» icreinstall_stremio_setup.exe
Overview
Analysis
File Details
Downloads (72)
Network (2)

icreinstall_stremio_setup.exe

Pekodol

Quality Funnel (Alpha Criteria Ltd.)

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_stremio_setup.exe, “Pekodol Setup ” by Quality Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

Publisher:

Gagokopom (signed by Quality Funnel (Alpha Criteria Ltd.))

Product:

Pekodol

Description:

Pekodol Setup

Version:

5.8.4.7

MD5:

1e69df098561a0e065fec0097d659a48

SHA-1:

6cbcfaf59144f6817bc6e9894e685f6488a3c594

SHA-256:

96d7e7b490d8cf5c19263f86fa2014cff37d9acb48547f741175b29839709903

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/15/2024 10:28:44 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC.Installer (M)

16.7.7.11

File size:

1.1 MB (1,132,304 bytes)

Product version:

4.1

Software stub

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_stremio_setup.exe

Digital Signature

Signed by:

Quality Funnel (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 5:30:27 AM

Valid to:

8/4/2016 8:03:40 AM

Subject:

CN=Quality Funnel (Alpha Criteria Ltd.), O=Quality Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121375EF70E495146E71E4ED38C778E06A7

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:TFVT8wkrShz+t/jzk4dODDDScynVhdiEjguUmFs6tkeO:hCw+Ph2X8VhrZVO

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.8862

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file icreinstall_stremio_setup.exe has been seen being distributed by the following 50 URLs.

http://www.stockdeliveryapplication.com/c?x=4uQpW1uqQmnWNQXyaNNYVH1f4ovmU5Sz006EnwqWq M=&c=gUzBZ9 X0g7f4AZV7PNw oSsQxqc7O6OupW6pBprWoar/17I3Oaq/OUK3ruBSVYSiI9uU6ad8fQTQyW3pK8XABNakIcnjd5PLf66bXDSl2BKLrDCU2P7qUgyWMyGZr/BR6QjGA/vUO9RkewASRur4sSXWIzoQ3rb4jecTIuH2eo=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=DWDx5zHDFznUZiq0RfxpaWovu jCc6R9wFL7zPtIMhE=&c=8qlLt8Jz3kSuO1iblq9ZAcknCjgk28ECkvkdaVzFUJj0clAbpZ/240 zK/n8c8t64lTjxwbPRAbHJPtiVN/R1SHBley0ER2EUZd0Jg5emfOfZr7SWkrC6UM0784KYGZsJKbxsXRlZ2F/zW6ggNy33tPs 78ZTzwR5Nvt6vxQ5O4=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=YyweRGBges1bQdbkI5sxSlXnkh0VIc3QGCydSxlU5Uc=&c=38ySgzMA2aCwbqeMNWPybvjKdsG9qCKvUruzDtKQ AA4s/77ni20viVRzr5DLjzUrp3gvbclhkqspCTkB1PmQPDr/sbiyogQWRltSaIZtP2MOBZIYoV2E4UkHkERjYCYCxwl/MhylvNqTWsGYmiq1WS162DJqYDKP1aXOvZDxbc=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=MdOHLcbOAA0BJ5goeuDJdWx9au3L8OcbBOAwXMuAcqY=&c=tGpto2XHJ gx/7nVG4kOZiHy cTgeRXSEXugbDnDr82YMgXshsE8QTGkbCQ53WLMizD uQ5Co2CMicizdAnh1ydh2ZpYow96kHYlQKV7v MIR07ra2Yc7BwyQwycmf5dORTjNoNn4ZSCiCKVlG7jPOAEgbEJ5X72K4UokzqrYcU=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=wXRNc2tsrRs0lGA7xBcf4Z86k0crIVQrL6Dp/I9Pw0k=&c=VF6IWpqYiyH2AoRmkTkR pfzrSlrHNs71LyQZCulPxBZTS78YEgeHSKC/r60rwAFj JaHA3MBIm57YfiXR0X3vo29FrBfAZBxWTQ7OwNWQC2kZStHlQ0sLSMvcS8NUuTGM1HVbV3VW7DGqgoYw2NtesHv51k15cMkRyyyeRXUFw=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=JeFwE4Kqsl9yDZimNYVtp26oAZ7rwQbbYfwtsTvboBk=&c=XimzmvgTQFyAOGs6kd7R6kPstMLsWBlmyNe4sFKUNVWYzfuiUBCZY/YFzHzVrMXrnqEQIuUWeWW9Mk4z9aGSGivJgmhvI2Z4WYc3vdagJUg726O9BMozvDGejoG/YRoxvJ2fkMfXvLAUKuZ wsCvh8K01fzjidoZEbxe6q8 Wo8=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=D1bhBp nTN71QMl/dDXT4mKOcmoeg/GvLxOLJ/zmQKE=&c=t6RBOGFH3XeAiixVMIEOmPg5dwCdmq1JMFIqL4C7qwYha1C2TexIC2C3h4O1yb1RmpaxutamtW4ebSEEiblwQGdHlARJNwUh/2U9mjckAShBavNb55Pi5c20abAkY/ntHMReBfC Ue2r20U1cxBpdoq/9icfDgQbkhOItEoncwY=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=JnlVBPdSWiOpw vlO8mDHTOB2x b0lVJRWRpBxCw4GY=&c=C5fRzya3H0NIUjaSIbQRDTYib5DuqD2kwrTgAuWImjIad5TPTD9rKhEYmQOB8CnPk23FnBL 7IrjrX1Tm7yg9HyJiSqXGXfl7vz/Oq/zVPgw45Io70 IqO6DCNOxwBIXCKaCqsiOD1U8Em284OMvzVRaflSoUGOL/ tjnbOL5cU=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=ajjjW6gzSFm8lUmqhDnabHCyTtnaRCUF9jFFPPp1J4E=&c=f/C0xvpJvda9/KHCLB/zt60uAn7PBn28FyiQGqs8/vXNToeGb3GqE c4Ul7cwlUFoLkOXN9woTtxoDLOzO cn7PLr7x0TbCNN Xxq1seLSnRDyPGUCKsQl/lt2YtHYu7X0YH9WMzwdyeivsoJPCXtwO6yLeCjUISomagdmaZS1Y=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.downloadstowersguard.com/c?x=7qPV1vnffMzDzjTkvHpOOW9rJKCBxvwZAiSkXCCGQyk=&c=aBSs3KqYkrIBxdIArb8isl8jwZtJ2XBA UVA4BpW3LEXxg4eVOh3RP/1TRMyuKzJB2ovTx0Cwt7ANTKbli3WXr5Oib41hVbaqKSiTMqyJiyJFh/QoR UPvTM/S6znYbJk/dvDYva71KRiYDHEzfkC1gqixRskx9 L6apSlM0dhs=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.5.10.exe

