» stremio_download_manager.exe
Overview
Analysis
File Details
Downloads (47)

stremio_download_manager.exe

Dabegamah

Quality Funnel (Alpha Criteria Ltd.)

The application stremio_download_manager.exe, “Dabegamah Setup ” by Quality Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.heartfarmapps.com and multiple other hosts.

File name:

Publisher:

Quality Funnel (Alpha Criteria Ltd.) (signed and verified)

Product:

Dabegamah

Description:

Dabegamah Setup

Version:

3.8.1.7

MD5:

db048c4f315081de45af9997c2b3a81b

SHA-1:

a29d733903afbbca23442fff248595805644579d

SHA-256:

ea503a1f5d0440dfe7f049655a7b6412d9d74b4b1a6a850cd165e8901c520573

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/15/2024 10:43:21 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.7.21.7

File size:

1.1 MB (1,136,448 bytes)

Product version:

3.2

Installer

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\stremio_download_manager.exe

Digital Signature

Signed by:

Quality Funnel (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 11:30:27 AM

Valid to:

8/4/2016 12:03:40 PM

Subject:

CN=Quality Funnel (Alpha Criteria Ltd.), O=Quality Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121375EF70E495146E71E4ED38C778E06A7

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:YMdilzZBqYzVYN2AnIdI+9P5viwvMTWhsIswKLJIblyb+sIt:YMURZQ8YJn89P2PIs9NIbE6sq

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file stremio_download_manager.exe has been seen being distributed by the following 47 URLs.

http://www.heartfarmapps.com/c?x=naRXrx0AlhBtCOp/zsuT1zxI5wFy21XW5PloNoBLKO8=&c=dh4aWuZON8MvfbL2T/.../NQP0W21s8orqFNRzRuBwHMtVuSfP7oeJRDgKaG3WUh3Rx8ajyV9vn7qXc6d1Lqr84hUu4phLlFj2T8UGrSBWYz4dK4PnSt xcUBVMsWtO6xj8SbN i8ITj60MnoBih93yzTtG8g=

http://www.heartfarmapps.com/c?x=vEO7Ej96LOzU6uMKAEI3twTYx12R5InPborBLzoIzuc=&c=2WtDd7Em5gt1iKDJe2WCte21FSPhpbD8yH2K4Ol 9qH/Ub2q1Acjygxo/k8RFdbKGQQLZWOluH5nsDBXDcop/HfSEtwh7V8WfPcLPyZXhWX6VQMxcRQ/.../Yxx81sFX3wZaZQk=

http://www.heartfarmapps.com/c?x=IocKm5Eyyguk85fI 0pMSGOnEyx5VdQZUWsGC3e3uGQ=&c=ZWiUm6eaMSH8SWOTnn9zJCex5rUM7hNKr95HTpyRXe66R4rWIAr8XREUj555TWZmg01pt6E/o QCQQzdDdWANFkHqFZpDRBVW0Nru8fzvGBYs9f4/.../1eHUg=

http://www.heartfarmapps.com/c?x=mjEF2evBbEAPZWZ1OFz9HxWK6C8vY0p0P827R6WHvvw=&c=42suoE3VCvYKVQTYwFS49tT6/3k4QTkJtGejwrNA6P/I/mesn/2dmMz061DwXMQpKJ5D8K7kw1xGBG8xWBZCQAVU9OL1gjULdo/.../V9aUdl4sIlWVhRJlpaau5AMRHW9l4=

http://www.heartfarmapps.com/c?x=juQGdznL6Eu8FHZHyuMnMf/2NC4ZLWR5rmCA2BVMMR4=&c=VqFFn7821Yv0/1LDsU0qxFjNAL1SDdget3YW8KfO0DnxvMt/IAgBsKOGhscLHFbUAwUo7Ynp7eCtk6Eq9n83YLgzc6nk3WCo045uk0A4tT8XXZNDdspnMeIx/.../ZrJ0=

http://www.heartfarmapps.com/c?x=/.../sHp4sMNJpiH5UfFkgeSabs7ntWdQ3JK0PMSk=

http://www.heartfarmapps.com/c?x=OdqPGTw46rAbecZIFQbuz90uvR8wglbMGrznpVkMx64=&c=nhHcanGrPXKz9Kd16TMbn8r/ldc CR5XjjBPNgFofqiKNKTyJz4JIyc8vGrf1l3FtjxXZGQ42B/Irrlc a34dZL0J/u828z4fzTuh/lsne4EfCwkko/.../eCq2sM2AiGU5WOODFGILC4=

http://www.heartfarmapps.com/c?x=EX/j6NKD5W3d40/Do9lw7uR3aE4cOu14SR3MSJOph/.../97BqS FlYtKa5Q7ycpC5Ab7YVzPy1fcMCrxXrsa lhTcU4KE62sUGCuRWSl85HjH8 08gzpSbJlPQBKqceHoBglTpItV3e3NC8mT2PhEp4icRo lQoFkrl1bxhfSR2miXHmMWYM=

