home

stremio_download_manager.exe

Nogacig

Quality Funnel (Alpha Criteria Ltd.)

The application stremio_download_manager.exe, “Nogacig Setup ” by Quality Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.heartfarmapps.com and multiple other hosts.
Publisher:
Quality Funnel (Alpha Criteria Ltd.)  (signed and verified)

Product:
Nogacig

Description:
Nogacig Setup

Version:
1.2.5.5

MD5:
c3092ae19dbbd4b7f1085e20a9965133

SHA-1:
4e60aa4dbd845f859443abd9a14e4034724f496b

SHA-256:
cc7929af8960b4326aba41d7e8604cc11d8d991823495270b67fe61eeecdb9db

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/15/2024 6:37:58 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.7.19.13

File size:
1.1 MB (1,130,264 bytes)

Product version:
5.5.8

Copyright:
Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\stremio_download_manager.exe

Digital Signature
Signed by:
Quality Funnel (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 7:00:27 PM

Valid to:
8/4/2016 8:33:40 PM

Subject:
CN=Quality Funnel (Alpha Criteria Ltd.), O=Quality Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121375EF70E495146E71E4ED38C778E06A7

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:fF76VL7N3Zq6UjqKlHYUOTRV26aK6mFs6tkeL:NeVLxQXxRYU8LuKPVL

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8931

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file stremio_download_manager.exe has been seen being distributed by the following 24 URLs.

http://www.heartfarmapps.com/c?x=ZRMKIpNt9DyyG4lFuWuyoCirHyHOBu43XJTFvwlj85Q=&c=YG5c7k209KS8y7ezA3FjT4D9uNkyBVqUozx2p6wzn5U0/hQsryxw1hzBDBD51lXugUQjKKeI19Ddrpjt/zZf57cd/.../MTLmY2jjjtZOvOttYDRX1ZpnQaonXOeWSJrjQdBrhh1ZY0Y7miCmb2nZWucQ=

http://www.heartfarmapps.com/c?x=J0rvIW3DKQMpR9cuY Yg1A0FR1Ps7LiGzQomJZVqWcE=&c=s PLSHUNEEbQAdafHap7ERhh 6i4VbJm/ds43mm19sD54dELL0aZRcbeCrWjmSD1WI/hWypQUmiv HF2bg8y xjvhzckNwdqgadEy/6sbJBG2OpiuKoJMxhwYp5uRnIvwGbylTh/.../HUNNJU8cD3lGNs=

http://www.heartfarmapps.com/c?x=ruVCp23RBUcWHWwsNWfu2Pu4n6g8ms5 xRftqfW1AGM=&c= ZpoYinMqeSj3odoaAUi4nPhd1bcOL IIQO08gb7dcne8z3fUqsdKhOTbYifcxiuQyLFNj18FTVkOwOcpr5h7ul 6e39Axh0t0wordMCqX5cvAh2pJ3lhDSoY5mK6Pej36wkClq1ReEbXmgHv4Vin76 p36d78WwkFFztW77jrI=

http://www.heartfarmapps.com/c?x=jzznt9Lag4ciI4mh7uLI6fBMmQyx1y6sB5eV4EAI8WI=&c=jIQHeKRLUBCYYyAIBoC2Vui9eZe27FcxHSRL2YUJneatzb16zUv8ZsgEZ3u36n0HXJzREXrQJMAkH15i7qpKF9i6Ivt38ZBwAqlwyH33McRbu1PyG1K5U4EK8TulPXGPNP2IBknRHXL3vKG1DAxIR73mmFnJmSqdqH8P 7mY724=

http://www.heartfarmapps.com/c?x=pqstj73YzEsU4xzunjTdTQc UaDQo8K4tPJ0uhpzi9Q=&c=Yy4c U5i3ePU2dlX3R6yoed/.../2EEvFnuGm2qknfP9HWCjLVi6QXvoHKNcnw41WgO9XWhADhHQ1vJkMIT4lC40OEQ6a8W8qGPC1vk 68rgJQgCK9chozJ1ffBV8VHViE=

