ee5b0968-db57-0542-b009-e475d2db6508_1d1c31d06411b0b

Rukimakin

Mode Beta (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file ee5b0968-db57-0542-b009-e475d2db6508_1d1c31d06411b0b, “Rukimakin Setup ” by Mode Beta (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Mode Beta (Fried Cookie Ltd)  (signed and verified)

Product:
Rukimakin

Description:
Rukimakin Setup

Version:
3.7.4.5

MD5:
896e66e5065eea43f74090fce3747749

SHA-1:
abf152fa9af6c96a8adc9bd7369c3c08eb5cf827

SHA-256:
b75936ae5bfa4c6c9d678b0008ef0405ba26bad32a2ab9fbeb264d719d5fe1ab

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 7:34:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC.Installer (M)
16.6.9.14

File size:
960.6 KB (983,624 bytes)

Product version:
1.2.5

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\ProgramData\microsoft\microsoft antimalware\scans\filesstash\ee5b0968-db57-0542-b009-e475d2db6508_1d1c31d06411b0b

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 2:37:06 PM

Valid to:
7/7/2016 6:06:18 PM

Subject:
CN=Mode Beta (Fried Cookie Ltd), O=Mode Beta (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112172B4C29D53526C8AFAEF1C4F6265E881

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:JCi46vIpWeGEvHstSIgFnM2MXLk03/hNcQQicg6pxiEW8:JrrwwXEvHstlgJM7k8DNcggxC8

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file ee5b0968-db57-0542-b009-e475d2db6508_1d1c31d06411b0b has been seen being distributed by the following 50 URLs.

http://www.stockbundlecentral.com/WVl6OTRQV1ZZUlhvbE1rWnhlVlo0WW5WUE5FaElaekJtV2xFbE1rSm1iMFEyTjI5c2MyTTBjRmhxV1hRM2RrbE5hRzlOSlRORUptTTlSMFVsTWtKSU9XWllWR0ZHYzB4eGJYaFVRVTl6V2treFMwNDRUREJKVkZrbE1rWmpkM2hEUlZreFptWWxNa1l5VUdKMVQyWjZUa001WTBoWFlYSkxOMkZCUm1aTWFHMWhkekZpVXpscmRqQmtZa0ZxUTFWbVYyOVhlVFZ6YlZKUlowdzVkemRpUlVWeWVWZDJabEJLTWtGTUpUSkdZbkUyTVdkcmFrZFJiek5MZVVaVlNtbFZjVWw0VW14aWVWZFRNWGROVGxKcGJWWlpablI2WjJjbE0wUWxNMFFtWlQwd0ptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTmhKVEptSlRKbVlYSmtiM2R1Ykc5aFpDNWhaRzlpWlM1amIyMGxNbVp3ZFdJbE1tWmhaRzlpWlNVeVpuSmxZV1JsY2lVeVpuZHBiaVV5WmprdWVDVXlaamt1TlM0d0pUSm1jR3hmVUV3bE1tWkJaR0psVW1SeU9UVXdYM0JzWDFCTUxtVjRaU1prYjNkdWJHOWhaRUZ6UFVGa2IySmxMVkpsWVdSbGNpMHhNall5Tnkxa2NDNWxlR1U9

http://www.clearuniversecapital.com/WVl6OTRQVzRsTWtZM1RXaG9hVlZIWldkTVpIbEtUSHBJZVRkU2IxY3libEkxY25OUE5tbEpWM0V6TWxWMU1YUkpheVV6UkNaalBWbFVKVEpHWkV0RlpHa2xNa1ozVXpBeVp6TXplbXRNTVZCbmVrWjJaSGhOYkhwUFYxUlNkVWxYV0ZOQmRXRlBNRFJYTVdad01uTmFkazVqYjJkWWFrMUNVMjlHVG5sNFdIVmFXQ1V5UWtGWVFUZ2xNa1pYTmlVeVJrbDBUMU5YVW1sUWJGTjZTblYzZHpaM2NrbFFPWGxyUkhaWUpUSkNTWGxDSlRKQ2JVaHRObFZPWVhjNVJrc3hhRWw0WVZneFl5VXlSamR4ZUV0WFQxTjFaRGxDWjFKUWRHaG1iMEVsTTBRbE0wUW1aVDB3Sm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROaEpUSm1KVEptWVhKa2IzZHViRzloWkM1aFpHOWlaUzVqYjIwbE1tWndkV0lsTW1aaFpHOWlaU1V5Wm5KbFlXUmxjaVV5Wm5kcGJpVXlaamt1ZUNVeVpqa3VOUzR3SlRKbWNHeGZVRXdsTW1aQlpHSmxVbVJ5T1RVd1gzQnNYMUJNTG1WNFpTWmtiM2R1Ykc5aFpFRnpQVUZrYjJKbExWSmxZV1JsY2kweE1qWXlOeTFrY0M1bGVHVT0=

