home

stremio_setup.exe

Soft Internet

SpeedyConnector (New Media Holdings Ltd)

The application stremio_setup.exe, “Soft Internet Setup ” by SpeedyConnector (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.dltoursbundles.com and multiple other hosts.
Publisher:
File Stub   (signed by SpeedyConnector (New Media Holdings Ltd))

Product:
Soft Internet

Description:
Soft Internet Setup

Version:
3.5.3.3

MD5:
d2ae945c14fa40467cc7bec8d217de3b

SHA-1:
82b5a0caaa022d55a866b4c73334eadb68c4080d

SHA-256:
36233185b28788b5fd638907facf5263414882f159e0985f81f8b34430755639

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/27/2024 9:07:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
16.11.22.0

File size:
1.5 MB (1,549,792 bytes)

Product version:
4.7

Copyright:
Installer Program software

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\stremio_setup.exe

Digital Signature
Signed by:
SpeedyConnector (New Media Holdings Ltd)

Authority:
GlobalSign nv-sa

Valid from:
3/8/2016 11:48:06 AM

Valid to:
7/2/2017 12:25:43 PM

Subject:
CN=SpeedyConnector (New Media Holdings Ltd), O=SpeedyConnector (New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121FD2D6EA2DEFFFFC3698923DA733CCD42

File PE Metadata
Compilation timestamp:
10/13/2013 5:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:NXGza/VbBYiuglpgXbZOksZruflXHAfmsLcHum+Bc2iMFM2ok8zPK0PSpLmUoDA2:kW/VbxlpgX9qZruflALrm+S2i2QzPK0x

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file stremio_setup.exe has been seen being distributed by the following 3 URLs.

http://www.dltoursbundles.com/PvmMxTXVbpd2MhPEfo4Z00ahlyS3nEafkHiRXMQ7BrSSWrOn 4uoHgrqaJJk77lxmVlWTmYriZOj3YYvtd5dwGSzP1nkbVxY u9wnQTOi8PVVKdBVHJEsJ2ao3Sr9M3wyej5WWMS4phNBy5p5lUfpstN4_62U_yaszeTLT_bkb3IU1paDl PZGgXfRopnX2iOET0mt XrOn_cC_tmD3giXRUWvejJbFJZln49X8_47VPuyd1CGw=-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjUuZXhlAw==

http://www.dltoursbundles.com/sme7FGnOyCJUVHOWW8wMC0FyUT23nuH6p5XOE 6FV3WW3brFMFEXt5_Hq98WiTzUAH_euOTPLE8Cz5TILQWmZn8TzUreCIO2u8yt7Gb hek1qoebZEBUuSHNav1lf A61e85ycOD2i6Ca2 W2OxjLYTAzDWnHLwAubcIul1KMPSXLtlwY9lAy6nssldpsKPIrqMxdpmTQqKVLQ3IYGMzu33mnJdPONB8pR04oDZRB6VvKlxnRjY=-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjUuZXhlAw==

http://www.dltoursbundles.com/NqsWq73HbARc0aa4AKsRmdyMdEZoQOxF9QxAZaPhc_VEPTaytapUDtDBilizPPEV1_H 39Sm6 6pqJnKu_TW0g4vPvxqyhJUdidHiivKnnhCxleguQytnnF4A7V 6lawiZ_kmIpQHCy Ep06WHcaaHwNFk6boo6G6pYYh3FJzf 01pKTpjBbQf48SgzD YhnS0xvcdwo7_AshxJldHuwEnXfs4nd6EVr6lzCOwCQtDfVm0jw8Y=-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjUuZXhlAw==

Remove stremio_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.