rim.exe

Robust iPodManager

Robust.ws

The application rim.exe, “Robust iPodManager Setup ” has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
Robust.ws

Product:
Robust iPodManager

Description:
Robust iPodManager Setup

Version:
1.0.0.19

MD5:
6c4e0e77d05e4b8a95799c39862ee028

SHA-1:
05a1a22522a4dfa7d9326097b76690f7cb777134

SHA-256:
bd6f74e3d034dcda03421a979d23a6aa815bc46d4d4ade28f86f1d2a2aed15f0

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 11:09:20 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt
17473

ESET NOD32
Win32/Adware.RK.AP
10.9190

Malwarebytes
PUP.Adware.RelevantKnowledge
v2016.07.03.08

Trend Micro House Call
TROJ_GEN.F47V0513
7.2.185

File size:
4.7 MB (4,968,963 bytes)

Product version:
1.0.0.19

Copyright:
Copyright ©2011 Robust.ws

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\rim.exe

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:QysZ8mrDegRfEAOwAB7htshlnfRcFqVbu8DgKfvu0yhg+VLxJhC4RgJ:BqpHeK8AOwMv0RRcF4bN5fvuv++VLH/w

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9989

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file rim.exe has been seen being distributed by the following URL.

Remove rim.exe - Powered by Reason Core Security