http://www.contentdownloadmega.com/WVl6OTRQVzV5T0hBME5tcHFVbVZTTUdrM09XUjRhbUZ0WTNKbE5qZGxRMk42Vkd0eFdYRm1hMVJ5ZVZKblJqZ2xNMFFtWXoxUlpFa3djbGRDVTFSWmNrZHlZblZuVFZOdE1UVktTMGc0V1dWdVRWSjFNRXhKTkVabldUTm1WMkppYUVGeWRVRjRWVmMyWVd4MmRUbHVOelUzZW1WamRrSnVNM1YxV0hwU05tMWhibVIzZEc1WFR6RlNSRkJKWVRGUlRWbzNhRTVKVUVwWFdtOUtRbmROVVhBbE1rSjVNVzVIUWtacVJEWjFNbU55UzNFeWNtMTJSbEZSSlRKR1JWazFjbGgwYms0bE1rWTRjMnhHU0VaclVrRWxNMFFsTTBRbVpUMHdKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5oSlRKbUpUSm1ZWEprYjNkdWJHOWhaQzVoWkc5aVpTNWpiMjBsTW1ad2RXSWxNbVpoWkc5aVpTVXlabkpsWVdSbGNpVXlabmRwYmlVeVpqa3VlQ1V5WmprdU5TNHdKVEptY0d4ZlVFd2xNbVpCWkdKbFVtUnlPVFV3WDNCc1gxQk1MbVY0WlNaa2IzZHViRzloWkVGelBVRmtiMkpsTFZKbFlXUmxjaTB4TWpZeU55MWtjQzVsZUdVPQ==

http://www.clearuniversecapital.com/c?x=aBaVztZiBEDd6uWbH5gajX XK0RmAWlc9EE7Ep/QrTg=&c=tFrNGGvoiM0/1VbsgL6x7Bg2GCobHMkFcLNaqqbGqt26HnPLFurrwJkmLoqGMDtk3BguxbqiR6Y2402t13eDpEZ09TZLL6POFgV93Hu08DB93 nw9HpPEAEFdL/YwIdGi7xxtMi7VnEjZ8nyq0nZOYkIRLfzR3czx0WkPt1O3dQ=&e=0&fallback_url=http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.5.0/.../AdbeRdr950_pl_PL.exe&downloadAs=Adobe-Reader-12627-dp.exe

http://www.bundleflashapps.com/WVl6OTRQVkpzTjBoaFQybFJjamRxT1RodlJGRm1ia0l6VGtsWmQwRmpkMFZMUVRKak1IcHVTMU5ZT0UwMlNra2xNMFFtWXoxc1VrWWxNa1pyY25seVZuZ2xNa1ptYWxGUFJVOXFOelp0WmxGMFl5VXlRa3RoYURoMGEwczFkRTV3Vkd4TVN6bEVTVzF1UWlVeVJsQm9VRVp2SlRKR05HRnZWemwyU2pnelpVNUlhekY0YTJRMFJUWkxNa001TmpWUllrbzJhU1V5UmpCd2JuZFJVMW9sTWtKYUpUSkdhV1pVVkhkRGJUWXlibWMyVWpOMFMyUlhiblJETWxKalR6a3lVWE5pV1dkTVJuaHFiV1p5T1hkR1ZtbzBibkJDYm5ZeWJYWlJKVE5FSlRORUptVTlNQ1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6WVNVeVppVXlabUZ5Wkc5M2JteHZZV1F1WVdSdlltVXVZMjl0SlRKbWNIVmlKVEptWVdSdlltVWxNbVp5WldGa1pYSWxNbVozYVc0bE1tWTVMbmdsTW1ZNUxqVXVNQ1V5Wm5Cc1gxQk1KVEptUVdSaVpWSmtjamsxTUY5d2JGOVFUQzVsZUdVbVpHOTNibXh2WVdSQmN6MUJaRzlpWlMxU1pXRmtaWEl0TVRJMk1qY3RaSEF1WlhobA==

