» stremio_download_manager.exe
Overview
Analysis
File Details
Downloads (115)

stremio_download_manager.exe

Gepo

Quality Funnel (Alpha Criteria Ltd.)

The application stremio_download_manager.exe, “Gepo Setup ” by Quality Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.heartfarmapps.com and multiple other hosts.

File name:

Publisher:

Quality Funnel (Alpha Criteria Ltd.) (signed and verified)

Product:

Gepo

Description:

Gepo Setup

MD5:

ceeac193ff7d0b9111e308e3acfd00f1

SHA-1:

7b970e15f6afe7f091b61592d1e561df8bb1bf4d

SHA-256:

041db1d66d9a5b164dd87cf86d51ea0f5b65d21450153d4d2c8d7c9e337bba12

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/15/2024 10:24:20 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.7.26.12

File size:

1.1 MB (1,133,232 bytes)

Product version:

1.1

Installer Fast

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\users\{user}\downloads\stremio_download_manager.exe

Digital Signature

Signed by:

Quality Funnel (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 10:30:27 AM

Valid to:

8/4/2016 12:03:40 PM

Subject:

CN=Quality Funnel (Alpha Criteria Ltd.), O=Quality Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121375EF70E495146E71E4ED38C778E06A7

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:Z4JmYP0+lU9L4rshpl61XTPEHGDST3jHYNpPZJ1T6blvcAb+HYq:ZK5dlU9wsp01XTkZzWZP8eAQ

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file stremio_download_manager.exe has been seen being distributed by the following 50 URLs.

http://www.heartfarmapps.com/c?x=JmzX2XBHguQeCpWq3KLrUvb5TCOmh1QztApwmsHpvJU=&c=LimLnXl4GI0VZnmMZawYc pPCqkCd14tShjdMokRQyPejHa6c7YYEnYFavUj8ny3siSTzlnCt1BSXi9VhyrX0ASq29I HX8dSXstmHtVGr9Nk4exiKxs8JNvZyOUWLQNKg/.../LrNWbskvnCu2TlI=

http://www.heartfarmapps.com/c?x=tBo3mnQzNgo6Avo9QKWW0R3hJcbegSr9yWOlln743es=&c=gl02zy4mVZkRkDmaa6vlaDunSkysUpeu1v6YcjRW/.../Z19UmZR5o0AxySpn4dcnBE30S55GFstrbG51YdmCJv 9Rq9QkJ95Yhg6noaJFa344B3ISk4z39VK25UodBQDE=

http://www.heartfarmapps.com/c?x=yxuZ3tTEPps93BHwB4TFOjLitKGzPns6 3KWd7jY/P4=&c=YLIDmXCbRijs2A25Fvz7pXqNipG3WuEBQ8q9yPQIrExc85kHUFzFY/cFEzz/.../VMGBEQH70ug62TPhb0GqpIritkSSveSWZe0d11Qcqc82invm6wJLor5p1lh7cyUqZuiiAO0IGeQdu7g=

http://www.heartfarmapps.com/c?x=ztwWXSgvyR8laPlBU45YI S66Tfg4QFM JzdepxR01A=&c=VJCjRPPtWR/V4YFGWEDQ5NuS w9Iz2JMP IR/DYGb92LZkMXUOIyWcZ3eqpY1shpoS90FnEPfS6drdT7ohRCigWAZTmqGnTSC/f2gMOGPfLeeNQwxA/8csbDoH0yb0KG5fstAukKlYD3VWXrRonTzlM/.../XfYrJItL4Y axZg=

http://www.heartfarmapps.com/c?x=Z8/DCeNi9l601vogjvYeOzR4HQJ8y9j6zHj98OkeE7g=&c=cGVKU4w9rVYbO4Frz lJJRDWsaLUcKHb6g3cFoO2a64LMMV38zz1NqSePIhwIpBIANZFMKv3Rff9NcdzpXj3C1i/Wr/nKeU7UnCC ZZelnxfBOiuY8RLW6FsovV70/Sr48OVXLhAq2ffCcHpoge2a/.../fUbHbk0=

http://www.heartfarmapps.com/c?x=lDMMcN5jRRKTuRfHKa40svj9ncFCUDoCJsTxpOAG1a8=&c=R4pnL2PAys HMJF7dwj2MQEtbVJ8jIAW/1qg7cAXmatbfJePClK6qKsQ 9mTWIzgTi/9OhZhKN11rkWVba1/.../StjQ364aKtpEzJCbyBW5sI5CykdmGyEtPKkFS7slMWh2zp IHRRnM7AFUdnMtoK1BfLqzULZ9a3YzhFtVAx4=

http://www.heartfarmapps.com/.../Krnz5DuSSCERME=

http://www.heartfarmapps.com/c?x=R73XYqWZE7wAxjhOi0VBmIPQ03iPpGO62yX6/y86gMk=&c=rlNNP7rs/WmfCdjWR2nnvFiaorKlBa6wkLN9yiVwK/iiV58kek9LH2QUx eslQhE1q/H3SvxYS/.../Sjl9FbG7DOkdSsE1lh0sF016D2nvnJPyTbA=