http://www.heartfarmapps.com/c?x=2H0ZkBCbRYUjk5nDlOntDknCjDHR3WROtYvOGabAFeI=&c=vjEJYyHmKVmvlPds4TZ00GwsUREg4nvMq01BeU39zcKmJOVrpsBHFlAvQlz5KLYbN8aeBbBi92Iw/.../fOSNtg4Vl2xr0OjkckLs9DfO48WfKoZ e8buTrELfQmwQY9j0nN8VmyJrwrxD37qCp2WAlXI=

http://www.heartfarmapps.com/c?x=LlYyH/Txta1lf8G47OleQoJXPs4dLhAzDy3WYYpoxIg=&c=4e/.../9aUauLL6jwsbh2Uk2wj6z6NOvvZfRrpZYVvarUX1T5pKNxudPnnfGSo=

http://www.heartfarmapps.com/c?x=ZEYqgkafn4DiP2Ox1iQlo83Su Bl6DhEQAf0JQMt9Lk=&c=55 auNAUnZvhMgiFPGe1JjM/piNIhvyNBBJWbk7CBaQYoJWI3jKKxHaX4/VF VyEhIWOsiCfgP 22ksVKnntVTTiNy4olw4VCLCnLzjK65k5NMy6ZtYmdBfQmdB/.../R0aHzDkgILr1APvmV6pOzXZyBydNK3n8Kf2Verh1Izw=

http://www.heartfarmapps.com/.../6ESiWM87b xozpWdCtmiYEBDMnJaeGx76lv hL9cmtnY3Uj8BqzqS8giKju7IfV3I4Vjj28drGmbvcj7rAZsHyI8J4HFG1A2lH NXdoK4m0ptSAkieETctIi KtwILRhM4f2gYfqpctEQcnRtgvTsJ7cfUFGjJKvGgTovk1pvE=

http://www.heartfarmapps.com/c?x=0st98LxMB9vMu0YOcMABKcq isD8 5kw/.../myC9bYJ7yvCkpjbARTz1Gbcac73KoCA2rEKqTpIM9DhgRqc pBSORoYIBaARR7TRvJrYEqbO5Is5YaMCvSHTEgPh5agFvLrb535TyNocMwk=

http://www.heartfarmapps.com/c?x=ngVH9n0ga 4/vXMOyj00JdUN4MD5gpLAuHSfyEYrxDc=&c=UKMM/GA6mUggYBO3a/zjQDyA0i9XNWq90aoeGtNEnQc6Xl32MJGOeDjK4ELVCtnqkwfHfOM2Dax4VvO2eZXholW tpHtpD/.../VkRJ6m1T5QfThPOM=

http://www.heartfarmapps.com/c?x=QGzVgggME GbS7 gmh0UhBcb2PVj1p/FtLoOAZTc428=&c=3N8aLw07JkBiNzlzeIP8bVTdDWMhDQOb0HUV0P/TseMoZ1TkXynrI/R8BfMy9CKMrl8C3eBH0A/O4j9q2BRab/.../kxtVZv bGGrOmO4ETRYibEulG0aLpRQiAoqCOCkby3QGVTw1VpnuEQs6QXC6B4KAocGm9Y=

http://www.heartfarmapps.com/c?x=/JPq0UzWh t1ZmCnUhRZzy0XaBjn6jXsU5B305HRqSE=&c=x5h91cMugsrh4Kqi0luvilom9GQzSndYKTQMfEIGnqc/ZP7Ou5kvF1b hnKXZSHXCLH5YpZB/.../ulRW6rVu0=

http://www.heartfarmapps.com/c?x=x0eOWZMOCE/.../W5Xp8gWaD0J0Paf sprc8HvcjlzVqjnLgRkmcFXqix8v0iXcMhbjGe bbN oBfiXxpBvNvuKOyBakCmorstowBFnp mi8ZsuJRMowj4NbtCZ1j2kLxlTUlQUcOL6Abdm9vXlAAX56WakLlXLA8k=

http://www.heartfarmapps.com/c?x=X XGyax6S40RB Kw43EToeULdvg9/NVnlbZ23aLg5gA=&c=ajsfnnZ5Ncd6p8hVybbcnyTVyR/dbJmuE5Q6RPzFeF/eWrzGFC/rH3a4RlTr8p9jg7z/tTgs G5q har2ZNgUNTNyhNif6Q/1yNUFmruXLoaN/.../eUG8PkNLmHAAQ=