http://www.vaultschuckleapplication.com/WVl6OTRQWE40Ulc1aWJGTkpabGRwZFRWeU4yVldiVGx1UlUwbE1rSlBiWFJVSlRKR1prUlRSazR3YWpScllTVXlSazFaYmswbE0wUW1ZejFUTmxseWMxVmphek1sTWtaMlRuaDVKVEpDY1NVeVFqbFhiSGhtWW1ReE1tNTZUV1J5UlRoQlkwNU1WMU5DZFhaMWNWWnBkRUlsTWtaSWIzRnJWV2Q1TVZkcloySnhXV3cyUVZreFZIRk1Rekp2Wm1ock5WcFBOalpPUkhKUE5FVnlWR1pUZFdZNU5tSXhiSGhTY0ZBbE1rWnhPWGhSU2sxMFdrNTViblZVWXpGUVVtdzJOWGRtVUhnMVFsTnVlVmR5WkhkTFdFd2xNa1k0VWlVeVJtcEdXSFpTVVNVelJDVXpSQ1psUFRBbVptRnNiR0poWTJ0ZmRYSnNQV2gwZEhBbE0yRWxNbVlsTW1aaGNtUnZkMjVzYjJGa0xtRmtiMkpsTG1OdmJTVXlabkIxWWlVeVptRmtiMkpsSlRKbWNtVmhaR1Z5SlRKbWQybHVKVEptT1M1NEpUSm1PUzQxTGpBbE1tWndiRjlRVENVeVprRmtZbVZTWkhJNU5UQmZjR3hmVUV3dVpYaGxKbVJ2ZDI1c2IyRmtRWE05UVdSdlltVXRVbVZoWkdWeUxURXlOakkzTFdSd0xtVjRaUT09

http://www.bundleflashapps.com/WVl6OTRQVU5SYkdoak1TVXlRbE5UZGpsd1dIZzRRek5STmpocVNGbzVSbXRvZHpCNU4xZFRNRnBUVjFSTE0xZHlOQ1V6UkNaalBVdzVNMUJzU1hkU2VUQklWVU5uUWxVbE1rSk5kMUZoV0ZwRGFUUkpXWEI0ZWpaVWVtSnlhblpEVUV0M09TVXlRbU00YW14UWMxUkNieVV5UmpOR1JHeFliVWd3SlRKR04weE1TVzFVV25GVGRGZDJlRWhQUzJsM1ltOVVSR2RqZUZRM1dWZEZPVlpZTmtkMmVEYzNNR2RMUmt0SGJrRndkRlF3TjJ4SkpUSkdWVVVsTWtKTGJqRTFjR0kwYnpsb1YxazJSMDFuVG1Gd2RFSmxXVzVvTVZsV1p5VXpSQ1V6UkNabFBUQW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMkVsTW1ZbE1tWmhjbVJ2ZDI1c2IyRmtMbUZrYjJKbExtTnZiU1V5Wm5CMVlpVXlabUZrYjJKbEpUSm1jbVZoWkdWeUpUSm1kMmx1SlRKbU9TNTRKVEptT1M0MUxqQWxNbVp3YkY5UVRDVXlaa0ZrWW1WU1pISTVOVEJmY0d4ZlVFd3VaWGhsSm1SdmQyNXNiMkZrUVhNOVFXUnZZbVV0VW1WaFpHVnlMVEV5TmpJM0xXUndMbVY0WlE9PQ==

