» stremio_download_manager.exe
Overview
Analysis
File Details
Downloads (37)

stremio_download_manager.exe

Nibalo

Quality Funnel (Alpha Criteria Ltd.)

The application stremio_download_manager.exe, “Nibalo Setup ” by Quality Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.heartfarmapps.com and multiple other hosts.

File name:

Publisher:

Quality Funnel (Alpha Criteria Ltd.) (signed and verified)

Product:

Nibalo

Description:

Nibalo Setup

MD5:

c053080d023983fbf5a43d3cb4469150

SHA-1:

34f80edb78aeb21115e656759b2dcf8ee2a1ca57

SHA-256:

9f4fa755d86245458233583efe887b0ab09c73b7072e9884a589a21e7a722d84

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/15/2024 10:22:42 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.7.30.19

File size:

1.1 MB (1,135,600 bytes)

Product version:

1.6.7

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\stremio_download_manager.exe

Digital Signature

Signed by:

Quality Funnel (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 7:00:27 PM

Valid to:

8/4/2016 8:33:40 PM

Subject:

CN=Quality Funnel (Alpha Criteria Ltd.), O=Quality Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121375EF70E495146E71E4ED38C778E06A7

File PE Metadata

Compilation timestamp:

6/20/1992 3:52:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:+AX1MeEJOCyio17aymQbJrlTx84+l+LsH/kCsItE:+E1oii+ay7Jp+4sGasqE

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.8903

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file stremio_download_manager.exe has been seen being distributed by the following 37 URLs.

http://www.heartfarmapps.com/c?x=jaY9TDmaS6ZXRlS4eq9pO80o/mKtPVMvNEoUlJtQEYA=&c=8OXzUOxJ AqhPjYHr/GrzQXMqwU745bhuD8qEJO7zTg5erSY0mgC Jwyh5fKiBwmQz9/.../tUUkoyJs3pAswRLeQ8Mf9IjU=

http://www.heartfarmapps.com/c?x=SYDq 8YkZalqONpW073JASqkSxyLY/rMR2JgZWBVJA8=&c=3F hxeYlisbXH U7CkZ8fJLopGiigJyW1/2CuIBPq4 pledsvi5CEUrqt2SyqHiXflEmpPT8tPIGuShtLsJaCVhrH6nAzMCEWD/.../7Vvgrcv5cQWLsTtnZROzI7F3XokqKglMr96UApUkOppJO0eSRH5eCZeJU8=

http://www.heartfarmapps.com/c?x=hCbOl2kwjoEVqVztadBJdLqei1IH1bAa/.../vE4I8Ih3093lb5JiNmsqIA3j0xtc8hMEP1KjImA=

http://www.heartfarmapps.com/.../nQxAdYinlUI7LYGAyBg5sXSyBNsR4h rKh93GFfasVwV5Six6kLFvpVLCAK3UqSA84fV4psXMgcxz9GhM7ORBayC5DpqzLhRgI3yfTwIsaBSbUr6zGUL7Yg17Mw=

http://www.heartfarmapps.com/c?x=tFVl0BVrMNJ25vLjGWnZhYgDifZVzCMXWjH66YKkewg=&c=drunLZ2kX96AmhP6xnb3TswV1q06p6OTpmE1H1tQJTPfdr7CyY8FAZQWmg4rpc6or4tZ9OAcCIg3BdgT2uQwHNaArAMG0pzDYPxKSo mjaOFiA 8F6/.../YuydzEg Y5rJnesujaL 2Tqa6jLFAnxTTmzpI=

http://www.heartfarmapps.com/c?x=l 8WfEnhVpMN pA mUtUn8kg/.../Vo791JJYGObW39TJaHUJlx3i1JzovlE0ZsDVH3WTuSw2rHWDJAkAA1dE=

http://www.heartfarmapps.com/.../p5fFkqEzBzA8j0QJxQ81JJ7U9WdkypSmtEzW31OHRpb5f5Q41NtoQjcoSr4wF6YWQ2OyT06WHqul11Xx1exLpwh9tuboMT7LCNDlzDx4IOUawW444iv0JF9sxZNU66 sxt9WYzwE=

http://www.heartfarmapps.com/c?x=j7O5VvMQVVGDBIPJp7V370RSbNAhGk5oV7XLOANYgm8=&c=jdhXr0/L5iI63cnz5XO76zEExdfAS1yaGR4exV/gNgTIHUnD2rtFS7XuggejdtBVF9xtYR5rD0Ud2/.../LEwRXbSVVLOEcKh717mCUVaSM0LV0SZvQQ=