http://www.heartfarmapps.com/c?x=dEVMWVHk75E3XrnyItBgkbEdIg08wTob8ekgRhxbaO4=&c=DHHeaSPXhCkyQEhb5C3BF9jkz8KUy/NYdneBYu/Czh205U4gqqTOrt5P9sUt0iuohx xqxvi3ATIegzNeHWsX0J6gCCvp6IVpopsjCmBEm/.../5dM8v8uIw=

http://www.heartfarmapps.com/c?x=Q n pCKBKPBTgCcIg8178Cp8qEe4UWurGATWdaqXqv0=&c=AfERHN4QDuxr4IPS h4wcFKGXbIGwr/rwdjI693zq/.../tzZh9TypAu1WhH jdYZnLvIPeC61h8DCFG6Zy35Cwaq9aTGBqAxyhrQ G9jBx ZFDsgKWPWAIw0nVXVjwj0WuDAW41pDEJxxCzm8AWJpzroLGqJHawuB4weegM5rNyg=

http://www.heartfarmapps.com/c?x=jEDw9rLg0wa yZqXtB2TYEkTprk lrroJOnwx5O3aAI=&c=r nDlJEmYm0QMgv8A0mBJbfGd7cA9XhUYDoEattMI0m7aNGMxgEnjXrWeniBqGOiVByZPQxQS7G3CqquQUiMFVkDYV8fNFGyHOP2ND L6sNpwv8GAPsU90Y1dq42Qsh40Y7Lgu8rdCEQqbHonPcTRMth6z4pTM1Iagkhni1vyKA=

http://www.heartfarmapps.com/c?x=TsKB8pRKNCQPUZ7I0/z/ZpxuECetEkS6K2ZJQgFhkwY=&c=0CjI61dIlM2EKCvL2k5g2lR/sOjIq2wSKihA9 dF3QGV4ipaq6D2zV4OaCAq8p aNhtufxqXEkfXCNXPWR0kaB1OzhP9yZWgcSEGNoNMJGEe6BpdJvX43w/ W6CV//VCI5KovmpAfMyQ3XsJV7esTs/x5d7KUoX/.../blcadE=

http://www.heartfarmapps.com/c?x=ZqEquKW1kEksgybiolq1y8pQqIZlMYRU/.../d42ieoUe3L64rVt7sfGc5UBokJ1B Nor4kCxB oXTjHeAJKzbbvItLohlwlviv4u5necrUqJp3GAHvaZQKmghCwsTwOXx A4fAc1ECGsw=

http://www.heartfarmapps.com/c?x=5b8LwWS3vh4sVyEmukCeavCjvMAemq/GUBE/2GXP9y0=&c=M78K7Z0yM BPc6zRl9 pD0Tnj3TMb7haJYX0COGOkpdqTnBBTDiuAZXT23grb9auYPmgxp61gIugudHwOi/.../FbkBYKTJTcpCo 8 pjbIYUuFCB2F4R7sopuuJO6jRxJQtvV0=

http://www.heartfarmapps.com/c?x=IEYgVo46RCy1 Z4/dtSP19IjNGJ8uHox/OcTo2UmDjk=&c= apVQXJ8P VPZpMJF4Dns96JEzpCOiCqse8 5VoaTbSdzuAxkR9NDXryX0Q2UD yGOmavpQQ0yylgjGPXVmUyE14qrI8n1ry29oXZ1pzJKPtq9FvoWLCW4i14oUGY8fb9oJ/rMgmzvbiQ61Nfz6Je0ZBeEE3g7/.../mVg5g=

http://www.heartfarmapps.com/c?x=nRAzv Qq3NpgurF4FFmXxrYRZ9oLGalVKsemAb1nCM0=&c=bFM75nJyEOq4nhHD5PPDzrUD2TpzjtsTdYquLjHC5kebwhHMnbpFouhE6BhThLInHysLilUV0Lzu ke10e2Fs4349yEOHci1/.../txHitMCg=

http://strem.io/download?sid=eyJsaWQiOiJJTkVUIiwibm93IjoxNDY4OTIzNDYzfQ==

Remove stremio_download_manager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.