http://www.heartfarmapps.com/c?x=hOxZ28MRdAhJ6gVHFLNt/Dx42tyHL2ZAQ759p1hbdfU=&c=d88ZZqJhW04R7Zw9lt5rjjw4RJCaoEMpJyAvLsTWrP3y3XdrgwmMShJGNnzpBZxrLYLSL3E94B4A5eNpN2WDh9tINlzHnz1hoT8AdpIaBydAzmmrHAIs/.../XqHI=

http://www.heartfarmapps.com/c?x=nEf5VgG9zjqBbtA0tMMs1UuGlqSs5EEaMjq0iLhmR1M=&c=Lkd59Jl2zHknc2gq1LDzFS7/h36iWIV4DVCZlPdUV UkbIGutheBUezcDf2Uc8QfIuy0mU 97VhLY3 YlkyU9JC/t9Y6wwJOwu/.../PLtoqAjJJZAaSIqgWhRhe9QbFVcVHsOrc=

http://www.heartfarmapps.com/c?x=S9sFH7/.../j01rCTlGOfo8ptYRevUWrBRIg52s34AceiqvcZE2kZ741wtqtoYXdy50fGgUtMmlnvDsQTapiewHTDt4UAMkVn eqpNlkKiS7167tD6a3UP0HJmc=

http://www.heartfarmapps.com/c?x=Tt4vOPpUkdjJ4zeofsTcobsWj 1aMJRaiYZO6JqOdMg=&c=Y1h7m3RtT7/6eTFVyhuTamsdxJK4lWkgiMX/7LvUAVL4AEkDZ2QEutU dmv5XxDqMFSuxD9IXRwlHHH3mX1cLKY/.../ccxsHAss6JcI78otFQsFGAKzEWSfyo0856tIK5orLHApwuJ6R9GktePM=

http://www.heartfarmapps.com/c?x=9J8XPXUupP0n0Aa6Ee4AerzJW n5cpU7 82p/.../EVdmv4ZiDHJKrQHR7mzmU1qz5bps1sS0BXtnOMCiMQ7oVOdKYP8UfDVMr33pHDqKk69iwoV3yIK3TGsEPpmR1fzHwjxfR1FV6LNy64onWzs23tsnAE=

http://www.heartfarmapps.com/c?x=br3eRi/6f7wSmtS1Pi2eagUvGZVBMd7pnmxE9o1 1Ak=&c=o1nyjsHd2Gxiww vGAkwVuLDd1kVMEJNBHHsAd6HG3bYuFTNS19AxVHPRE95fzRH7IN8i9aGA3Hib400pmiKpS2IE ioQn/xXvXP5gHilzHSgbfiNFQaeuom/.../JMh9tpMu1MGRLP1T4cagbPVbIWtn9A2 Eg=

http://www.heartfarmapps.com/c?x=ILwaHxzd AaIROmfHrmTbssjGXOCtzvAlWD8incBlxc=&c=BYQUAM2uOVWCv6zMtpOW/j29JHTRgf1gKQPGJb9DY28lPs2lEANGMO5Tn56xlnWGA0k7 u99s03YIL6wcIr3hvnNuU1NocFbn90INl47gU5tL6Ck/.../meDeAxRRo3Xy3SeLVLiXGgE=

http://www.heartfarmapps.com/c?x=r5w3f /W4gosWxsp6sKudQS81lyPMYojn2OUxMOnP3k=&c=3/R23/vgnX6TDCJ4/JmmOl2AUZtvQgwFnVhwDVufGkiJ MauWgiRrJfsgU9erBzIYRow 9MYOUTrSyDxL6KmPQrDk5MAtf/CmPEQ T/S/fDNB/.../EF8cR2tRfzFHBrSLqwRU=

http://www.heartfarmapps.com/c?x=9Mx2DGNBPMHTodLtuvHY83ZQXknD9mlp/virGz7K5OQ=&c=qAwW9AdJyz8ZJePoLag01Jt3n1VQXHwC9raMoZjAfRvOv/.../ehIjh6I29NrLIuR3A2ZrJ0vlTMPVSlQnkqKQDtTFXxjBNUlO0lgdzZUQuKRiWusfRN288y3Vw=

http://www.heartfarmapps.com/.../NgtzjogqsZJW4H8Jk0Z2swIY3bVhYtpx01xevIeKWbdlZMBpAveacTNqjL8du9LiyUuEWySyUnsmkP9XZCsc=

http://www.heartfarmapps.com/c?x=C2REof/lZ8cAQTaGd9Lk7u7RdRJK3v0p R2fFQeyg60=&c=5xiqhRo39UDp5/qrducQxU4pKJ9ubQeJOhH3s7Re3a5E5I8RumL8UM9Qvouk3gQI7n 7Le2hnd0drOx8tX3EZZmtpUG5Zf4Cxyft30QozFpm2fttAqIk XGyH2WvJr2PfL8QyFthvjs7d/.../gwIRV8ttcn21L5DXb11DrI=

