home

xperia-companion-24323-dp.exe

Rukimakin

Mode Beta (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application xperia-companion-24323-dp.exe, “Rukimakin Setup ” by Mode Beta (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Mode Beta (Fried Cookie Ltd)  (signed and verified)

Product:
Rukimakin

Description:
Rukimakin Setup

Version:
3.7.4.5

MD5:
28b3b1a771dbaa18182dfb304d15154b

SHA-1:
841046a6ac54eb1ee0a2ad367fe7c594596994df

SHA-256:
5743be7a5ad63603aa7c5f6d19c17bfde2c1581bd106b52693eb86362e4c3ef4

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/1/2024 4:33:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC.Installer (M)
16.6.10.18

File size:
960.6 KB (983,624 bytes)

Product version:
1.2.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\xperia-companion-24323-dp.exe

Digital Signature
Signed by:
Mode Beta (Fried Cookie Ltd)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 2:37:06 PM

Valid to:
7/7/2016 6:06:18 PM

Subject:
CN=Mode Beta (Fried Cookie Ltd), O=Mode Beta (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112172B4C29D53526C8AFAEF1C4F6265E881

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:jCi46vIpWeGEvHstSIgFnM2MXLk03/hNcQQicg6pxiEW8:jrrwwXEvHstlgJM7k8DNcggxC8

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file xperia-companion-24323-dp.exe has been seen being distributed by the following 11 URLs.

http://www.headcycleuniverse.com/WVl6OTRQVWhGVFhacWRGcGtjemRwYkVOdVozRmpValpUY3lVeVJta3dlbVZYY0hoSVQxQmtiRWw0TjFkdlVXRjRXU1V6UkNaalBVeE1ObG95UmtWc1JVSk5TRkZvVUhWMlJXcEJWbk5xUmlVeVFtcHBNazlJYUZZeVJuUkRhazkwTTFwUk5XVlRaalJpV2twWmJFTWxNa1o0YjB0WGNGRXdWV2NsTWtac2NXaHBNbVJsZGxKdE9GcE9WRkY1VVhZMGN6WlBlV2RTU2psVWRUUnhla2t5ZGxaeVNqa3lNU1V5Um5WWmRUSnRibHAzZWtrM2R6aFVPVGxHVTBobVJ6WldVMkptUm5jMmJVSlpSR1kwV0RkbVNFdEVWV2xSSlRORUpUTkVKbVU5TUNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVellTVXlaaVV5Wm5kM2R5MXpkWEJ3YjNKMExXUnZkMjVzYjJGa2N5NXpiMjU1Ylc5aWFXeGxMbU52YlNVeVpsTnZablIzWVhKbEpUSTFNakJFYjNkdWJHOWhaSE1sTW1aWWNHVnlhV0VsTWpVeU1FTnZiWEJoYm1sdmJpVXlabGh3WlhKcFlVTnZiWEJoYm1sdmJpNWxlR1VtWkc5M2JteHZZV1JCY3oxWWNHVnlhV0V0UTI5dGNHRnVhVzl1TFRJME16SXpMV1J3TG1WNFpRPT0=

http://www.tagtowerscapital.com/WVl6OTRQVTFrYjFrNFoyRTFiaVV5UmtaRWFVdFBORFFsTWtaVU9IaHlVMUZGYkVkNWFsVnhTbEJtZERZMFVYbFBSekp6SlRORUptTTllbTkxZVdaUWFXZzFNSGh2TTNZMGJGQjZTVmxFVG05aWMweFlhV1IyTjJOallUWjJiazF1ZUhCbWQwNW9iWEZYY1ZsTlMxRndabFZ2VEZsSGFUWjZiSFpHUldwRlNITjNURk5NTlVFNFFrSkVVazgwYkhacVNVUkVTbGRZVkhGc05sTkRWREJIWVVWTlYyRnRkRWNsTWtKTUpUSkdUM1JWVEU1UFVUVktKVEpDVW1Jd1pHaExVVE5NTm1nME1UWTFPVVp5TkdNNVltOVdiMnAzSlRORUpUTkVKbVU5TUNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVellTVXlaaVV5Wm5kM2R5MXpkWEJ3YjNKMExXUnZkMjVzYjJGa2N5NXpiMjU1Ylc5aWFXeGxMbU52YlNVeVpsTnZablIzWVhKbEpUSTFNakJFYjNkdWJHOWhaSE1sTW1aWWNHVnlhV0VsTWpVeU1FTnZiWEJoYm1sdmJpVXlabGh3WlhKcFlVTnZiWEJoYm1sdmJpNWxlR1VtWkc5M2JteHZZV1JCY3oxWWNHVnlhV0V0UTI5dGNHRnVhVzl1TFRJME16SXpMV1J3TG1WNFpRPT0=

