» stremio_setup.exe
Overview
Analysis
File Details
Downloads (4)

stremio_setup.exe

Komorone

Quality Funnel (Alpha Criteria Ltd.)

The application stremio_setup.exe, “Komorone Setup ” by Quality Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.stockdeliveryapplication.com and multiple other hosts.

File name:

stremio_setup.exe

Publisher:

Quality Funnel (Alpha Criteria Ltd.) (signed and verified)

Product:

Komorone

Description:

Komorone Setup

MD5:

0d9002ded8e7bb0e7b821b327dcec511

SHA-1:

137e4894fa6c17f60e864aff42f227c4006b84dc

SHA-256:

46efad1d8d2109779307745f71cec360666b21b5855f04a8ced64bf61524ede3

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/15/2024 6:28:43 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC.Installer (M)

16.7.11.0

File size:

1.1 MB (1,136,560 bytes)

Product version:

2.3.5

Program

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Digital Signature

Signed by:

Quality Funnel (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 8:30:27 AM

Valid to:

8/4/2016 10:03:40 AM

Subject:

CN=Quality Funnel (Alpha Criteria Ltd.), O=Quality Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121375EF70E495146E71E4ED38C778E06A7

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:4iR7mzN7peWjUglcKk+XnB6w59sAXAQ0G6OR7qlvcAb+H:VxmZfUgIWnB6w/sAwQD6GqeA

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file stremio_setup.exe has been seen being distributed by the following 4 URLs.

http://www.stockdeliveryapplication.com/mRRE0o D16EBiw0x1NzxDsN_G_SB4ow1_iThqFn_iNKysnwL_RNYhij8f3Ku_TduQ1qb1u9s4 lO0RxmhoqdFGAIXLGknhooSmHU3p9BStk9HRW9l8nLXPC9PPYS9TP4nWpxLc7PWLOpVvpsZqq2gbTTHJtJX5JOA2A7v_jeEbak9_XXuyYB9PjUStgy3qYf8OcG76Iwi5cFPsuPxMFV5QbnZpZ8UUgfoEPyJZ3ndRMofmtZjxCqdFT6mOr7H_czeo2AwHQ-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjIuZXhlAw==

http://www.stockdeliveryapplication.com/3XeO8yU1GKdissJ__rvC6PXxk0uYr1TJ9ArejGRgL81 2GTIxgWla5q4DzRAjASEod3G2hq8wVlSnXde7KsfLhkQxCljqqmWP3FJEiowpvsq7 8UhabxMfimfLuYyyCH3kIgqZWMHz8k2R6pWGncHExXjsUKi4AL40pf__JvgF41MK2Qf2S0kLBayxgQ8eWgxYVWd92Uy4dMTP0x_rkEiBL10GDcMQ9sYudOKSWKoHYnLPTaIJj799aGlngrwYU4CdAiYAMX-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjIuZXhlAw==

http://www.stockdeliveryapplication.com/fZPtvaR nH4ytKwjq4HFg5sAOGM505OdAtx9BH647rlspdUbfY2mWllWSVHjkbidT6PSdOV2eb5m134Vtkj NqkY7gubD2L9mOaBlfH6AUeTQTO7EC0Dq9Hr4mtmAZ247mRmu 910O77xZExaro2cXjKze VPrS4Q8JB58KJqAjhINaehKh0XOs8Wc65AUyw3zmpZM27PdXjlxYGJg9D_8_Zo2Ny70IME2LbPYHKo84wB6BSpTWdGlsdDMJaIkeU1VOo0ntR-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjIuZXhlAw==

http://www.conceptsnewvaults.com/c?x=8b/sPDfeVPZNemUHwqknjSP9Gk lDL7kGv2CtVZVedU=&c=xUSgH/CcZ3s3rrpieMKkZ8Ji8ZkXSLZcTCgOZNYW/uvvM7epGhVTrLO0bQoXZ2gAJLCIeyZLKfARpmeFFNkEDCqj8/yFLmpPuwyrcRJ4UcgkiuzXK1YgIkYfF6mSVM09VyNgjfyeDqcHxOgE6 aUzCzN/YVIBsH5kYm84nqM0FA=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

Remove stremio_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.