home

stremio_download_manager.exe

Hihobo

Quality Funnel (Alpha Criteria Ltd.)

The application stremio_download_manager.exe, “Hihobo Setup ” by Quality Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.heartfarmapps.com and multiple other hosts.
Publisher:
Pihu   (signed by Quality Funnel (Alpha Criteria Ltd.))

Product:
Hihobo

Description:
Hihobo Setup

Version:
3.6.3.7

MD5:
9fdb11fa95a1435a23cb7887f3678240

SHA-1:
eb17b9dee00c912c2dbc1abc856d85e25aef6e04

SHA-256:
d88083d3219e875053008f9d7204b090965b81bbab705035a51674eddf03a7bb

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/15/2024 10:46:43 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.7.17.16

File size:
1.1 MB (1,137,704 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\stremio_download_manager.exe

Digital Signature
Signed by:
Quality Funnel (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 2:30:27 PM

Valid to:
8/4/2016 5:03:40 PM

Subject:
CN=Quality Funnel (Alpha Criteria Ltd.), O=Quality Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121375EF70E495146E71E4ED38C778E06A7

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:VEe2H+VddUuiVaLhC14DVnOjhSNSZ4a/GEHUUXY74/sItJ:VFmWXnn0CBOAo4aeEHUUXACsq

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file stremio_download_manager.exe has been seen being distributed by the following 29 URLs.

http://www.heartfarmapps.com/c?x=ck3mO7gvK0MqCXwF5KnkU4Sw5B8IPAOevgSCssE/JGo=&c=kEHKR4woz0AUH0JMhrAWCK02L3PU58fvL2EfNyNLT6tnGO0oKvwNilW4vwo9cqA KpaD5vtdkmweRwd9XlnHm/nruYhLqinOtGUateW1HPZVx0Ks75iFUkPnMWui/faFQM/.../ Nv0REA5Y5iNXHH0MkeuCnNiLFmtbznCg=

http://www.heartfarmapps.com/c?x=upJt9xxK/zurhRrtiuD 2RfpEqy1xGdFxjBL PU0ALw=&c=aAgEiqEH6 CB3CoIcLJ78KnpZ88qJEgiqwgd8R09pijm/LnUcIDLoKimCZscprFYsxucfh7hjzgQPld6nR0bZYBzkzQsuCeAJSWsbubckc/.../dgzZGE=

http://www.heartfarmapps.com/c?x=2zFLB/3JxA6olDvz0M100DjnXAPWW7woEQDBzB3X2ug=&c=0DRuJznV6ha zJEvj8sESQ/vovkLXVJOFQ7XE /YDq2 lnl4jb686wXj8E0kIeJ1oAQvVs1k8aLbeDhaNSaLXuY/pEjfyk8C6MhNM4nWoC8i Vjb5x zG/.../QJNql9bdZT1A227gMOvF34=

http://www.heartfarmapps.com/c?x=NxNzA74jG6J7TgNGM/xYC8ggmyV830Z0sFN7N5zLF78=&c=r3XUVrkaeqpGWMZly0DDhCE gKoXw9tmLbzRCnYEt9PwX8pIwvEycgbOPCyoESGvciCazST8LBglTFhrevJHLDunBlcnruaAqUH6y1aP0mKGeIjnsVW2thRZ3DA8iNK3/.../IfA8gs=

http://strem.io/download?sid=eyJsaWQiOiJJTkVUIiwibm93IjoxNDY4NzcyMDA4fQ==

http://www.heartfarmapps.com/c?x=CIHJe R1ufX5KczvJfA1 6pcYSm8KVlU7IRtdh73JOk=&c=T4eJoiSgmMvcc9i16rl1fb3bIeQl9ubRqHqy3mGrNxz/prVhhKtGeAZeIIX8oYLbYippncVWF7EnbNM3KaTKDf5hKhoK0A0LcgwIgGMwiErvtSxL8iBp0G1PvlGmK7l2BqVZLt0WgWmhdbOmTo2Dv5fY/.../LyMzXVA5rjao=

http://www.heartfarmapps.com/.../ryQHBIHTuj 4zNVaB9A8=

http://www.heartfarmapps.com/c?x=0MBTlCmiyKT rYA7orfvHuw9U3YEb2BPRx9G9QbSQ64=&c=ipPZ6JhznYEN88Eu/Kgtdbedg8nPBpeR7ziA5ql5L9UIseYegZDowN3ogjbo83ZqCcNofhHmunOoZE3a4pAnkQfwiBbr9/1buzQhpOK1zVt8o3QYIJpAR7KrFFVniU3YOmeccVl3E/.../Fj01yTcLuLP1w2ZFvRA=