http://www.worlddlstock.com/WVl6OTRQV2NsTWtZeGFIQlBWbVoxV0ZBbE1rWllkSGR1UlVaYU0zbFNSemhETlVJM2RWbDNNamxZYURWUlkwOW1aak4zSlRORUptTTlRa2RNTWpFMmJVZzBiMlppU0dNek4zbHpWRFJGWjB0dk5GTnZWRzQzUlZwc0pUSkNTRFpuWVhaTFQyZFhNaVV5Um5oWlVXaFJVMXB2ZEhCcGJtSlFNVEpJTm1wMVRrZDRWbEptUTNORWFYQmFUR1Z3YW1GUmFuaFdZeVV5UmlVeVFtNTRVMkpoYW5Cd2NrVmpXRFY2VG5NNE5tWnpiRlV4WldWVloySlRWRXBHWjJ3eU0ybFJibkJyT0dONWJYWlZkbFpDYURkeE0zUm5XVVpFVEdjbE0wUWxNMFFtWlQwd0ptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTmhKVEptSlRKbWQzZDNMWE4xY0hCdmNuUXRaRzkzYm14dllXUnpMbk52Ym5sdGIySnBiR1V1WTI5dEpUSm1VMjltZEhkaGNtVWxNalV5TUVSdmQyNXNiMkZrY3lVeVpsaHdaWEpwWVNVeU5USXdRMjl0Y0dGdWFXOXVKVEptV0hCbGNtbGhRMjl0Y0dGdWFXOXVMbVY0WlNaa2IzZHViRzloWkVGelBWaHdaWEpwWVMxRGIyMXdZVzVwYjI0dE1qUXpNak10WkhBdVpYaGw=

http://www.deliveryheartconecpt.com/WVl6OTRQVEJOWXpkYU5tbDRiRVYwV25FMlVVTlZRbmszUkhBelEwVlBSMWxzV1NVeVFsTjBSQ1V5UW5WYU1YZ3hjV3BKSlRORUptTTliVFF4ZUVWNmVFcGxZVzVOZEZaVlpUaFdTRXBvT0hwcmJXRk9Xa2hyUW5scFVEVTJURWRuZVhjMGRqRjVOM1JpUTBaSE1VaEZUbTlGVUZvMVMyNVZUSGhaY2tGNWEwVnBVRGMwT1RoNWNIWlVWMXB3VEdzeWMxVXdjWGxNYVhONVZsTkpSa2N4UlUxWVkxRlFUMkZJUzJWd1NHaFdNMVY2Wm5wU1YwZDVPVVYwV1hkak5EazBiMmgzYkdSVGNuZzJiREJOZWtkQkpUTkVKVE5FSm1VOU1DWm1ZV3hzWW1GamExOTFjbXc5YUhSMGNDVXpZU1V5WmlVeVpuZDNkeTF6ZFhCd2IzSjBMV1J2ZDI1c2IyRmtjeTV6YjI1NWJXOWlhV3hsTG1OdmJTVXlabE52Wm5SM1lYSmxKVEkxTWpCRWIzZHViRzloWkhNbE1tWlljR1Z5YVdFbE1qVXlNRU52YlhCaGJtbHZiaVV5Wmxod1pYSnBZVU52YlhCaGJtbHZiaTVsZUdVbVpHOTNibXh2WVdSQmN6MVljR1Z5YVdFdFEyOXRjR0Z1YVc5dUxUSTBNekl6TFdSd0xtVjRaUT09