http://www.heartfarmapps.com/.../rFazvlDXsUDlgB6 PpV45KX7DPAxOM=

http://www.heartfarmapps.com/c?x=aAgBgD7gLoMB4d8p2zsGFnfRmS6KxWzuO9Z7qLW4AP8=&c=DxBijuWEUgz48FvbxgVrvljkjAbo43izrZhKZMJCgb0J4KT6lophTYVsrAfvOV6ZsDTWEZQzJ zGLbZuOrodsMEuZC5OXnvo0 fQ6mVnlaoCr60KCl09JrNuP g78BwmyrvJ1xPk74D 4WUs3SAg2QwOIlHAzsKvpDfyxugS1Os=

http://www.heartfarmapps.com/c?x=WQEYiQFqWCsyYmF5X2UmlWCpGprOkSQkYjELcbNplAg=&c=pipYhQp1MY1Iff2UxDbloxVFf2 0CPfRkFLRl2iGcfr7SHrif1tU2g8D6W7fTelXhHHMdSQIsk5PHxJ32SOXq8FRcmDfV1eL2kb4mVlI wcmTJW2NAn2raakvSvwrsiYGCAbGlYHHZzCpgmIbcE6viKlS F6d6WAzk9pBoi9g4I=

http://www.heartfarmapps.com/c?x=EHX75qf RpB6oAUbBtF3sGvPIHZ7gtxrFH0AD6deNd8=&c=SoXKp57Rj4fT3R ngJUi4hKzdAwMo9KxIKanPTBeqVvU/UfeOvD3mTrncdTEQeksee0/.../ymi0LDdM 6qPLyS8zDsFqBgN8yOXDxLH8EJc7XDyW5zFmRFGYagxGYscMJxa7oMub3SjIxJaz2FPFM=

http://www.heartfarmapps.com/c?x=eGUkzjsTwMaS Kw2 Ox5 VQG879eisGZsEhCmygbHdo=&c=EY9FW33Rjt1DcYTLodpHmqxafQCHgKnJZ5R8d1He1Gnp4ON9D ztZEjsBZ/.../ZaOK9peiMtujuBM=

http://www.heartfarmapps.com/c?x=pkjKDMZTrfjp/c4s8XsFMCbe3DrEL0Q2/3HO6yCyVXI=&c=d/ZVut0x/vw0qX6CmXx7wRjVQ4rt1VmPm5uNUTlsX3x5LwJFD4SVmM/x79P6EM0 Vun6gk8IbjNuvWCqiEh66oaPh0oTW8/E4zEHtL5Qr5ckm rYsv7ygIEmcE8d1oTuIdPLSBx5SEJJm5wJHektfPxGO/tu /.../djs5NBzc=

http://www.heartfarmapps.com/c?x=Fxi5E9pRe9aqzBA NRWG01yCLTFdi94mm2D/JHdEx3w=&c=ylH/xoBHIoEi2Q0Cvefp8xY7kG8ceO9l/.../ibL5uvBiwussdQ2Xh3pL2qJs3SxEFy9L6XQk4LgYb4qbju138BM0zSLWpmYDY=

http://www.heartfarmapps.com/.../BObuAedsGzuxigoDUpNpwym3oUMK1nxIbyrE=

http://www.heartfarmapps.com/.../TQBk=&c=ktlFt6vwt9eMgrxA 90V64MTiU4aGvcQ Qoz71GY3mcuqz24GWlmAu0zCkMyofqjLsPYzLo1Mpnyh4bpF2RRXBqdLSYg7vVX3A5mPpnnBR5S07qUn3DzhZjAb8Ecm0xQ4vTxGDu0FF ZmJu3sYKndekHf19ooIV4KHivvht1w0o=

http://www.heartfarmapps.com/c?x=7a aPQbOgRxWN9/cX/buHAuaotHTJg/TLexQWKHcSII=&c=gRivtP6eiMflKAud6DXIA6c3r8ifCC6czOxHEwDhuxGX6FY2OtIsDDYe0h5SWDCdjJNHniGuv 9jT2rHL7PzCfv1dJeS5yOMn1b9Yz/.../Ptm9KBzlsm6nZBUi2QD1N5sM=

http://www.heartfarmapps.com/c?x=2OxHu/.../8BwWP57KuRTWHOWgIOohqeMz5ZJpX1hTeEsmbvjAZn8RGaBl RzPwkWCffPYDnzTBJQ5pISpLTH 71ox501dLG xBLR0Dj53 1YKpB8tU47iPHY5lw dQiFmAT1yue05eI6x5QGQCMphVnBd7UOPnArE=

