» stremio_setup.exe
Overview
Analysis
File Details
Downloads (8)

stremio_setup.exe

Komorone

Quality Funnel (Alpha Criteria Ltd.)

The application stremio_setup.exe, “Komorone Setup ” by Quality Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.stockdeliveryapplication.com and multiple other hosts.

File name:

stremio_setup.exe

Publisher:

Quality Funnel (Alpha Criteria Ltd.) (signed and verified)

Product:

Komorone

Description:

Komorone Setup

MD5:

f18e1dbb54a98f5095db892310a97cd9

SHA-1:

c39180793cf19af5dbe491aae342a0683f7a3262

SHA-256:

22a2dd7b514e02a6cadd3d7a221ef42e425c2a5497a664efed658e3536978a5f

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/15/2024 10:44:21 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC.Installer (M)

16.7.11.2

File size:

1.1 MB (1,136,560 bytes)

Product version:

2.3.5

Program

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\users\{user}\downloads\stremio_setup.exe

Digital Signature

Signed by:

Quality Funnel (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 2:30:27 PM

Valid to:

8/4/2016 5:03:40 PM

Subject:

CN=Quality Funnel (Alpha Criteria Ltd.), O=Quality Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121375EF70E495146E71E4ED38C778E06A7

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:oiR7mzN7peWjUglcKk+XnB6w59sAXAQ0G6OR7qlvcAb+H:lxmZfUgIWnB6w/sAwQD6GqeA

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file stremio_setup.exe has been seen being distributed by the following 8 URLs.

http://www.stockdeliveryapplication.com/mksZrfbPxRXhViBfdlhK1JY6rcDXMNJAraVRILvrkjqQYVSFbPVMrUCRwsFstdk5JCCJgeHal7II 1HG14aI0S9ZSgtHFFsd_1 C5aTN7fqCwcWNPmbcQYXikPjbxO_3MJtwllF1XWl8qKziB1B846aIy9r8jD_iWKd8uho8kSnw45peXDlyYb9RxHqGPj6JhHiVkgImXBJddY4Z1NtFlpiD8xpD 2LpQq3xL0DaxClQyRuLwk4rSaeQKhKKptnXCQfIq83c-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjIuZXhlAw==

http://www.stockdeliveryapplication.com/IdGhAFP4_vP5uLmzoSSLsReyLYELI0CUBWDOp9G5JuLjRjjFEsCWquUr0ahHuUHnG4GYJqnLlH3VsU4Zkl0eUqJMBYOOM36dCq vA5Btb_iianWrrPI SHoheNn0jsuQgkajEKlExdbPtlBsK2D XQ0Jp1r173WAwfp8J33rWJ41 1ZOwV8nS8FwOA30kFREmBzqu5iz9tc_oxbAYHYkiHiK0qRqPV1nmvHv2zujW Ch2ZHooFHvDpj5X13bNgFIWFx_LleV-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjIuZXhlAw==

http://www.stockdeliveryapplication.com/gBdsZT0cN mWGUUETBqtr_6Im5T1_e_h1WekZax3Lz1wGamaXVUSbwZHGxPeh19UMLnDPuGLVQJubOS D9IOuZd3Ib6YsYbM6aY5aweXr4jL rYacQR V7U1jLzPzI_fHMwfRQSj55YobfPfHrc0pyD5eTzp5P0e7N9WEZOi7 0JsYCSKfm4XxSim3rzeAZrB30diqmFgQIHbE6I 1OXd50R65DUOHBMk4j7JjQKufO KQm2En2jvrI3BKv9OadcexnuJB -ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjIuZXhlAw==

http://www.stockdeliveryapplication.com/Jc98Yu8P3Rc4F5276j8IhKW366nn2egDojlkr7DfFjf2fVK a2mHqJGji93jbCNCRPMvR1S1tPwj_gNkkHoDl3p9CEwnUHBoAtMLTSVAQ3_SZPjUSKk0 Opr0_vbAFK6EISDxwvVSy_1w5JQuGmW3t2v1fTUOAX6eSMKd_Nj4LRPWtDkKfSwLdcFUjcCUbSawGIvEWUy edlmuEvJhIiDTV6K6RLBVSlifO CWS2hO0sNxUj4Ws2IFZTHlvW0WRJlyOg9kaM-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjIuZXhlAw==

http://www.strem.io/download?platform=windows&now=1468182401347

http://www.conceptsnewvaults.com/c?x=M11OE1fBfC1tu9p5D F9SQtevPt5AOGwZOyFYVe764A=&c=JbYKVArWC5tTRr4okUPwI0RH41 8W06DwyPoXgirXzSS9C5pU41lXFlJss7Z33U8Hk7Ak2oDMK6O2bCXW0 bCXUmlIgrMq1YUV8poCmNAVjb1bBOWGHvgaxwm1 Zl7oVHFisWOQo3VaHZjgeJdsb9pdSuzzSrVHJQXt X63AoQE=&downloadAs=Stremio_Setup.exe&fallback_url=http://.../Stremio 3.6.1.exe

http://www.stockdeliveryapplication.com/gSN9iSXKJnvzzMSbt_wmyL6zT1d_pjCtSug_BkmNr7glPsbz7cb2dDSSdUGJg9dhaN25kxHTe_tPlOTVQ_K2J0SSHQ 4jpv_NoXdld41NCT61kFPTfEAoUMhbxQ5vahtN46QZrg_zBGaKLxhRftrB8ktG S3BN2D5G__Pv3uGk_ XlF9FCyGrgfRuRY785bWvSREa37LBKbaf736CnNj6jHEJTAZiCwA6PN778wzgr996b FIkP5mSPo8iFQZUvmmEQTFluN-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjIuZXhlAw==

http://www.stockdeliveryapplication.com/ tUsR0owup5zgz _hRKIbdk_0kpjxLJd2A8YTEPQRge07kqX6hxU7bXfgNz9jqrtz2vwIzkCq4ndBXiOO4mhNqs7I434JQGrB9h7SMoeoB9Z_dq0eKnbdZrY3T_sk0y_iExaK46rdhGYySGvJTj_WxYdZzobk5fMk4Ustx6CZTBCNpVMx3UAujZF76JkIreU06tRCqfRNuFuRsKl p2CIKfPF1OrB UDVSYwtDJ j88nQkQiaYHnhyJ s_ZYu5kOXMAMcSsB-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjIuZXhlAw==

Remove stremio_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.