» stremio_setup.exe
Overview
Analysis
File Details
Downloads (96)

stremio_setup.exe

Komorone

Quality Funnel (Alpha Criteria Ltd.)

The application stremio_setup.exe, “Komorone Setup ” by Quality Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.heartfarmapps.com and multiple other hosts.

File name:

stremio_setup.exe

Publisher:

Quality Funnel (Alpha Criteria Ltd.) (signed and verified)

Product:

Komorone

Description:

Komorone Setup

MD5:

f89b28c42083eac20770d86d7f70e15a

SHA-1:

05060a5f1276976859438d2e4693fe6ae5c279e4

SHA-256:

4ca82d976406606f5231f10acbdfc84748a7e3a20d2995e3e2c681f198bf4916

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/15/2024 10:56:24 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC.Installer (M)

16.7.10.13

File size:

1.1 MB (1,136,560 bytes)

Product version:

2.3.5

Program

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Digital Signature

Signed by:

Quality Funnel (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 7:00:27 PM

Valid to:

8/4/2016 8:33:40 PM

Subject:

CN=Quality Funnel (Alpha Criteria Ltd.), O=Quality Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121375EF70E495146E71E4ED38C778E06A7

File PE Metadata

Compilation timestamp:

6/20/1992 3:52:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:GiR7mzN7peWjUglcKk+XnB6w59sAXAQ0G6OR7qlvcAb+H:XxmZfUgIWnB6w/sAwQD6GqeA

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.8891

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file stremio_setup.exe has been seen being distributed by the following 50 URLs.

http://www.heartfarmapps.com/c?x=UlXjFnXFBTswR4jzLAHnX6u7ICo7R 5 u25S8sbb/M8=&c=PHt01quW9ggcdjPrHj9oTci6LQip6lUajR8VnyH3FJap1FDicPP1z/ijDOPDlYE6qZVcyXleXyxv5cB0DiCjcmW04FJzT3YigLJJROLtu2QbDSvMqlRyBjbW2rZmdqD/.../Fky2zecET6VzzrEkX0FjDQIrgOwXgb h7 bMR9c=

http://www.heartfarmapps.com/c?x=4d9wYWGVx8NfWYiz/bn/eqwiUj6zUjDNLN OPXaOd3Q=&c=uMpg7xxYARPcNTnonQxDO9c8Eb9Z raCt7xl MvBCoUeIzenCW4wS1lwSIcHI/S3sIw6cfvLQOdQqM96A/.../gdJItvQoFKADQPm2 iN5UYv d8eDZlnlbYKDXB2s=

http://www.heartfarmapps.com/c?x=e2wpepRNhjvXi3qKx6 mC04aBA10Vv0iAHZ/6HLmy8E=&c=YAlxMDRGlpMuZDiHc/kVFf9ejNhspA1BY0wJN/.../Uv9lXl207HKnL53l00xXHTIsWqZGsDDj3xzLWo2kRKCy5RCcfJ6G4Z2ehPt99jfc88f3Gx2GVs89eEmsBeGS othxjH7O1Ysnd6pQAlqcKbzwG7fuMvB2K9s2A=

http://strem.io/download?sid=eyJsaWQiOiJFWE1EIiwibm93IjoxNDY4NTc4NTY3fQ==

http://www.heartfarmapps.com/c?x=XeYELRMYLUSvemFz6Sy4iu3jIvYsebCXJaOf9PiRshU=&c=/.../N2XQ0PSFehpkQaVFcbKftz e0vpjsEHx7aiO6PKSWr7OSquWfJqJ2wpcD ktPGKieTV5tju33PFVt0UkQtBcCmL1Ox0 Z8MRDrewnYaBYkHsEJA3ZSvseWsEU1LQNYzFpx955pWzRtqdyCtDNU=

https://docs.google.com/uc?authuser=0&id=0B7MJ37A5yr_IaDhFTW9OeHZIdmM&export=download

http://www.stockdeliveryapplication.com/c?x=eRuPjJ4qBtSpxbM5IeflCjfluLJpzT/7nI9SlFyrC9k=&c=t PF07LS5olg0RLMYUcRf2AGBMqklQZexp1b1etdQkAfegS60Fp4ZFdY38f1wlYGGIP8Zs290LXR8Hfcrxd5PPnizdrFO/.../pl19mzZZqmh3UvSI7f3aF3Vr8=

http://www.heartfarmapps.com/c?x=HWpz6ysyX4TlvPOPfLi718E2WsFHxFCMi3I2/7vlw78=&c=iDJVxO pel1otX6I/DV86H3E7hCG1v8EEsDg8hK4A1K0wsCLwBEOtXQNgrFuB6UzzgrTj6 T j1GeT5METC3eYNsCtE5AH6aXyiYHfZCjhlyJc9ziw/.../52G20r2y0TJeEyTOljBM 5hiqGdpAqR o=