http://www.headcycleuniverse.com/WVl6OTRQVElsTWtZNVRtdDJVR3gyUjFaVlYzVkRhbVZYSlRKQ01GbHhRMjl0Ym1sU2IxUm1Za3BVUVhZd2MyWkpKVEpDT1UwbE0wUW1ZejFIYlhoNVptOHhRU1V5UmxCTWQyUTJRbkZGVm1ObVRtaDNjU1V5UWpWMVFrOXljekZtYldnbE1rWTBlVVppT0VKSWNIWmlNV2N5TWtsdmFFNW9jbG81TTBWVVFrbFNVSEpvZWtrM1RtSkxUbHBXWkdSUWFucGxWVWx2UTFaRmRqbEZORzAyUjJoRE9UTldSRE5MU1ZrNFNXMTZNbk4zYnpkNlZ6VXlTRTlPZUhsUlRFdDRTMjlhWjNvM1lTVXlSbmxIU0VOc09FRTBVMmhhUVd4cVp5VXpSQ1V6UkNabFBUQW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMkVsTW1ZbE1tWjNkM2N0YzNWd2NHOXlkQzFrYjNkdWJHOWhaSE11YzI5dWVXMXZZbWxzWlM1amIyMGxNbVpUYjJaMGQyRnlaU1V5TlRJd1JHOTNibXh2WVdSekpUSm1XSEJsY21saEpUSTFNakJEYjIxd1lXNXBiMjRsTW1aWWNHVnlhV0ZEYjIxd1lXNXBiMjR1WlhobEptUnZkMjVzYjJGa1FYTTlXSEJsY21saExVTnZiWEJoYm1sdmJpMHlORE15TXkxa2NDNWxlR1U9

http://www.headcycleuniverse.com/WVl6OTRQVFZsY0U5emRIUmFkVEI0UmxKU1VIUnBOM2RVYms1dFJIQmxNM2tsTWtacFdsTlRlRUphVFZBd2N6aFJRU1V6UkNaalBXSjJVM3A0ZFd0S1pXaDFOV2hzUVZOWGJXSlFTVGxvVGt4WlVHaEZXVTVDSlRKR1FVUmhaMUpSUm1sM2VUZ3djbkI0T1RjMFZXVjVNeVV5UW5OM1JqRTVRV1VsTWtKbGVUZDRVWE0wYWpSMGFtdEhZbkl3SlRKR04waGtialJ1ZVU5TFZXcEVXVU51ZEc1dWJrUnRZamhPTUZadVNHNXlWRzFoVDFKNVdqSndaV2h1ZUZoR09FZEJVV1ZxVGxKelQweE5iRWR3YlRocVdrTnNjWGhSSlRORUpUTkVKbVU5TUNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVellTVXlaaVV5Wm5kM2R5MXpkWEJ3YjNKMExXUnZkMjVzYjJGa2N5NXpiMjU1Ylc5aWFXeGxMbU52YlNVeVpsTnZablIzWVhKbEpUSTFNakJFYjNkdWJHOWhaSE1sTW1aWWNHVnlhV0VsTWpVeU1FTnZiWEJoYm1sdmJpVXlabGh3WlhKcFlVTnZiWEJoYm1sdmJpNWxlR1VtWkc5M2JteHZZV1JCY3oxWWNHVnlhV0V0UTI5dGNHRnVhVzl1TFRJME16SXpMV1J3TG1WNFpRPT0=