http://www.heartfarmapps.com/c?x=aV5j/.../1vy0uRYGK595 WD lAJcPLWtLJG80oS4mupT4oZMfh9w57yMt8d4dCUbi6Z26S VuvpugcRkUn myMPZ5MnM49rIug4u0YfVVv96xjEKnk8TKwUvkorh0=

http://www.heartfarmapps.com/c?x=6L1Vfnhp3r0qIIIffL6mZ8DLFRQ7U2WOMOxtkGW1uYA=&c=cD25/xO584z8tRxNyCPQTplBqHOS8NP9Lysh4aQgqTEa6nSCRrEzKLWrQINsYs3dhF/feQwQV/wFvF3UpuWbOJt2L h/.../Fr ZpT2eq6WR6MM4LUb3XzypfmawqCqnpGIvRDi35wMyjww4dTLT1ZhTxJ1NfbwKYeQ47ez8=

http://www.heartfarmapps.com/c?x=Fl1JRfuBPOhL oMXxOs0TW1t2Vjxe/tTHClzEJKxlKE=&c=sGauoJpfb9y1gEJ5p5nSbUaG5gxOaS4iE0vmZY/.../jeDafgay0LlhiKw0VdORRCPof2afMKUYrAOvEs=

http://www.heartfarmapps.com/c?x=ZVXyZGOddfAjLuNpvhvDPwidl9 q41KMVr a0eO7qq0=&c=9R9I5FVjKfm8szZgAUClsgoMIJaK9j/.../u1K Q P3G9JB2WdhO7mwBJKmLwK8tGPqiZ9GB9kepMoEVxbyYqsXnv2EVb1rD3YgeUgkRRoyUE=

http://www.heartfarmapps.com/c?x=c6RxG2XKvONDYIneSbCcuQku7DEx eThvydihlo1hQI=&c=G 3NGf7/.../xafT9Jsooab39exaWn jTleiQroyw9GHVhTUTgHcaHMshXDQbxByCRzuXoY578ZWZmjmhB3iopT7d1viXblkl3mKQ0VXJRhcZdAPnSae0X1fWG6W7OMcNa0U5HKR1W9BFA=

http://www.heartfarmapps.com/c?x=vRffpsUO9VGtTrg4O5M/WxCSVZm/rgz9jFODpqSI7K4=&c=bh/ZSDRhD5PpM51518L1XKwSwAc03IXc3WwMEi9s5zRF dI2qtq9YSt/.../WFRAPRP98NpoineRmjS7xuzlykE xHeJvLSUASJu0DWCb0xLr7PGHF5L3zlxVrHMnP6H1FNgPrYeKziKS6Pe4LFtcbGXgRoKypc57IkknxA=

http://www.heartfarmapps.com/c?x=EZ K4GuHXpH8b0uLfZnv1SxcpYuPyXwPcdFv/.../xMS836pmF0b2phWWhhf6 wncwjCk4iN7SUhkel9kmMf pGSf0iDDB8EDzCWyCi32Ei36NTKU 2Pc5v6JY=

http://www.heartfarmapps.com/.../MG8taKxSSuw4VKqYP610cDLcTHFhPw3pEJkpZfiKTm9TG4gQFjOzpMqwaA6bD5nBRa1a 4=

http://www.heartfarmapps.com/c?x=T7ry303rRMOTnboYsUFRUztwiB9fSf3 87Y3o6L3dzk=&c=BzWiM1sj49XXMTfYKUh10X8xmOrTZ5hKCPahusdzAkdubPqb51bvcDHmMeMpLXMx1uBH0DFqUYV9KeE4Ctn7wMZIQl4jWpsdMkHCpOwaWX5WdqQadfa oO 5UTZwpcfIpX7kvBTJpjtBfUULS0KAyOpUI7i K b6zham B79tfE=

http://www.heartfarmapps.com/c?x=Zyo6mwSdXhMm3dzcAUS2u4H7/s2Kp VEEAeFVbLf7w4=&c=i4jzKXlx9tQm4vv4H0SorJAaxHXR/sdKJso53JWAne8/gbMd2WQWfTvJ90kkO/iTWevYa1DrDOojYYO9iiD bwDGo7AFLo5gcudN/.../fVL48plIN3UDU5iLt yngRdHKtFGtgs8Kw=