http://www.stockdeliveryapplication.com/c?x=8fke8wR0EXeWu7iqLe8k11VwO/gYgAHm5 NWjwmzweQ=&c=S4fgbOGYDd2qNp9 O35S4Jt29fidQqR08/PHW3WQlcGlY4NxOObLRwGuoeFayrpy/AroN 3jq69PuNVwXVhaJ7uqvIsREyHTUwzUGH 3rwBHcIttblnFzM9nwrTJu0X9lDK9ji1oCJaEDNpsPW7 mwNdQq2HTtNA4DLnAr2djhQ=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=tUlFR6DJSe6tCnSuSDTR8mnS4onOMOL6nubkmjx2dPo=&c=l99D26X83kdq arvpJYBMdQu4Kt lWAoFCwQbmRnbBAkRK54iBfSNmklW2V2/ouLjkZGdyQPT0DJOHhl9XNUxXd2A5qPxoVSiqB39MMpmWXjkupPuO9ZKf1ia62WtKf9iFIC25qWJLRZX0EaMK5tn wNkU2pWMqFWdly7v1/cDk=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=ZHzPJshVpEAhnwjPO8shdg/044Y6U6pZnMC/wreMU1E=&c=k4ElbIp0qB1S1bh82a4/pF7p sQvo2uyZedndYzgKL5sKEkBM fPPW3e16195Wyhr3gydOw1Saq0sO1GduZxbNx3ikuj97tEVtcx0HlPLtqhxgPft1tQiuiruB3PY68/DR 04XAPxOwkD0mhrRvyDmVq4CKXZTUWagbaVcVBZJI=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

https://api.asm.skype.com/v1/objects/0-weu-d3-0dcee0039bcbf85536dce71e9258ac62/.../original