http://www.heartfarmapps.com/c?x=D8bmdxgb3EIXByNYKjvKQwIK4OyyGOScgu88HLNurgU=&c=rEw41TrEgnA9EIHOmEobs5meiogqqK32IKdhQndTwqOh7n zXXcFZNn9ps3v9pF/.../a6hZvr4=

http://www.heartfarmapps.com/c?x=w3r1oD73LRTu05JJfLXI8EEKrTz8PsGGEky3aw2XEU8=&c=t/vw9BGjpCLD o vAjJLd3X183Al/PHcxj6Np1D4z5xXr/BPfTi6Yo/L4K3udIpJY9EwDwIQgy9JDfdrmyclnZBvSelmI6W6qaa/rWT3qml724uFp/goo7jQwPq0Efr5oB4/.../kIQR5O4NOiVKf7Q=

http://www.heartfarmapps.com/.../zn2x77kYmlrrQTUGUUR7x8cDvHcparUmL22SJeLcRzGpHEg WWIQ9RfzB98nEdQg1zPrbpoBRuUpSBG2iBm4Sw6uPHrHGGcBlhJlrcl0=

http://www.heartfarmapps.com/.../ 8ZuVuzr4pjo oQRoRjcEKPi1zeEXfmZUr8mnKokGaNcIcM=

http://www.heartfarmapps.com/c?x=Z7HubqF75ZvhAyzXHZA6AhfqcFV6N49v X0/.../ctVPfbP1ua0noDjEqLxnoHZAKds l4IiytrRev9fEdfqboZ4DPJvkXxvfwgD2zY0XAsSFVC41L0kL9PBTrqw87cFUd03ZorI0Yhry6DTfJPGU44CEcbujpHT0OONw9JuiJqgClfxrh3TCiRJ4 NZNR66x4gByIriKwj3iCO3Y=

http://www.heartfarmapps.com/c?x=XTZL/LrnxvY/H KM3X fr nPn0evAQSxyLNTyuKJbQ8=&c=PG93/etPpnbnBZhCYjWJPOnfbmPLIy 47 nMNE6lkXLejF93qvMcBagHT1s9fMtooa4rcOxGHhvUs2NwglC Owk29fVYeRSs/e1avfbV e5iIRkopKRWxKQVKSn1/wBLBGRZYveQxLvSSWFvS01qVoQhu/.../DbZQ8c9l2i8=

http://www.heartfarmapps.com/c?x=EN 3CWJVBNPB508MHOhyqOGMHzj7AhTFoxufOhIPAEg=&c=hLX G iXHD14rTj0J46U72ExG/.../Rx3qLP4BoKhbvGyMmEKsKlvZhTw4COgS9fKX6k50ZaGMFhq9J8Yq1l4MM=

http://www.heartfarmapps.com/c?x=bawb91iwIWx pFBGvQkylj7k0f8QwjWryWqwGP9f0JY=&c=amdICydySs2XWIHfQ GtdORS5r6pdRSVyuGR0jDJwVVprw5P5MS68CJ3gM CXkUm D5GeL41Ap/.../wjLw 18H1vCpL5EMxzmTVvV0W6gsm2mnS8nJvElRTGGKbigcSkGMj0NJuLMhUGFIB28ShhdRHe u2fSGMlLPckgMdtI=

http://www.heartfarmapps.com/c?x=MK0s828JHKJLZYp9CperRL EoFE5PABvWEhSzqT9yoU=&c=vw6Nhksara4jTGimSZqbOZSGbIBJ8KmTzl6Yn792KFk10p6JYXdlRG 12/.../kcFRb4kUNf5axyusuJibNLsbxEyoMm2T6TMRYqz0wcgKZBMJmxd6U02nva9zoGvYwRRYdnDGGDvWv9uMrhUtRs1GYrJUfHlt6Zl8qr6AReSVjSU=

http://www.heartfarmapps.com/c?x=NXfTtU3zSdECg30j 7/.../ CffPiu6d7w3gS0AvOBwmFenegMnLR8oQhF23QwngvM=

http://www.heartfarmapps.com/c?x=DiKlvFv2cR/lSzwzeqMWoQkfZokFX pqhsTzpabQf2M=&c=MNfHSTBSJ133xnJurYEB1NHSQtPcwd1fMlXtFEjP0tFPmdeiPTbERctPUp6VTv/.../TaN4vn9W3Mhr2RrngXBl7Z1Nt2c6cQpusysL9q9YBUnw4VroWfq2RF8wjTE4VpLyB2gRf3gmzSXXVVJeVXel2JM2QyBZN7Lpcsa3ikOY=

Latest 30 of 115 download URLs

Remove stremio_download_manager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.