http://www.heartfarmapps.com/.../GDvhU=

http://www.heartfarmapps.com/c?x=ZrjXjhYeL9w/oJ4grAxzzpoLLVRLvnuGE73ebxihjmI=&c=VVLphYr2SqBH acmMPFdRssIjNcdB21oOt7upYvID3Nnj0Cg4GtYseW09z2ZlwPAxc027l2jo OSHmz8tUBSrZJDhqOix5ILUnf7vGz4w6B7bpmx3GtCnslRJ3RqS/.../1LEMdcpbMI8CjtQNhNXp9cGaGZlJdFT JdjQ=

http://www.heartfarmapps.com/c?x=L2U6y6q0oD6iHpVxQI2Rq3rpN/N2Vwtr/.../tVLyo4Cy8fuuGIm68f13BfjXbC0szmqvfdStLTeYqk4 pRbOAfC9MVx61tUzqLDKCzSppyDQf1goyAP3zHWlg7BBcpR45WWc8lr2ud1XqzxcCW0=

http://www.heartfarmapps.com/c?x=S3O6tX9XZWYNdGsOSYv62vM4FtRUFeCOBSPxASzL0ys=&c=pPl5CCCtKnnHgC1eqjboI7XMqwmFHACZuCu3uTeOf3WVf1Niu /KYfK/SF u0YL6YxfH0DXxHfcYAx62LcJ/.../biVHYYxNFcP5R3RIrkfTiw 00OsEpHo58VE pUv9jkpRHNDMK12mUya2JZG1vts=

http://www.heartfarmapps.com/c?x=Ch8FS3qRKIehDs4nVyregE3y/S0m8TvcgBqCXphKclc=&c=SfTiKspaLujEYPEIlN9p0bmqiigvQrnu7Lb/aw0aEKAPMMul8ia2PwR/8Pke7sJIuRUJae8JsUzODMFR9QeVw0iEy14x8JktB4tW5dUQ2RU9SuS0AIBvZXm1pcy/.../m3Ydg9ysSc=

http://www.heartfarmapps.com/c?x=x3Ps7Bs4EmghXkR/1MR/eYcKTbdeGzi4H7gep4OaSKg=&c=I8CNl0jCkVB356NXixxgPAxpt2CHi2 MxVpUDzC7DXdG8omYr4NmEQFV3Cv2J7Q3 sRBoJgQ8s6HRgDULo5QUG6XwZjlxSyvq2j6fqjUXRP/0Xf2q11mI4v9ZP0/.../A81vGAik4yE=

http://www.heartfarmapps.com/c?x=0KBJzVikDmu7kVXZz7KAMQXf9EnP51Slp84braiWF50=&c=A1H5eLUZW1xrvC 7KZ5i7Qa6nYWoJytgNVzKIyU3tHgXSngBDSpuMyhbGzuz5tINTAmjW/.../iZN cFs3lKrMCuq2oGsHg9MoodD2JDMI9I BtgKxkLSJqprSbNwNlBMvpKNNx8skBXS4=

http://www.heartfarmapps.com/.../638iY9BiTeUVfUYaqEUtzprHpOscpoXmUki2fx2UuOFTEx8s=

http://www.heartfarmapps.com/c?x=2Y9mJPrtOMzu LjwOHmqHwh6vWeu1/4amlxQZHxrrSY=&c=S7FXDHOi dODLdHy6CSQYvdFw6U4O7E9h4YsS56cIqmKIgoS8AND6qKIf/Z1EJpuiljxjytgpEOi qWW2Zyd/.../8Tsdll7gl1So0eJ3GMlAfMb7qkQFWuxhMhPdcxZGRJDfznpXpmBvsqCA=

http://www.heartfarmapps.com/c?x=3tkfjE1inFWO14AVCtErU5mRfMQ 0cqYW2YK2FbsQjI=&c=zL6 GHC9Gprxm2i5oED9vsZqAbqx6a7ygS0Ymhzs 8glkpEl/7UGgjdsRYqh9yU7OM4imJe/EB763ug7If0WN2YtSpi/5htxm6GZbNRRwa8zvw3g4f2HTDKq7if/.../bABGbO3yHeq 5J9xnMMsi OYw=

http://www.heartfarmapps.com/c?x=ab1EJ8W93XscI0UKLcGjOBrKwd1XpXtYpexYlh6383A=&c=rHXspu5Z/.../kV2lcM7gI7KrgQaQ082PQ0vGHU9zljabQ8=