http://www.heartfarmapps.com/c?x=rXoIX9DtqUf1B5F7x9QjssXqswdnEy7RxcefVhChDZA=&c=BkR7rbCEGEHh/rhar4uzrpa9ZgmoiNnHsQtxOk3tCbotesQgA/LJy6tlHKFHwGtqetBAPF9S0jK/.../LP4U=

http://www.heartfarmapps.com/c?x=yobOv ZZjWdhWMdgV9ovlRsPhc18NmYwnjEsnSOksUw=&c=PxYw7ku0Mhnb2RqxinoG3HA9rbtls8BAp6gI49Ky42dEYAVQ8sGjoHzRbffuLoCeL/.../Apbu2Wx8S2zJJPDsMeFSFfX1Am4tnfxwmxsvcEcRIKPRJdApdnPOwSaYOMR4nOWCN6ri31SHpQJPOh65cFqD q3yVKygoZd5d6g20=

http://www.heartfarmapps.com/.../imt 8OrwqPfIDy4fokC0zuy6Ypeq4C3qZ109HUG ymU4q2BH4iZkQV0H7U6ZzrxvVIeFLQ0c7CK5ZnU9HGslS3eybn4LGd9JdHDCk=

http://www.heartfarmapps.com/c?x=wRqqahZVMdzVreueW5jFJlIcyA4UU5nwMRgBfI3G1O8=&c=4ul/.../SwbQjleKE05rwL9T3y8E4UezD oa5yH25WLxdv2dc9IWgGqUriwP3sEdXontMN6IrShyadmXV3vwUzYa9yu39T6V58=

http://www.heartfarmapps.com/c?x=tO3/.../xE22870RBAghAwYxITn Q7nS31FvfwevKAJ6EqTRkJacGIWFEdzJjVSIFiE2s5H0zQuLmWbkiXj3XoQWY0yKjxkDVSt2tAQqgV5aFz91qin9vBC25rfdiQzhmPkaYd5 8qOqoeGrNMP3LEaPDA4rHD 5PyyNPnF4vOmWEwWMVM=

http://www.heartfarmapps.com/.../7fXKxXxiDZo62bKC8e27XhAvjmYaKGVWqaRdy0rx M108K8=

http://www.heartfarmapps.com/c?x=Lgevd0bl lYksN3mcfmVSI7 fNmCyC9hkhiwM3z1JPs=&c=gu2I6wyhOCRYLXOWyAi1BZlVYjtx6P1BK7fia8BZQJakeDpebkEk4bAWUUeny1I5lkiUShprTrtm4M6aEC/.../tSE9IJtTqlGVXYruEU9Rr26pKCzMPC o=

http://www.heartfarmapps.com/c?x=tTkDZMBrvtAGYx1I9VjRwgK4AvR8PMLxwHK4OPbaarU=&c=cAtgwxUdcw6gvcz2jqIav2ZS0ItqlxiQUixcDUl tIPQUD1d/.../VI8IIIAPTemeyYdtLvZiYoP8soVrUlW0I4uSUhfR0=

http://www.heartfarmapps.com/c?x=7PaCsx5yGoBrgw3zqNd7imhUCtmO5z14h4SZUfoCHjI=&c=/VU4dcRSlQ4/kGN3Ax Iitot9bNDIzKwmkX5qLmXyotJmnJW7f uUEUuZIvqkoGNlwJqZZXxjQkRJ /3l/2HhZYzkM9Ju0R8sIHXVMjAipWH873gTshLh/.../YzjV1RISQK9N2XF9Q=

http://www.heartfarmapps.com/c?x=NGlm8 yakXtSAox ZWLIJPGPiUK4lBfw09dKE8thIqY=&c=5LTAvqaW eIOebu6j5jvVTPqEo4dDndU8JhTvq3XGgRLzQgCE4NJVdpmUQ8x OfTyIgfB1fsYBphv1Hu9 1tQG svI5uHc2ghNq7mICxsoj41gaRWXl9Q2 R6W3RuqaED5VH/.../QcIA=

http://www.heartfarmapps.com/c?x=VT2GNZeLZpqAkG 8v3quIfxkeLWwo/wauHJLnixcnZM=&c=yIiDOIgESFtKrA2AdyE7aolVef5e/.../ fNQmY7kw12wdAM7kdUwf0KtCSdfyjwRs 6z7IGYk=

Remove stremio_download_manager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.