» stremio_download_manager.exe
Overview
Analysis
File Details
Downloads (57)

stremio_download_manager.exe

Mira

Quality Funnel (Alpha Criteria Ltd.)

The application stremio_download_manager.exe, “Mira Setup ” by Quality Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.heartfarmapps.com and multiple other hosts.

File name:

Publisher:

Quality Funnel (Alpha Criteria Ltd.) (signed and verified)

Product:

Mira

Description:

Mira Setup

Version:

2.5.4.7

MD5:

784b31a880f11e8e5a1968773bd41601

SHA-1:

0095d7ede1c730507cbd82835fe86a1f83ce28dc

SHA-256:

6aefc7aca9d886a7ebdbaf0fd0c84f0d82f1a783b5cd00ff62caf0458efe54a3

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/15/2024 10:46:15 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.7.24.12

File size:

1.1 MB (1,130,776 bytes)

Product version:

2.5.2

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\stremio_download_manager.exe

Digital Signature

Signed by:

Quality Funnel (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 2:30:27 PM

Valid to:

8/4/2016 4:03:40 PM

Subject:

CN=Quality Funnel (Alpha Criteria Ltd.), O=Quality Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121375EF70E495146E71E4ED38C778E06A7

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:sKZrAwUR/laJQx/m5W6adb+dh0QfyALH++vxM+aUeOmmFs6tkeu:9LU/aJQxOKsVfyALH++5M+h9zVu

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.8896

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file stremio_download_manager.exe has been seen being distributed by the following 50 URLs.

http://www.heartfarmapps.com/c?x=zdl1HWjMUXYFEdp48arn9oxtQ9zb53DhehSNqO b3yw=&c=DdxcbZ8hBN9eAhFMItcx6F0Alv3Lm4/DDDVN9QVfZSLHocoWFM/.../sq9FgV4KsgNd8=

http://www.heartfarmapps.com/c?x=YQ24nnRhrTYoO K6G4v86Evm2IK8t92Cq7aRjOwU1Sk=&c=SpmIpZp3qRo5pvI7ZCmZOaHXAq1opFGHIAHjJUKzgGoERs1ecYh92v81OyAxh3dgwxf7vIvEeFLv1PhyEqDsPayvrDVmhdp6QhBlp4QT3ZiaOuRyQkcCKok2S60Q43TLC3a0GMmXtyDsdEv5g3jJ1lTbxmWTtJQfF q6gUT ewY=

http://www.heartfarmapps.com/c?x=kW6z00yAxhB8mU6NF8H6RZ1cWptyzIWHWjsvk5UrpN4=&c=gIDB2vMlGUARXqBpFMhRl7ZJFEiXB0JLYGHtPxU9KAAYYdJC/rRFPjdEiMDU2TgB8Jmlo8HGgbIOzVIKP/.../jdPND2JCeWb6KPZDxN1zbzbJ4bJCloK13ls2ZA=

http://www.heartfarmapps.com/c?x=p1BaFH07vVCRap6yQFQFiUrq3HM T Ijqk5fUIZ7qHs=&c=jdj46OppAmsO9YBw96MGI2ScCMlNvDWcPx/to2PUSX4NAVwpZ2z8P2SlDxBC6 mnXnCZG4r1aJ/.../ZynwmY9afdnsUSIM7zL0KjGRnMNIttM=

http://www.heartfarmapps.com/c?x=8atoMvy4/dIrIkf/5EY AjPyAAu/SQTo8nSsqUxNnts=&c=MbB2V48adtn7DpIhYgB2vx9x3274RXIeD3/0I8GgAM8rgv4nD5Fx/9a2j7do8EtvcSVl9Oi5DmLh9H6ZRRsegxXHw4z/.../3GeQpVTQaXGxJBDSKiQSwJrP3znt5SsVuUhX78MZ3RZjWquPzLWtI1CksPK7w8Oqw=

http://www.heartfarmapps.com/c?x=lU667YYaHeZspsEpE6i2WOTbvHtfYFZOFPtYUoGndWA=&c=1YRyFlkdkbXWYYV6hy0/FpH0ao0C2eov5/gnZH/.../0AIXLLrSAzzDiyqR9 D95Z YzbECGNr21m363i35OFzVOQ0rk=

http://www.heartfarmapps.com/c?x=QSl1G81lR28AvR6gueJHQDkZXpsgnyPlmm15O0J/DYY=&c=O9GIruWAG4KuflXEzN/JGx2eW4g7R/.../uUONhWfwDGUOB1i9Yu81IIkIkKuNFvnzaqt2bXuzdy1lVQG s1P57hxDvzyxqwn00JcextoJUA8=