http://www.stockdeliveryapplication.com/c?x=gFWTeZc4rEJ53RqHS lKcH6a0N/NmnQqM4SMb4BPdOQ=&c=hHK5Ef3RO/nn62 tyj39rfrWAYtCJLhkiLfyL1YE18GNBKne5pW5VKr 8X1njTY1jE aub22emKzfCpS5aR8CViMU5S/G7CTx7UPzvpvW A3ljELMtJe9KThud9akg6sZqNaC3lHwDjNklI duofN4JknGzdLa2CMVY0pVJ9BuA=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=iV7SYPiOLB5cSP2bFhTdVoW3qc/PI3Iwol8BM/FBQKs=&c=HGU0ztpll7RJt/TsXMM6d/7tLDjBmFB2l/oDb6WIee9MGbF6rmkzLc0YCe5Kp9v7Q3GhGlNYPUfu59t5tg/r0O4RD gRdviK3kmqPH668oZBSnfcqlpp28VbPse/qrgl3HYOHcnPHugscahAeBblXZrl9x9i2XfHl6dwJub/ENw=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=PEn7yXy9NcN8 HMMTjCF1eRmQSfS9jc5PwfAKb vhSw=&c=R0XvmUK cfltGF0R8TTpV9stGvB/xn6RvzvEwRYu0PftbMQtcKh9Tb2IMXc/VIQG0Nd/WFsE/GLO3bsFmHcQ1way4z04V sKCqI dlx64AgAadtgB72HwFbVEnmQO9Jzp2X5ar8vLRtqLdC3s5ctPhDupBLSQ3X4OPExJpLd8Hs=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=qzQVlgupykb99yg8VNoLTBRmQveeHhA1kt5vjeijqng=&c=7nE1xLWfiPencAvR4AAGPS2 4WWqgjqupp18J IbAQXyqy4hTjhcw1flW9RrgwhvyTiXrO7JQMLaNEkx7v9M2bp9Exfk9grVb/ 7ebM3dMejWeq9ffDI3xEE9i/N8Gib7BR72Np9jEYU97q8M9UKb92S2KAOUeELkhoomTsk2JQ=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=ebbqamWIQeFrwS7HDJy14B2bAFiYn9ucbe2CkFHGFG8=&c=rRgtgOC3IMcHMCxaaIDRqJSKuq59tZcbK/FtiT0SMSo053pBZlVPR1CmG UJcoaKNoJ/rMBXQQ644gION9n1zu8hltPlDLWebLcj3LdIp8AFGFVIkxMrL p QYj2hlQMo9WD1MiRqtbUIwYvQkfe5N5uUzFTDcab03KFOQvOJrE=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=8ojEt9n1eC5R BVEJhLTlC RP4Yj7q84iDFSWk9Tn0Y=&c=V2Nc6TThM6PN181q8dqTrloTDhySB36fCgfX0gmZUY/lgPQfg4Gkn5S22dRP D1Wv7fH3dR7qfWeuFSnOPdDLY5Hq jc/yYaE/TWLy/pu1ImP1uVkqAJXDkJJC3i1RMPPjsiocMjaEJLFJGt8jghS6g72btJJqO/dAzMevA3BU=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=KnLsAdyncUBQyMXG3X1IEyI54JEUhDwgGnEl7N2n/WY=&c=HNBIJAghwWgFsfdtt57G0wDZh/blb1/gFGjNcogpiwoJ2GIG9WBeyFzb7Jsca1P1d75njEuMQ3rpVPI7D3lXmUZVqotGw4UyVuRQ4yuF6A/tDEKVaeKnlOZWFDk/SsPS61g7Hpv6Z9GPDzZFz/cATCcYGtqZdZYrbZnxA 2kd18=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=FuvT/Vu73vNeS1hsdi8JhzVym/3m/IB4FY1tbE4Gza8=&c=l6UMWMIzj1LixVf28gCnF/GseT8pzJXopfM2x5XnlWE6GcrYtc8MSUUf47BI3nls/i/Udq5hxMOoNI7nHXvMyiPayql3ndBw6p3bVsOQRdxJHwBcj04wANp6mi8Krgwav5FDbbSRcAcvK7kGLWSwhXHGNV8ThRFUN8FuBAgvmWM=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=058T7KN Rl64 tIgdySyMoRt8Y7 hCQe1ZFvCfN5ojk=&c=2CnokNXT1bo2nyX4nBdxNrP5u1nolFvHe