http://www.heartfarmapps.com/c?x=qg4tPKGfwjPIZIT6bSpQf2GkVShzVZJUjYTeOHJPD2w=&c=SOXFg2ye87KTTcqrCP v0phbgULi USXGnTTcoQYR9wonqX1QSl/e s5CR/AAhi8 P4bFGcjvrk/oBqFV/TFzSnOGUw3qp8FPDV/X/.../Y=

http://www.heartfarmapps.com/c?x=EPwzzaOWqKBj0EMZaviKSTyiqvWUz4SMuOy6JI HcI=&c=dhIiGLnll3EkTKyfMI1laaIGdiWEPQ3GW956eMW93b0hpPzcZRY6PNFZVs9yu/P8svTQ4pziGJwErbM7SKI2eFNgAT/.../XX2tBXAIuXMa541crpRqAwMqAd6Eg=

http://www.stockdeliveryapplication.com/c?x=lnas1a 6 R8Cg aykeKdID6VWQjDZxiLb32S4jd/Xw=&c=3ewHBxKZa0OLpYTUb52otT3DydoqER14Iv K9mwufF9XiXvrS7xxll7j2YAP2czsiNJfDJyQSy6Lh6PjNMmwaCADV41XxsLOPogujahkOM6otuuV7EWl9uDEZV9XBG/.../a1ouT1LpV8VHYU=

http://www.heartfarmapps.com/c?x=9BmPz02af4dvWts3wd0pMxvtDIJ5KrdhK/jxgm0uL c=&c=2rMfleNHwt7vAcRLxZeM4YLgVqoiYQ7B7Sqx66EbZqJ EC/.../3jE3dsYBT6KScjKxuaMb7ckDP9XUa1y9X6QZ0wLzzUWSuVKSsDIp7g=

http://www.heartfarmapps.com/c?x=9UzIO6CdGWZnGWxSGS1IMDyn52DyAkOgT3/DJCACNWQ=&c=T81XeMTaqQ5A6MnRBPVi52DU5dgxs/.../OiFcWz6Oil36GVuCA5cYuDF4CeJthLu J7EOOr60A=

http://www.heartfarmapps.com/c?x=IAoMD5Jimsy0/ubd8QwxneWg8vE1Hnleal X16p/27M=&c=2fBT0LhUbfwQg75DU4aX9pjB WawyIRBAbOaAAE9XUuNzwXpPfxXmQCUO3jb5GQ/linTB5sSmnurLMmXFK4H9fx1Z8KHt3I96ea3qpcNEY5dt0cYSGapdk8yFuRuV8hRrdlOP7/.../ydB 3WTCNT85X2exAU=

http://www.heartfarmapps.com/c?x=9DmqdOWwflQd4z9KcOUrD1kBApFBqCOBfPJMdhqBU/I=&c=a2UdCKayRFp6vV0cGQZZhg5cFuzDzAEaRSLh2kdxt905G/zQ7iB2KO0ZsX2bxEOlkIWoNOe4NJsIyDSdLCxfp8R67HCqYl/.../fvzVOpOhkzuxwMGQ1Coa9H59t XcOYEKXcEpNsLDc780FCKd0mS5txIQSzVQB1beKNk=

http://www.heartfarmapps.com/c?x=kMEuZ55 fOBDDT7PJt/.../I8I3BN7lHOU9Tf0FYKIVqNBVc5LA4Ax2Co2s3nLtwL7B2XsNEBZUhiibbxcVZ4HQEgM71HZtW6pqD9S2VCzIRw6omg3bWqaso ozlgi1xSmTRqF DA8GgWtwT6ylR5nsZ1dw3nQFMBM7Ulpqd98=

http://www.heartfarmapps.com/c?x=TcSg4SMANOuAcYgM8W4hHnktn7/ovFRMrJw/7iIGAko=&c=pB8EcNbiVhPW5B3L7y1Z7PqHwOYVW3oWHbabMqGaMV18VpViOUAA gSq8sQ5WJwclB2i/.../yPs0JrXa9BvvRQ2xNQ5pGmSBSBx0bJtAZjTxSbm3Sn2HmWev9JTlU=

http://www.stockdeliveryapplication.com/c?x=CXqWI/0 72R8FshQMDWVr0n /ZsE8tT yJ9tEg83Bf4=&c=24foEBBe7IHhoNtCbxQHbdE4klD2hY3ZghwkKl2kWreAkOVWgc9 E/.../Sv5R3MOy4mRtRTZFNp6L8vZYJXcovRElkhqJNHfAVd9LTJT16BgosHPztI9FzELVc=

http://www.heartfarmapps.com/c?x=Fb8yFjjGSUpzKLkGIffAisQ8tpVqOj QcCZva OvA Y=&c=Gg8dOoYqYLFDaU9IJjcCBbwGqvlkn8NW2Er1KWbV7eRkbY3ewRDE73xa Otpb1Q9fItIYRRYQs3XXdETspjyrscVk8jlUfuhXL 4tPpQMDLQzpcuWIeaU6PgA0G//lzR5ZE59AJVCQz8853DmGjvGQnvQsIv2Xjy345D2JWaUWo=