http://www.heartfarmapps.com/c?x=Id86pfS8j25UE of5vBZ3i8Z/.../Kki3rwvjZ9 9w0K3H3zG 8DNLiV6RYyCaGmd1fW7VrA6eEzG7vp0JDVLs=

http://www.heartfarmapps.com/c?x=uEFOVfuiRANrhPFCSZXXVN5GZq48GV2EfyDk7IJzMFM=&c=azQ3MZsTF/.../4R1Xu5VrNuC77U=

http://www.heartfarmapps.com/c?x=AIyLwPcCNWJ29c7IArrOkfpBaMT5H0XXxRjf839cx2I=&c=ATHrqWhYXk5UZawq0jBpohPZ/cYwdo0obKZDPp2lySMwVFKb28AjmNJSBzlcvn5a8FTPNjZlzdsqd8sIcxZrwAacSGcWAYCR/.../dqnkCfiBzx5KTihXZLn4jIojY6OM7ZsD6dnD3OWG5xZlUejAFzcWHQjHcgnnU=

http://www.heartfarmapps.com/c?x=UWX3vt61C4vYdcudm7R5/B8OLLRcEsetpqvDA4xpj7M=&c=J7ic6MmZJiQJLr9OdpF1Yz2IpTi82f3ajHsNDnyADQU0trFrHVxfx8HT5Ck7/.../9Grh3xfe1Ab5PLFWwRBgRpG0AbkpnzKDmvGrqkS2ZuhBolaHjugrJcgqozkYfDkICrEryyTjD c3PJVuc=

http://www.heartfarmapps.com/c?x=IfSY7BCFiRaU6h8 ti9D4DnEighw4MrVarKMCg/fVbM=&c=Xi1kM0pjN9DO YSPBMRI7hN9LWBh E7GBpI5GLtUQIfT4b/tTUzCMs/.../LWaQo9knpgJgrxRWHDsuLA3BmMuq67QRWCdeIPpE2 Dj UZOl7OVyHJPgEouwiETROiMfZgmV6ZExFVgA0LtZgj0tW1DPWI6kY=

http://www.heartfarmapps.com/c?x=PI2 562rnI2Y4GLxUFSgZhtstrGT97Awy5S2388gdpU=&c=lPWpqaDDecxXUQyCxHZAGP0VGRiY48tq 0beDGdc49xdzuZNC4p6RE7gcPelvOAzAbqP1NBZALs0oPeg3I2Ti4EE/.../cJy8N6s682n9R55j QjYWmTL4jy3Y=

http://www.heartfarmapps.com/c?x=jcflg5KmytKDcvbSPJRcNM9Ah2zi72yhioPK2oFZn8w=&c=Cfc9kWUWMXfEan0DZJMGRypnK5 ydhOCpn2cpm0svJsd0TDHG9gl1bcEmXOrAetJqlh22q6uMwZAkjVL8Wwn/.../msxsfE1tG1g9edDIFdpMa e7QXsZnr2ZM48fvAV1m9q5KuPtRlJKamVrya1bns3 Pd9YlTE=

http://www.heartfarmapps.com/c?x=ocsDwhLlHqEuZCFmew6asrmvNpDauSRIDk3OuajO4Zo=&c= AdaLVPsaNFWXi6Iu57Q YBm6ITcEc71Ie6O/qOhB2v/ctgKxxfTkARJAf2/iw4cmvA6LyN61VG8k/hYPdzJX9DDDewJDvVlTi/r3G9LnCrv1oR/.../UfRGWlz17qI5Dpcb05o41tpaYuu0T0KMt82Xu555dASrMhx2Qkccsmk=

http://www.heartfarmapps.com/c?x=BPk48TstZtI 1Bo/Aix0dlNmFhhmtsvmg//x9Q4BJ/.../kHsuGiLXo5KdA5ktZv2O67gTkqE4q4W6sn4wkWwa0iewwycEUgYKWJsTZg7CEwFDRbnm64C9VrDoOcxocWiXdjHBeobR OzMvfJH5EyRWtqSTiSv1P1WrFp0ukUoLMfLtAXSV4wTf7aE7DE=

http://www.heartfarmapps.com/c?x=MP uigUnfdlpRPhYPf2j2U/2P1BrvWYUbAHov93Tl0=&c=YkHUbUk7XSJxja9Ujnngg7LciWmU/pvdF nIdkRUr6HWmMogy0XBb/.../yR0Q55s=

http://www.heartfarmapps.com/c?x=le7Y2u7KCjYtaeEusB4OScJvKKGtmPa6JTrS5mKijTA=&c=riFfURx0dE8hsEiiXO3aX8o7Rh8VA H5vofEi8MLI52Sg5iAva55vXkJ3a3vomZVtVVDyAKOCJ4CPw585DI0glzN21Cw3zvfnShmiMmRRcswVKZtS zApc71936x7ZqdbMmftrtwnUy2KitwPun7BPFgxS3ljKLkheiMISaTxGc=

