw6_rs7iSOzOIf PIvi71XiXn7gJ39EfozaNqljj2zeMuU033lUw0qxxfPYNhbX6mdcwjT4VBKrtBYcG8lJipG4FsQ_U69yWP8wVxmK5P__3kxN6FaPlOheR4Yhy5BIvOQxKo 02N4gQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/wt60MgtG6U3WSAhBzhGONHjELJz148fL1iSHd7eZWkRo5enAVYlqYqYMDBFhMV7tBgUQaiKlxjeWns2jPZ1fKvFiia_aIfnmP a1n0LpVKXDmy6rP9yRj2YsDfCNjQjP9_6NMIArvmhasPlizpyq7fiZbZs_2A==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/sDQSgKIZNqrb9_HDEHX9Eq9GC7LxfPqfmqAMcs9eM1olNsLwCKKNRHsZdAWA_qKz TCFiyRQ d0 K2cuimAtAOMvTmu1I0vuo1ZoeEFOIoLPp4cjBqfitvMuHBOr0w QEpLvDe21bNURUSGgHTR81oS5SMfsRg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/s0l6SLIBjbVrgqi1J7QhhBhtrVN_11VMfTsJdFu0Zor6swLprecOZT7dIWQ_eYBWiEc6YChctL Va_p4DR40 n9zzPAMREoOBlx4 PVuWLhahswKqeN6ODlb POmoIIdlPEmaukz8oYuOw8Cv3IKh02 I7RVRg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/2EZc0yVjPxBYqnkWCMUzuseyZdD NxyOYQ8wAEs59wMdrl0cFQhZ8VSE9hxkMhOfVCLCKgJbgHadDCqbiUIoNa3byzu7E5 buqV9eTFEngyfRp4XXR5p bVJ5YKFuKavtZGxLhiyMgtSQfZnJsxMN A82KPkpA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/EUQNIgMn 7k 0w2 KSSX4ZQU3ft4tlhza2Hc9Ii1ccH1ekT1DZaAXGtavMnIJbkV m3IW8f1a7B0WfGRmz43cnu5 UGJz_wcHwHFkgt_dpMPKmNzKjm0aHu8Lw9oXONc7fqe7QlUYO9nsx4_L3aM1Yj9qp__ag==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/kioR2f Ym17umv3ViAtORIA4ANS IxKd7_CrIcIBsjOBMyqlKdhMFJaWPME5KMROXdWfk9rCE99IyHQws30H2ZO3b4xTjA8 29FXF0yhVw6lcLKZhGweFZC7Za6QQJ5ShWNoSftEMOiH_ab9Eoy yqLInPuCqA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/NWeovKUYTyvyzVa_OsbtOFZagjdHdrm90wc16nF8idkPekM7MyJiQh4a1GvY1rN40ksCnnoU byRUgKVJR_mY21AKRgnL6yXmNUjMooGeaMljF5YnF1sfPzC3jtOOgkBQK6yhYbyWBdXMmYf0AfHrs_1RujUsQ==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/KTgDcJh0omsWxYZnqHkQmqGouwcAZXp6YHeNQJGgQM CjYpmqjSi HjowLSyKxjYjcyC lRMbRIrD3Zg5hFk8324hTBLVXdbWFqWB7HVWNyQjiybRLjNNI5RnoZ7HFgIG1uYJdRXt3mEZipVXdzMfUbNihXE9g==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/f8rHaa1jXaJ2itASRkT41B2vJvZCrJw7JBQpgga26WhxgR1v3r4 JqF73Jx_ZvzehTOUOiMp4GT4NiaKF_Ecf g7TcxC6gkM4TeUXFm8D_2vW5oeH4eOTeMKqcKbc9L eJa7iauf_EvtJ_o1mGa0e hL9rTJlg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/Of9yVuMj44p DjHxsF5ioxc7cJ6qzbwqExcKlbdIVHqg ae iWc5plawdZHsCyo9 egQKF9JZeP vaTms8kmcY7XgO1p0IGQ5 7KBK7IxkKh7CSbLLJDyNwXICiIJLnzSt DGzxPyJxoLozEV8iGdG2EyiDciw==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/5IAfJYFBjZ QjNUJpFaCCUaL4mISGJEzylHd1boq9mn7wqF0uV0Xo93tH_hrM9DZAvP46KWfz6HuiaeWbCrJDbJCdZ4kVDE9ZrLcvpCBsgabcKSWfsI JIX53wEPCB3zCy1zMM92QKiOGrEsP6TbsuFneNoDPA==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

http://www.hostflashconcepts.com/EP NWFT2xC19iUzeBDCm08TFFTfLibk9t28J z90cic_ZhIYZSJdrx1NQaIXvcpjTWPNapSMUYXF6NWmivVMgD4LfJIzxjLHTm6D82Dcl5SKceDg8seY9HOomf4ee0Gf7qAgMRxgFoOcHUbQk1ltr0HAk25DSg==-Gy8AAATqZLG9ICbhNJvtBeCQA_a3IsnCYGPsXNFGfmPGr6spU1DQc8ym53HiAQ==

Latest 30 of 1,515 download URLs

Remove mp3rocket_setup.exe - Powered by Reason Core Security