http://www.contentdownloadmega.com/WVl6OTRQV1IzY2xSTVNHNXJUQ1V5Um5NeE1YcHplamt3V1U5bllXSm9PRmxXZGpoNlVtcEpSMDFvVWxWRGNXUk9SU1V6UkNaalBTVXlRakJNTTNNemJFRjBha1oxY0dwMlVYaEJUVmdsTWtaM2R6ZGpaMlIzYUdnbE1rSnlPR1prY3pJMlRVcElTblZzYTNaREpUSkdhbUp4ZURkUVdHWnlWWE5oVGxsNWFWZ2xNa1pzVWxwblFuSlBXWFEwVUZJd1NHOTBNbWhoUmt0SldFdERXa1ZYVHpBNU5rRkdSVklsTWtaYWNGQkZZbkk1VmpkSFZIVjBXRVZLYlU5WFpHZ3hURTlJT1RCNmJrSmFKVEpDUVRSRWFWWWxNa1kxU1RWNmRrRnhlbmNsTTBRbE0wUW1aVDB3Sm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROaEpUSm1KVEptZDNkM0xYTjFjSEJ2Y25RdFpHOTNibXh2WVdSekxuTnZibmx0YjJKcGJHVXVZMjl0SlRKbVUyOW1kSGRoY21VbE1qVXlNRVJ2ZDI1c2IyRmtjeVV5Wmxod1pYSnBZU1V5TlRJd1EyOXRjR0Z1YVc5dUpUSm1XSEJsY21saFEyOXRjR0Z1YVc5dUxtVjRaU1prYjNkdWJHOWhaRUZ6UFZod1pYSnBZUzFEYjIxd1lXNXBiMjR0TWpRek1qTXRaSEF1WlhobA==

http://www.todaymetabundle.com/WVl6OTRQVkJoVkUxdWREWnlPVEZJU21kU1VUSk5hRE5GUkVnMWVFODJTVGQwTWxkTk9UWnRZa1F4T1dsRk9YTWxNMFFtWXoxRFdtMHdWRXcxWjNKSmEzWnVPV2swVG1oMFRqbExNbEpqVFRjNWNqRmpKVEpHWkc4bE1rSlhjRWh0VlVwRlNsTmxiR1F5V1RGc05XUm5iMkZ6U0dkNFUwTkJXV2RDTnlVeVJrUjFNVWRoWm1obWRWSkJhbGR5Um14M2FGWklSMFJDTVVKRGFuUTRNbkJIYWtWVVZFWjJhV2RhV1VOc1FrTnBNM054UkhSeFNYVnNjWE5WUm1nelltSmFTRUZGY1V4T1JHTkRjRVZxY1ZOSU1tY2xNMFFsTTBRbVpUMHdKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5oSlRKbUpUSm1kM2QzTFhOMWNIQnZjblF0Wkc5M2JteHZZV1J6TG5OdmJubHRiMkpwYkdVdVkyOXRKVEptVTI5bWRIZGhjbVVsTWpVeU1FUnZkMjVzYjJGa2N5VXlabGh3WlhKcFlTVXlOVEl3UTI5dGNHRnVhVzl1SlRKbVdIQmxjbWxoUTI5dGNHRnVhVzl1TG1WNFpTWmtiM2R1Ykc5aFpFRnpQVmh3WlhKcFlTMURiMjF3WVc1cGIyNHRNalF6TWpNdFpIQXVaWGhs

http://www.stockbundlecentral.com/WVl6OTRQVFpMVTB4eFYzQlFhblJhUkVwRU1EVmpSWEpKY0U5YWEwRlRNVEpGYXpWVldGcEJhVmhsVFVRbE1rWWxNa1pySlRORUptTTlObUV5WlZaaGNGUXphMVZUWkVKVlNYTm9kREpvYjBkNmEwRjRXVkZuZW1OMll5VXlSa2QwYm5CNlNXRlJNbmREUm1STmRHSXpkR3B5UXlVeVJrRnVWbEZsV25oV1lVdFFhMHd3YUZoVVNUTk9ZVlY2VEdwNVMxUktja1p2WnpZd1NuRnZjVkpwWTNkb1VuSjFOME5wZUdkNk9EY3hSMU5wUkhwbk1FWm1PVXh1WjJoM2NYTklOekZTWTFGdU1FbGtSRkJUZUVwek5VOVpVU1V6UkNVelJDWmxQVEFtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTJFbE1tWWxNbVozZDNjdGMzVndjRzl5ZEMxa2IzZHViRzloWkhNdWMyOXVlVzF2WW1sc1pTNWpiMjBsTW1aVGIyWjBkMkZ5WlNVeU5USXdSRzkzYm14dllXUnpKVEptV0hCbGNtbGhKVEkxTWpCRGIyMXdZVzVwYjI0bE1tWlljR1Z5YVdGRGIyMXdZVzVwYjI0dVpYaGxKbVJ2ZDI1c2IyRmtRWE05V0hCbGNtbGhMVU52YlhCaGJtbHZiaTB5TkRNeU15MWtjQzVsZUdVPQ==