http://www.heartfarmapps.com/c?x=cAEp7Ok1i3NCtQqlu0LXUFJOBN2wNP85MtIiUQbnj/.../sKoHUItfp930FfcnLIfcxG8IZgdGVmg2s3p9Cp7nQjYEmtlxk=

http://www.heartfarmapps.com/.../ wQsNvJa7XbZAuvlnxJUSHxBnHvK5L1LLRQ=

http://www.heartfarmapps.com/c?x=KwD7tyrEVSpzZiP9k/.../vIpoCUOy0XRiOik3dyXYeoQEzm0uLeYjW3d8cV7Ivao=

http://www.heartfarmapps.com/c?x=TpzucYIOtC5rdcjins1LuWD0IcZpYObh9T99/pXq9hY=&c=2OHRss834mnOoskXv6lo7sULDy6yP95hGALHmtcI/qGISijHX/8HbLRnvVYrbQfBt/olPF1Pl9DO1nCGyHjEzyn2mq626Pcw45mz9pTTR/.../patC43sv9LtGLqEoWRw=

http://www.heartfarmapps.com/c?x=u64eFNkrSFnOZV/z8OwM9SvFVhwpjcge06reierptPA=&c=wKfSqYolV5DqkBUTczSwVxvF1yvk1RIpzhoTfHMkB7zOluSd7CdCaAHqBYGzKwK9rXQ5wbZXNllzg/qfCXx/.../VID7Ul3caTrCmFl1KL0=

http://www.heartfarmapps.com/c?x=bCYvosizFtb7g5PUl5WX4uPwF v/34LVAKX7/wbK8eU=&c=5tyhCNMnNaWntucvi TuOxNR8RVZRTX3V0oQio46HNpX546zuTfY46iauMgte8 CpS4enHti93lEPHVlaRX/i0u9p STjFFhPGdts/koQ9yXhU84ccN/zYj7pzpVOLribvYq/PIxK8 IqwEXfzeTWWvt7foEW X67/.../5E=

http://www.heartfarmapps.com/.../tsZvkOAJe0XAIqLvO6qGa2BrlpXNajxUZ6yLqjGS0mHczwMbwEiRcNJNCDNSwc1iaNMAClMbh723HS2lZlXOG4JBELPn svYRR1qPJf8WQ4 T4u7rwabNz4=

http://www.heartfarmapps.com/c?x=oS0bnynG9kC lOYHkdAOBRIqmmpXGNzEcTV3t/.../aiaZwJXRRcVBWzne5YC tgTDAzbUnPEXyy8YMRXJtczhHxfVMNbXlLCTI9 EUF94etVJax709 fG8cHVRQarqgHEIEgCSyxF65AD1dy5dhV0H0oIsNJhLkR6NTWdrZ4p0d5jlYZvqwuRIZT99VHNiRcEGOc=

http://www.heartfarmapps.com/c?x=nVcibvoitQcRhUs02W8gEIXK7aGl30vT5xPdQMmXOv4=&c=0vtmsgn9vC165t5ezc7T41jvLiseJcLHoeR84d0FTRuvOwtghtbpoAJFHKdCFAcgdxM23I6/.../94HuHb8=

http://www.heartfarmapps.com/c?x=Sp9QUXHwi6wc7PHFLtrpYF3q5/Zo306SxTSvBuJwcFM=&c=RgcfUEdfCKP5FT08uNaCOp1ahq5WCn/9EPRdkovQK4qkIOERLOhxDYlh059lqsUNdv8vfpJyBL/.../VulGOBvOtBH5IZDlk3fOp38sJvqhirjKUxCxaa2DKPDogX7qzWlACWs8ZCFc=

http://www.heartfarmapps.com/c?x=w5smXwo5nafKehLfqyPScvm2USO1onIobg1tJ5ZGxHM=&c=hLWrlGCnAngiXHFBY52Q6qe42D/qtrTYOYP/.../fsm9iaqfR20Wp 7v2jYuoMpgh4WbiY7UNtriqqT8q2oV8i0hAdl1kRMxq8bDANWrU=

http://www.heartfarmapps.com/c?x=KhSLyhcrxK3J46N1f2rSiYyLACI0RwSZynf KJCfgWk=&c=hDG lTG0QaOztJKFJiTuHn9wcLhlZsdRi6E Miknc6bPnIXXB/.../9BONSZMDTR7N9Dk3ey2YAd22GcGjgRv7nyn0g276C8tCg3RhFXcJLou0oXHxtOwFkW9N0BNw0PCXIWQRM=

Latest 30 of 57 download URLs

Remove stremio_download_manager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.