http://www.heartfarmapps.com/c?x=i8CIMB5qrYK6PJHpNFgYDgQHDMXs 5YncYuC1fM3bl0=&c=GdTWQ65l5lHlPqCOi4V3bKiSWqJp7r4wNQsAKSLuuWQnZc6Xpi/.../B5gnF4QSBIC7bNnDIeBMAIyoG7ED7uwoh7shMuCz4tytKLoyarNDpbcddfbnVTrHaotcQfsO VB7chIfQl VkQ5VzhcfXFGuTGROc2qWjio=

http://www.heartfarmapps.com/c?x=29aJlGpLM9Rl/12om0m8XEmPkNBGAkhPc9POIcjH1Fw=&c=csr0WdOS0hicewMCVNQgkMvIwBm19mPXI1LrR92GqwU7HLKiw8Q7nSIMHWb3nLCJM3iItYys11yfENZ7RgwxRnpFs 41OsKJ0b MBeBJ4e3qqT 3L7NFI GtBRjXvCED4OkhNwYIz5htru8HjEjDl0d0l7/.../cjyxXo5pLVM6U=

http://www.heartfarmapps.com/c?x=JhKk5vH3fdS0j1wADcU6VSzCf2jdI90wDbhguuzNOPk=&c=F7ExXbb0lNyqUCq6P7Ef2LhAV/KWIs8 lHiTXKgaXamAmHy9S0Z0WXyzymdFMk53kItu/.../klDxpCBv9jops48Cgapmg2RWCc4zUvABsVGNN1W8vKM8niqV9DA5EQPNllYI=

http://www.heartfarmapps.com/c?x=2Ug2vBB7aiYdRl/ix1C/631OQ3bgsTwWehqV9RQA/0I=&c=W DcD7HEq04mYs90MDfmYNvnfQowxJ cRqJl7Y8XJiIKPTvCSdRJQZxjC96H9fQrtDRqn7rxWB7/ZiG5csq87JisP4 KsupW31XdSz/.../rwOORZaXvLLpYL2j6iW7ZGUCGa8MoRZHuz8oLc=

http://www.heartfarmapps.com/.../W3Z5bDTsoWDvtJ ZIK3uM5OGkBP1sOndAVQHonPzRMtA=

http://www.heartfarmapps.com/c?x=nQQd9cwkwMUZXiu2zJWxNT9hyIjxFR2Y 6dIlbTstB8=&c=5j/XM47Y48PYx ZiEe27nQQoOWy FE4ppWTTlMn3pIXyxYTFdfY2/.../sqCgA8Ug9NwflvCPCfuEasEtKkAbWJFk5vJmc BznLuqOHkuAZCRCIPetflRS ntOES hd01qbSVIDhiWQX5RH2zZKYL3DOBIxlWTUcy10nOusg=

http://www.heartfarmapps.com/c?x=ioOyv8f9dPEJ7Rr45zkVe DJeHyt9kHHQAMiOjGeT0k=&c=tcji1hBM5UiLhDmU4nvkma/sFN0a/mePR5e0FasLI0hU B4Kd6FxOX7rUarBCXt1Y9rKYZKvlwyT5S/.../yWFbVPk4VOjUc=

http://www.heartfarmapps.com/c?x=Ez0DMKJp3kGP8rbjsZdxN74kkt0UJ7nfJeRMgaaDIGM=&c=r4N6MD8hrWJMYLrXcLvlYPZve5dsmXCugQmyfzqiyfMWjd04PZgCapUo kWKJ9PfN8wOn1AbHEk950PY3gRvqsS366jnx1MKfaf6Yt 6HhUrTs63 u6CRm paY88WKkM1O/kflCbfqFP/.../WxPbeRN5VYrVfleSkIQ60fjGiOaw=

http://www.heartfarmapps.com/c?x=wS v0azUA929DFrg0swZy7VAHTPHp2Ad8/MozAKo7V4=&c=tglBa4LIB8FuYA6j5WQnxY1zDiCY 57I HQ/Omdzx/g1wIn/.../p1RJTfWw=

http://www.heartfarmapps.com/c?x=QGMgWfiL/sl05VHQlaCsVUkG8c8bAVicsvZIqPg8PPM=&c=Xsy4qJ3XdJqqzktL0/nPpjzBnYSyZ8FPbDhnllqhPHPlHIXFYrP7Cpk1sbs3nlrLLS2WVmCh93Pg9zYEOvliwDRBhhvzmCoEcuJ/HN93Wx26evPhKOJ/.../99nkp8m0SxBsGpGvqwnztYoxHQPp8gdm7XM=

http://www.heartfarmapps.com/c?x=rg8EieloIxzv8QYJ2bUqirNvF pDtLmKgbFaVgKzdxU=&c=0YI865A O3abFtb8jNvOyyDpAtpbxaptv0RZZNVJO3wM0Dz8BH 7pS6kfIpTQ wb95lD09OEX6/.../vWUVSrEgy8ljQ9FJEBCYkX1Qo8gsfljRJRSa8ywtIFLRMYAX3PD4=

Latest 30 of 47 download URLs

Remove stremio_download_manager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.