stremio_setup.exe

Defihala

SpeedyConnector (New Media Holdings Ltd)

The application stremio_setup.exe, “Defihala Setup ” by SpeedyConnector (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.conceptsnewvaults.com and multiple other hosts.
Publisher:

Product:
Defihala

Description:
Defihala Setup

MD5:
a58e29f151dfe27708a2c4632c21e386

SHA-1:
6944a97f4681356f3af1b91e29ab346605936355

SHA-256:
d13add10c3d626239dcb60ac5524258753360aaffd79c9bf896c9c8355b39d1c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/15/2024 4:47:45 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH.Bundler (M)
16.6.13.20

File size:
1.1 MB (1,144,288 bytes)

Product version:
1.7

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\stremio_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/8/2016 8:18:06 PM

Valid to:
7/2/2017 8:55:43 PM

Subject:
CN=SpeedyConnector (New Media Holdings Ltd), O=SpeedyConnector (New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121FD2D6EA2DEFFFFC3698923DA733CCD42

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:dpiZmRC+19GNtkHuw6TvyS7gGyGrL4pyTnoxUZIEsD:dIgRC++/kHuwoKStyGrL7LtsD

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8939

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file stremio_setup.exe has been seen being distributed by the following 48 URLs.

http://www.conceptsnewvaults.com/c?x=e tyjNe9EQxoXY/0beSo/WUm OjCukAshfgChQBcdGE=&c=BocJJx4IzGyaejXkx1rhCD rXbDflRcr9vKN4JHVaijWm4LmlhLtC3Y9g1s/cljKkYhaYwwiZwZMmMTUc0QCOMEAPI1s/blklLpLFAvFuMkk23Qsomvjiz7i0CccRTdaof9K/HryusMvteyGZsCOMSEVffEFXe5i0J8740UtNx0=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=C4cVM5mWc95Lq9lB7T0UXg8KP8yOEZGPdYE6YYwc8Ik=&c=/7U0qXjgrS3l0lXhrDMqRBk1saZLwaB3Nhe2V0y56t xy6bOfoalcYDGKNXOedxd4Zh95p3pFTsjdSiNLjkyFCiKVQu41KVCqsLnRFxFHisGhehXhCYpqOL2y/6Z/vh3bl0KvtgBmB/i7OJ4opw1ROFQaNgY/KSaaEEGl3EJ6DQ=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=iItE95O y0XJT4ApT9wlexwGTh5KDl7S T1Trowl98k=&c=gzIIwrdS8ZuaxWdZ47XYF8tl1FWPWaiWSPPZ1H XD3jgfqQUTBovADa phHH5XcrAOf D 9gze7xKPyQr3YXTeVn86W U4NQsz74Du2ePYJrTDgCAG2uSOxotDqxHXmjkML7A7QbzQq5uIGbTyRLx LOX0xCQDgDZBDOVkWaVrM=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=KmYGgQ8xh5DFkekgPirrAWpxIlvSSQWB2JEN3z0b7H8=&c=yCRBMzZTEPRnY4rE1CBU2TOKmgSgAv C3lGKvVynngT1faPK69ZlLvB7j0Gp7xipLb/w3lN6DR7cryB8gpl0HQVwPofy4d1c/SAl aIUQro=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=aE aV/f/h9tf6Jt xX7rHkBBIpWeduA/imryCdNcnY8=&c=b3SLjF9rXYPyxBzajSpp9stokNHIbkY lROKRcMFg/jT8D mbEmu/aS1Gq8dPiKg2nM5ak4Ri/2JiCVhJ59YGsH7AfGVE5DHFloOo8gb0Q1cAPbZbZA/10pXR0lcb2OJzq/rPyLlmf6CTucD19gZJJIMfR8hDQy7 d3psxsmzpA=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=FlHQnG8TmmvMfM34NU0LxT/p/YWdA1TEswse0Df5wGE=&c=fd6Nhnif1HtYKKHrIu5fmOf3OkZbb6iFD7XNi/eJb5MdPv2CsseXeaOtV28bMWf1ErknIJxFZMlhSXwiSqMGgbhuUgCAUvmMu66HGLiEOCMCCJrIfdIvq3KXLZxtcDBlUBOWGd8YT p9T4daOAXuLJ2gyrNJPRWBlzZ4qmZIS7s=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.repositorybundlesbyte.com/dW8TyaS3zENNEqENv7VAvG2xUg 5hrZQkxcTXXXce52_4QZch1EHlunuRtVgTgVGf_clMN5OMsF89ZNFx6hLctOWXuE22tFSPjaEHPUsy_Iv253l5z2gjxjWwcL5pu2lrPs STOdT Zq8tIpl8l3Td7zbNPjlpV8SjRLal_C5qRSzAi4do _obPK_CtIMQ_vIL6kYQdY-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjUuZXhlAw==

