home

stremio_setup.exe

Komorone

Quality Funnel (Alpha Criteria Ltd.)

The application stremio_setup.exe, “Komorone Setup ” by Quality Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.strem.io and multiple other hosts.
Publisher:
Quality Funnel (Alpha Criteria Ltd.)  (signed and verified)

Product:
Komorone

Description:
Komorone Setup

MD5:
ae58fca34bd14eb888aabe289e048b0d

SHA-1:
cd5e67d53eccde8010dfe060379869268387672c

SHA-256:
4685fd6c2a5f20831e78f25fb13f55106e0f4aeffd57872c2147b5c82f310e25

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/15/2024 10:54:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.7.11.0

File size:
1.1 MB (1,136,560 bytes)

Product version:
2.3.5

Copyright:
Program

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\stremio_setup.exe

Digital Signature
Signed by:
Quality Funnel (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 10:30:27 AM

Valid to:
8/4/2016 11:03:40 AM

Subject:
CN=Quality Funnel (Alpha Criteria Ltd.), O=Quality Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121375EF70E495146E71E4ED38C778E06A7

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:ziR7mzN7peWjUglcKk+XnB6w59sAXAQ0G6OR7qlvcAb+H:WxmZfUgIWnB6w/sAwQD6GqeA

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file stremio_setup.exe has been seen being distributed by the following 3 URLs.

http://www.strem.io/download?platform=windows

http://www.stockdeliveryapplication.com/imI 1lhYTfnwa481MmA3KsRjVKtWFDqCYmoaShuZYzpGCurxGQ0o7CsSUsJSwZx8k8MB3VNSpYO9AUIcFjG5U88yUwyFBKX7NN1dOm4eIgYqyc7ZnFro ymzMqiglKAm6sOcFayRQubGAqtBCZMXyEiguygzt2n_DDJMrnq9FmmFuLUhH5VqeaDUneIZjeCu 3cCeHFcLctkKSFkDlLTgWAmhG6R dAY5oCcVv6i_atobr q1EIB0kxGnG4l5OQ6wyfujv18-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjIuZXhlAw==

http://www.stockdeliveryapplication.com/GRI3gCIe2q55ky4teIm9s86Nc9_3iKtMD0M7uTFkFKPZxgVOU0YRcK2V2P7dgkFEDH4b6ttc6mRP1vhcueWSFkZg0qF5MfsNe9xqG9AZH4MU5zu 5SdMNTw9uNRSgwWwCFRNTWCY10BtA7_3KvLJy3YNwS4n5r5DX1eOHzrwIiUZGK36xQJZ2zltJIAsryjxz6TpBfLLUvHeoplPhGuT u4Z5vDfhVDaVEm2dmwhOZ069vM xo7YNigBZeyY3DBB0HYkk1nK-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjIuZXhlAw==

Remove stremio_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.