http://www.worlddlstock.com/WVl6OTRQVGsxY201bk1rSjBXalZYY0VzMGFua3dPSG8yZFRCemVsWklRVkp5UXlVeVFrWnFZV2hRYzBkbGFrNUhieVV6UkNaalBXTTRXbTVPZG5jMlQzVTJkMlY0SlRKQ1ZVOVVhMFZHZW10dGRYTmFRa1FsTWtKaWVtRkplRTFsV21aNFJ5VXlRbE5QYTFGemQwTXhWM05sY0hoSFpVZEdTR2hQU3pCYWJHTkpRbTlMZVhONU5GSTNhMjFwVlVFMGFEQktiRXRTV0dobWEwVlFUMFJCTjNaS1dHcFdaaVV5UWlVeVFtRldRekF5UkNVeVFqRjNhbkJvTTNoV1YwazVUSEpFTkNVeVJsRmhiazFWT1hSTlNVUmFkRWx5TW5oQlFXTkJKVE5FSlRORUptVTlNQ1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6WVNVeVppVXlabUZ5Wkc5M2JteHZZV1F1WVdSdlltVXVZMjl0SlRKbWNIVmlKVEptWVdSdlltVWxNbVp5WldGa1pYSWxNbVozYVc0bE1tWTVMbmdsTW1ZNUxqVXVNQ1V5Wm5Cc1gxQk1KVEptUVdSaVpWSmtjamsxTUY5d2JGOVFUQzVsZUdVbVpHOTNibXh2WVdSQmN6MUJaRzlpWlMxU1pXRmtaWEl0TVRJMk1qY3RaSEF1WlhobA==

http://www.clearuniversecapital.com/WVl6OTRQU1V5UWtGcU5uTlBNbk54SlRKR09YRm9jM3B4ZHpGdVFtcGFiV2hpU0dwMVRIZHJjMmxSUld3NVJGZ3lOMlJqSlRORUptTTlKVEpDSlRKQ1ZFRkhZeVV5UmxoRlJuaElWbE5SZWlVeVFuRlZOWEJUZVdOYU9FbEtPRWRzTjB3MWJEYzVWbUp3ZEhRMWFua2xNa1ppWmxZd1ltVkJOamRaWkhwaE1FRmtTMmRIU2swemVIb2xNa1pEWkdScVNWSWxNa1p2UlZCQ1RYRTRZbnB2UkRoVWRtTmphRlZKTjFGRVFXbG5UVU5DUlVJbE1rSlZXV05NVmxSaEpUSkNNM0J3UVVWRk1URnJVVlZaV21Ka2NsRkdVVUZVVTJwR1oweHpkMng0VlNVeVJuY2xNMFFsTTBRbVpUMHdKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5oSlRKbUpUSm1ZWEprYjNkdWJHOWhaQzVoWkc5aVpTNWpiMjBsTW1ad2RXSWxNbVpoWkc5aVpTVXlabkpsWVdSbGNpVXlabmRwYmlVeVpqa3VlQ1V5WmprdU5TNHdKVEptY0d4ZlVFd2xNbVpCWkdKbFVtUnlPVFV3WDNCc1gxQk1MbVY0WlNaa2IzZHViRzloWkVGelBVRmtiMkpsTFZKbFlXUmxjaTB4TWpZeU55MWtjQzVsZUdVPQ==

http://www.clearuniversecapital.com/WVl6OTRQV0kzV0dwMFpURkxUVE5wY1hBelNHdENKVEpHYmpKSVprUlRlVUpXWXpaUU5rOW5TVEZQVEhOc1NFWnlWU1V6UkNaalBTVXlSbE4zVUVvMGNVaERjSFpGTmxkdVpHUTRWbWRGZFhOeVRqRWxNa1ppZUhRNGFsa3pKVEpHTWxCSVNVcFdSU1V5UWxNM1FuSkdObVZIV0dwaldEZHViekF6V2pka01XMUllR2xTUVUwbE1rWjZhVUZvZVVvbE1rWjBWVk5NVkV0SU5XaGtKVEpDTkdVMFV6TlJTVWxxVldGMGVGcGtTbWRZSlRKR2QwMU1SRlV5ZUZaVVdYRXdVakpUTWpjeVUzaEVWamxHWjFGaVNGRTVjRmcySlRKQ2JXOXBhM0J5WnlVelJDVXpSQ1psUFRBbVptRnNiR0poWTJ0ZmRYSnNQV2gwZEhBbE0yRWxNbVlsTW1aaGNtUnZkMjVzYjJGa0xtRmtiMkpsTG1OdmJTVXlabkIxWWlVeVptRmtiMkpsSlRKbWNtVmhaR1Z5SlRKbWQybHVKVEptT1M1NEpUSm1PUzQxTGpBbE1tWndiRjlRVENVeVprRmtZbVZTWkhJNU5UQmZjR3hmVUV3dVpYaGxKbVJ2ZDI1c2IyRmtRWE05UVdSdlltVXRVbVZoWkdWeUxURXlOakkzTFdSd0xtVjRaUT09

Latest 30 of 60 download URLs