http://www.conceptsnewvaults.com/c?x=KIbRPAK0HrhywUWhz81n7ICsYnHt2C2jrbzPK16l9ws=&c=U9AKmuC01nRX0j7HJvuKJruCTVka 8f/BVDb0in3d2bOg2jnLfzBAZAX2QZwWvC Ex4DUdcmpqdd5RnHwFfgCFKg/i7boYyYQMdsC8WGoKuERRhkNDr99VMA0xVHzGb37lhTzSn9Xqq1sOZ/04tv9349s lduU/Nu1xAdhGLmOM=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=B9YQMEK9427fb0uLpnAujW9wXXHmDxKDT1OTSLmcLYw=&c=Xb9O7pvv/z2d0cKNVq9q9A82CDwpf9F4bknaVA46GzO2N/5CoquhqpLFiuRWJQl3TZN01XzTzeOuE2yqP1vwUn4yfCxBQ6l5x4/4II4i6uuIzQqmcM1FRSEoMS YLrYxLzzCJHpIoivx/8dYfHMXw6PHCTC8PVrd6lCHDN7ysmc=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=iSnhCGvNrnys9gfgXYEjLrLcDUvTGtfDdWfz1RAV7lU=&c=6RULySUAwzvK17s9b QkSZ5WoTfid8EUANMy4hR/4MvcuEQ280rZZpX3w4Wkjlokhnt68Tbl5B6o49AD6bFqCs21vVizeVMoZrA 0mqMDMuPNFMFCblYi0Twc0QsnzeXtRbCp2ghiAIznwQG3UV dyOqEa/ykto3687HVb6kZZs=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=DGMfuRYiERaIAjmQ1qwL0OLUxKbJEcjz4X yu2FNws=&c=sJDu b8 qv90NxIAx0eSdeK3bQ/iNe984BWnyo/Ysfh ZHKG9VWUOj9bM4xY1qn0jiiTgp6Lt3up3oAJ95Mz Y5G0TSfZ09rDsX6onZZBhY=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=fvBnaaeXA vJ40zqJHxN4ili7STKpS6loGR9 kN9LIE=&c=dY9N6C PVD JEfgYfH/HzZSodoH3ZZXZsMqmGnP8jI7P2TbUphzjSLOljfrG2SADyLSnFzp3OYA45WVve57BRNcVF1MPZLBoxqrk/wFwpsh1EuKG 1Hm0So/D82qqQLWBfc5smMe0kGpjFViazk1kEhFWnHxLk/4xx3YOYLl7Dc=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=fJMeo6b3PLnXcbl3q5bOJbhsI1kw5lgSaI9yer88nN0=&c=6yCPCcHnjsTsgQCSuBP8tML Ra3CE3ygYuuRhGU396FXs5 d44mGgobzoe7FjXcGXbBKGWi24GNkVleBQ0ty4LSUtohiFtXeeWYAu7qm2zTgMvyN64Ztw7QMKJbCrtkzzzgzFMMKmGvo1UbR2mXctBaDPSlMs9hY645F0Eg31As=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=tMDlYorAJ98EX8npx0gLKM4mcY LVSb7aT/EkYMuFco=&c=V8aYDC6m/Z/2Sj27VPbqtWIAEmmmF4DiuHpL3NuTdhmX9uoy40cn6Py7mOqmWdYw5hLbiKQ7 XA86w LqzzD/Ig1ygQA2GPdPOWxsmLmk6yqVmfSiPc9oplk2K4xK07FvemA7AbKV2VBxTjCfny/m696gAEn bK7ennvmjHyX0A=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=BNzvj4dhDDKZ2pbz2WI/HBT0aOY6aaogYwbz0Si6REg=&c=H9Knp3f9LA4BpYql1nLWzya/Gel0EF6FzmnTUSV7UPdUMP0uZY5Wky8h8omm8aarYJZcenHMdPshWb89JgNKGyzUQXCDHmQjDOy59wenCZpKhRWdj3CPm5uwoT75RnvlA5hZOSTIaPqEKi4y1YUy3ap9n0dV312zIzgBi4b/ngY=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=OyX4kCm4AYtdxe/ szn5KPGiUp8hkNANpf GnQ80OqM=&c=A8 rhEWWm1hgUqeTTMgLStLr1qu4Paf0aP4iZMPyOqEb0K6I2EUEeoMb8UPB6yWV198Jja2 ApaGv0ixa66n7dS4CGbrY8h9i6nqlytu6 tDYhSj5QlA70AV/avYrd2MABGnLpGRIALQyNlQ6SJ3XlmfPtlcb2RAX9C/JhoIhc=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=I1sIceOSQEiBSTUP8J2l7JF21UX7ojWrAfMejcY0MmI=&c=PXpzQHJx0u6Xulodof90r25bszG4 6DR 2KApL9wvFIJRBxOaKPWOuGGa1HVL3Yc8ZfkmhstrteRRZBwU29KBnx3V5vIRpSosqlobd Gg5w=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.conceptsnewvaults.com/c?x=SbIUTPvVVexL07eDoT41TA5b6DKVKOyonmRU 60csi4=&c=8A44X02pcls1iqz7X0HBkGLX/cXPDKfVJKXs3wmjOFlI8R7PaRXMmCS3QCmHMlQwIwvzKvyJPHoehYXYMq9OJpLtFWAiyaBPbsuhyfr2eSWvCtehaRTSmhRHVWV4r0wIfjmJiYfrvX8g65JR612HON8YwExekxdVvowX2KLBA5s=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.strem.io/download?platform=windows&now=1465865297035

http://www.conceptsnewvaults.com/c?x=jmwm0UYloNbKNPGqQ1AUUkvLxHxgQBNtewubV/l4q5U=&c=AnKy LH rXyQxTCdmNibgGasPwdXQKg 5kEQOXgMXS0vF1gtmYVGzHSmSHa5vRL77Xmu0XZAizyUS3UWQusRIwGam8p0Nh4QksFH4n4Wt b1Mml Z9t5TB1wzprNUg0i5AXSCckjqBIRjbQS9mrO/w2TrxXAgQf Kw3DY6KnzlI=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

Latest 30 of 48 download URLs

Remove stremio_setup.exe - Powered by Reason Core Security