http://www.tagtowerscapital.com/WVl6OTRQVVEyU0ZvbE1rWnVUazFaTVd0MUpUSkdNRzQ0YmxodFFqTlBkV2tsTWtKQ2RtZGpObHBsVEdVMVZGZEVaMlpWVEhjbE0wUW1ZejE0VkVKVmRVb3pUbTl4VkhCMUpUSkNlVGRVZEhOWFNtNVBOM1ZJWTBWQldra3lTVkF5Y1ZKb01VOWliMlpyVUdNMU0wUXpZemxuYm1sWWQyOW1jblZOWnpVd1lqUjNkRk52Y1VZNFprdHVORVI1UmpsVEpUSkNjMGwxYm1weVdFNVpVamhLTlhCaWRIUXdVbFEzZDBKek1rYzJjV05QTnpsVE4yMXFWRzlXVWpacFNISTNkMGRIYlRocU1rWmlNRkJGY201V05rNHdkemhuSlRORUpUTkVKbVU5TUNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVellTVXlaaVV5Wm5kM2R5MXpkWEJ3YjNKMExXUnZkMjVzYjJGa2N5NXpiMjU1Ylc5aWFXeGxMbU52YlNVeVpsTnZablIzWVhKbEpUSTFNakJFYjNkdWJHOWhaSE1sTW1aWWNHVnlhV0VsTWpVeU1FTnZiWEJoYm1sdmJpVXlabGh3WlhKcFlVTnZiWEJoYm1sdmJpNWxlR1VtWkc5M2JteHZZV1JCY3oxWWNHVnlhV0V0UTI5dGNHRnVhVzl1TFRJME16SXpMV1J3TG1WNFpRPT0=

http://www.grabappsdownloads.com/WVl6OTRQWFJYTjNveVprMHpOVFI2YUVwRVlrMVZPVmQyV0hKcWJrRXdVMHBJZGpaR1l6Wk9PRlJ0UVdWNE5VMGxNMFFtWXoxUmNVcGtaR1pGWm5Od2RtcDBTRzVxVlZKdlYxZFBTakJaVEdaUFpXVllSRnBNU2xBNGRXMUNObUZGV21SWFFuSkRVRmRNUlZOVVVrUnRka0owYnpWck5taFBjbTFaU21zMFYycEJSVEZsV1RnMWNVZElObTVXYm5WR1pYbGtaMHhyZDBod2VEVnhWbk5DV1ZKbE0wOU1NR1UwZWpkbmIyTkxUWE56YWpGS1J6WlZhVnB0TkdGbGRUTmhOa2t4VlcxUUpUSkdUM3B3WnlVelJDVXpSQ1psUFRBbVptRnNiR0poWTJ0ZmRYSnNQV2gwZEhBbE0yRWxNbVlsTW1aM2QzY3RjM1Z3Y0c5eWRDMWtiM2R1Ykc5aFpITXVjMjl1ZVcxdlltbHNaUzVqYjIwbE1tWlRiMlowZDJGeVpTVXlOVEl3Ukc5M2JteHZZV1J6SlRKbVdIQmxjbWxoSlRJMU1qQkRiMjF3WVc1cGIyNGxNbVpZY0dWeWFXRkRiMjF3WVc1cGIyNHVaWGhsSm1SdmQyNXNiMkZrUVhNOVdIQmxjbWxoTFVOdmJYQmhibWx2YmkweU5ETXlNeTFrY0M1bGVHVT0=

Remove xperia-companion-24323-dp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.