http://www.heartfarmapps.com/c?x=ee3 UraHyEwSLE4SxTO0/.../ fjbcNlTIj04u9AQRoHQ m3PxGQBXAgxIQs3vCug4WGydcHdGSvu jfAoS1wqtBfLVlfpW9dyfofun2MiumeiWlvEhv6K7buU0D2VFstiHg5LU8Yz8YEf8vMBDWjqPZwk424GTqKM10=

http://www.stockdeliveryapplication.com/c?x=0prH6AgUByZ nH4TnGiQvguhklu2VplaXOTHAhcYTpk=&c=dEaqnmiHZgBiJ1C4WoOS9oHEJtJIIdVUBABusnEgN Mj2TV54NGJTp 6jYhO/HCddiQ9cURds45UIcGC5qdGIGG25supHRqvx886gpPhI3/.../awbcxtTE5s8fVQ=

http://www.heartfarmapps.com/.../Nnp2Sg=

http://www.heartfarmapps.com/.../HWCwJwWcqy1nZaTkNHsJ24=&c=PmGY3UgAWXCmidYyCVyyYnCzRFGxzPXBFts aE4xxXUTgR10gMGUEEDm4AwkDilknaK5FBIfVhNJR6qrtzy286B3IDeos2npBBo4cCBeQackEn59Dug7CQRMD7cezZaqgAkBlvvZIWkp9f20jsWyt6kz7bDGonQE2YUCo0XRBgc=

http://www.heartfarmapps.com/c?x=1zVBf8K0woTj0n/ERHdWxhUxLxvC4ApudowiIts5JJ4=&c=K4L4ZrFsY2f1kaloFFejIPXZpA3zKmBXTBJDTPHe9/bRw2VwEytP g 6BQeYigRFIR25xJovfrtomh/.../DgNNQ3zhfBqz51odLippVX94jRTDp2zjw=

http://www.stockdeliveryapplication.com/c?x=A6JpoCXFEtt83YFmt8Wo1TLU9RycFHPczSt/j6hEzkc=&c=ehcZovnLNWcuwsLW6goE896CjMq Trbb3ZTtFyTxW3a47 DGgaVazv WrH2NYUlQKAaeju3RpqudLC9v3kpMwIgTkZ2IJA1b6crPkYS92LSInygWUhAwOOEh7hfkCAsqfiCsNCxzn/QyS9PdbKEJeYwQN7xPmhEEMcpmnnWQgkc=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.2.exe

http://www.heartfarmapps.com/c?x=pw9b/OoP5Osq1HyY O7vYs5aHRSJ958UJf36rGlsJiY=&c=0ICkc814Kc2ZreiR4/.../MI6cNYhP4PYCnSmZOKlyYdSI0MiJALGx9WTzA6jX1wp16k2cTi 46z5Y6HawFYUjezWCo8Zp88MsNZaMU=

http://www.heartfarmapps.com/c?x=0G9HmoUdYzAPUeI2XLqrSwdH8DRBWabJp0KZgqaMXJ4=&c=/YNofVw3R f3djd7OAWAYF5Bqk BoTsR /oJVmXA6N5oS2/mVFX8S/6Wh7XVMFW9VvBjyHcSDRvrvXRlcoKjG NpT1FXTGKtyu4f96aovQ9/.../Ng=

http://www.stockdeliveryapplication.com/c?x= ggKaHWL220HateFNgOgzAnm9Jz9IrxGccxp3R8Fe/c=&c=IO6q4gH5tDlZcjPcfZCDwknbbhsqHx0N3ugpo/GkOB qOYh1nUM7lhZZOad/YrTWaAqz7H Z/.../Gj9uF9IsahouGOs4DXMZMmSMFw9gX1 2al 9qqdrjLCGINhGaTOjYrFRrDjQMa9GZSmw4=

http://www.stockdeliveryapplication.com/c?x=lCd4VSZCN30MuQCxD6ZgUZYVrmyqYhioHA566E0GAus=&c=fCvX5veCh9lFA0dQPog aXmeKEVeKLqVlIH/y6CHkVcigIq 8IZPukYiTK7dI 2/sqUN7S3v jF/.../mlVXHPxns7JGLASuXhgPcONWZowp7G1QYQsTTs7Vlgt6bzFbA=

http://www.heartfarmapps.com/c?x=HxC1jY/bfE0gw77uMCkp1vckBlMHIudlws5gjnuNG/.../0BWWdE4CGOuJqsxi3PjqSvUfykqUFIFu8tbE2Xdj4eRWxEO2IN87FDWvwJYRYwcuLYIc5jjFu0RTfW9OKLnZRWJK Cqm4vZlq3BAO8Ej5BiKdg=

Latest 30 of 96 download URLs

Remove stremio_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.