qmfHQuLwkPqv1srHSKz610WV96O/9TYVz/5Es8uSTQ3hUtC/53IKL7RF4mhrcLvE/L68cJCN5rHvW5bjnoE5Ya/Pc29N7wIs64QvycGQG4UXtj9le4wQQ29JiiguIKacdps5xHG3Y=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=NMyLGVbMQGDGcBTc9Sqg rcobxsUtHINxbOmS4OioQs=&c=gve0exdzJiQus4oNM0zt8slg023OFm7O7wVULt YIOhzBuT5LvXKP/4mOUJzip9yyXWf IZgmkWDXPnR21sELgVd9MKmuryau6IMtqJWViQygcHPPGNW5sdhYsAUiXN KOfVGsiGQj4xzsHfeP1xG7scBjiaRXGZglswMrDqMZA=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=9tq6Y4NbbmardH85kNLa7E3E4oHeeIOR1H6P9VUpvxU=&c=9ewS55eq8tr1QLKWe5vxcsfZJMoxGzdvLjSP5RWdDjb/Q2U7uEDHz9W9TRppM7d99d8VaSfdUM2nuDrRsKJw ocJBhZq4kI/2uz6n9VE0VaYDaGm3/ZUtMClpK6/iO97N32Y23iJSx7Ys 6f2Lg35b9beKtgpUO/qwVMBHqUYiM=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=d71mnFLZXGbsXCAtBeQDkC11UUdmU2y6jyY7STGUOHs=&c=wOQjCWXFaz7RJKGkgXg/4QmlTlPFSAMoJJafzzvpeta0fxekuhRcvov1GYlK97nFOrGQJVx00vLcvpFfA0B3CjZ9NnG5N4818ll8eQ dmUGL03mUtT7o1alIA2A8Wnesjt sq3AvxBkxO8BECLNbnX1Hx/ sK9hyFVkN3v8pxV8=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=crPw/xRyZwX8 HZH2Kgz5gvtqDgSqXvb4xKm/iaQzww=&c=rLvWNo/sYlni0NLmNTQ0KC2ReCdW0kkP8pJEBq0eSjpVN3VxfYbcrdw6v eIMqD50GjWptetRvQV/64c4fcZcHBMzIy6/wS36/2S9nCqOOJdw/rqyOA7L2tqODXxDvvsbHqj5ZyfFvWtAkH4zhdHtr/VeQXE CPQ7Uu88Nuqebg=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=wn4LRu5sbBWklg1HmSwTCeYCyI oAgcUrdfN5ZST9Lc=&c=DP2MnRAhtlSftGd1hpwS55aT2R/iSKXMxeQOlxo5M7F2ZOtwF5UeqJxRCYizXPMgTnSJ24c9A72t061ODGZOSoa4z6VqLwSs9kbD73zgvq8ZcYHl61RVzC7vWwRI0VaIUAtmXoZHn7S8zIBDhkg66mfQ6O92KyXid6/qUM8 Y48=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x=tQM9DAnYJPtt9aKEtOLbMLaidhASB4mZD6/0e3xz884=&c=kOqV9hg2/IWxxt68UybCd8FiG8Z9jzwqRXpReDSB85S2brNAUmjGWAI6O0iAdB/XHYc9ukgtcGJOYr sKSMtQPT5Qnf6awhAH7UrnrF7ToT/nluHGocRS2GD2omFjaxYc4/BuFTxI05erN/opvlNhiL7Qv9jpAcm6mNLtHhR2s8=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.stockdeliveryapplication.com/c?x= xx1w0rya9PH20wFF nQuQiQZ 3ZrKVX2p2wS5CQQMc=&c=gxeAZE6TO2rRIsXfVo11h9cLzrf2J0xGeYCWrZYoeDqQynViqN/i43O5D7JW x8aH 14jEADtzxWWYDtok4qGF1a2xU6OYpeHcZZZyiwhF6SHZkeoWqtoylV0TKVDvWzaNc9nYjr qernTGNrB3y9dtT7Qxv8QncmbEN29vjasE=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

Latest 30 of 72 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

Remove icreinstall_stremio_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.