http://www.heartfarmapps.com/c?x= A8y2K6d R6ySe/GlaSxeGrxhXZvOlO x3vJWsG/9Os=&c=pGPBTRTMGA46eRsEm1kPknYMUNafaMLnCF3m0N4SjRRh7LX4hx2AnZUT9AC3urHx8npnFbZrF7OOkG/ONxIREFu9BUePoP8Wy5z5YjHZ6OfkNFsq4wv4oEFV 7E0R4oBM91B7RS79PgJsdyYFZM7ix39K76VJPnwocK//CYQ I=

http://strem.io/download?sid=eyJsaWQiOiJJTkVUIiwibm93IjoxNDY5OTAyODM4fQ==

http://www.heartfarmapps.com/c?x=fr3B3JwJhJcEoXH9ltZbG tX3OujzK41aDty5DIOmVs=&c=eVw0o3Mvy0/LQStZD217uUzUdPXzfC6uDjDIYlO5IopuJ/.../4wm4Rp9CKvEg9Aj0UL4K5LOBsNXfBMGFXIPg6MINqRhWqU6nLXKPKZWG3YsZjRf1uFy7qF42Lv2WYsF mBP2VPEY30Mdq3RKd7wkTQA=

http://www.heartfarmapps.com/c?x=rJCG54GiSKFABwvTCL9j8rUivNdPzmG G7J9WLM73D0=&c= tPPm oB3/SLUaFNsgK2RgLuK4LTzcJ2Anqa6U KV42HjZB1MQQ/nlbnr1WOBl/E4n0mksnr7bomw8N6cSB861DBbdhiw2fxRy/.../CPqLY1z8=

http://www.heartfarmapps.com/c?x=STsi9BABkd7ACnvHkDBpwCnyQfNL01BjXJrxaBkkFR8=&c=QpghXgOesxruwFWmpAyueJjvNDLEZJNWRzO0/v5dyv39C6PFnPx5vEEXBnJ3FBbTbPDt9drvQkQKlDD/UF/.../GUA47US1jBla PSH0VFwStR7KCL5f8xAy8fRA5RVyXrDKyOGazZFnnDTBqZ2zKrL V5e3zVQSCo=

http://www.heartfarmapps.com/c?x=3mf1bNEf5JF S43KxmiMZYN1aCet XFCVGMuTwqCVjM=&c=7j1/PjVAN7LgsbGztNVqMw4NkFscz5Gb62km7hbBdslu2Bw3N0r6GTZsgVb2I8ZjJxu no/sTtHZzphM3/eQ6ljyEoj tyiAX/u9hlEW5j MuqC4KTurbKca5gnhPn1vJiMtYJKL1dEF R41D/.../9opPAxc=

http://www.heartfarmapps.com/.../I4yOGDhw5M=&c=UFje dWtXC4ZO5H51memsgBezMCsjepMgqCfQjzhNBGKwFTZMoDglPW2NC3UMuZGz4j2YBKsYCuT2ld1ohBaErBMdOQ ehoM8IsblAbqyGY=

http://www.heartfarmapps.com/c?x=MtZLslrGrsOy1a3kDiiMGDYwNdPSsuWbpcTcFIO/oDg=&c=gfX6fbTMjN13PIgcL5rqPNKYaGkHSHWk3IFbykJT3O4VS3Cs0ffIyITQk kvp1L8UjaJ3VoP48jqac/Hqul9 c/NQJV jza63N2QOPrQOXoALWJ6VJO8Mz5BsVs9sY FO4MI 3Un8/.../KvImUjzXvU501MoRopEjhwA=

http://www.heartfarmapps.com/.../JCGKzoo0IDWpdfcStC37ZsoucRHvFzb4zlYvRJZgn0NHiVIfh4WODdtcOAIBMUFZOBDnPOjv8oSbJucduw49FTmnXhNHKV6TUIOrNQjSrzuFeVy5nCVknC8hR10OcF1NBFIs=

http://www.heartfarmapps.com/c?x=1fiGP7vMWJ2W2HfJBf8K8xfSqTrV 3uKhJ3Ik8fdwXA=&c=CYaMATF/EHB9YIwrdtzKixG0Rs3FHLO5sp9KI0sLXLI642JZqlOeNsOjwSX53WvxlPfxVdMhz9zTAWKeQMgE/.../XCJtTUWoRsg3NjaKuwFJRWq0zpKZamsGw7RbTvZWIQJa8yl52vy9Zoo=

http://www.heartfarmapps.com/.../yeVERa2n8=

Latest 30 of 37 download URLs

Remove stremio_download_manager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.