home

stremio_setup.exe

File

SpeedyConnector (New Media Holdings Ltd)

The application stremio_setup.exe, “File Setup ” by SpeedyConnector (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.dltoursbundles.com and multiple other hosts.
Publisher:
SpeedyConnector (New Media Holdings Ltd)  (signed and verified)

Product:
File

Description:
File Setup

Version:
5.3.4.0

MD5:
df1d1fba612b76887e6fa494cbcff07b

SHA-1:
90fa304290260cc88b3a4dfdc6746ba7a849de2d

SHA-256:
a91e9080141707763df5a3f55b8f1ae1fd61a50561632e02b6a82a08569e8699

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/19/2024 5:37:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
16.12.4.0

File size:
1.5 MB (1,547,224 bytes)

Product version:
3.1

Copyright:
File

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\stremio_setup.exe

Digital Signature
Signed by:
SpeedyConnector (New Media Holdings Ltd)

Authority:
GlobalSign nv-sa

Valid from:
3/8/2016 11:48:06 AM

Valid to:
7/2/2017 12:25:43 PM

Subject:
CN=SpeedyConnector (New Media Holdings Ltd), O=SpeedyConnector (New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121FD2D6EA2DEFFFFC3698923DA733CCD42

File PE Metadata
Compilation timestamp:
5/29/2012 8:51:48 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:0tjh8E4AEQbZXu0gva8YDSh1L+AxGMkXD6iaYBehB5nFSEq7HOZ/OKb:8aAXuvaVuh5+cGMkXD6vBRFOKb

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B8, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 56, EC, FF, FF, E8, FD, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, E8, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file stremio_setup.exe has been seen being distributed by the following 4 URLs.

http://www.dltoursbundles.com/6TcY3zJgqiPQp7M6ejuXrTVlQKqNStYMnhQhuWI90ekEEboG1c2SY QJAS6T6el26HR0dF28wtcPnKpbQBG8uWJrbVGSDVLlCIZXXbW59SWG8AV4ybwpxkQQSi5CUIexqocMTCP_5S3i5H45dlztoPf3JxdFHmWdG9DdiKv5NZd3NhnWxgyz9BnLIVgjBaJT4xqk9E9PzNGemNQHQK1HmhlBy0tjb0dqQqoOVPxP54KkwdTc9 E=-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjUuZXhlAw==

http://www.dltoursbundles.com/GnDkl7sbXaQALNidTAFfGzN6pruQMwCeBg5Fyt_TOB8DSkBovusnXbn4ljFnTfv2yjEtGLfpE91fXo5ifvxN56x MlErf7DH0fmh1rZkhkbpnN0N12E192XoWxgwHxuRKaKf QBjXDzvJKM 1cAxe_w_UsCQbNCVrPeY8dJsz1TjuKHdtu_y0XOCVD8CG0g1Bz1KQs2Ubq0QW6rXOnrNNOLoNiVZR4IDW23ifHGoWdOae0njv I=-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjUuZXhlAw==

http://www.dltoursbundles.com/iL6ax6FiE2JqLa7V4R5PqR6Wa3EC4Uuk5Lwa9H55esTTEazjJ9vtX5avjjrjuQJae7zRvX3h3yX6BSU3wrJo5THFWvzTVV_40QiCqcsKbflEPLRQjV9CUQaot skbCazasMcPISN0YmjAKuy6STOhaUMn6fWCQ5uS2EHu3g6YGoabMh4SqO5zolU6hbV1PdqmHHMUItBI1t0cfi8mEiySOaR1UrwTHj1r3fi3lHf1ZpBhGHOqKw=-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjUuZXhlAw==

http://www.dltoursbundles.com/9E9U6bxznX9FZqZO0FQkBXTX9d4P9pcaN_xio9mDBxnBAorQ_qbnN08OxuaW_PB RJ5AmTEihw_FWJc9eh cZHq1bZHYHP5IZHSQIbnXFvK4 jJ5QMnw9Go6yfAEo_9z0Qx1eMg9V568xz hbUHWrQM8NCMR7I11IFjtG2d2IvWHw3l9JjByioQ1NJLl6DGb5RdC6q pDxD_pjBlGAhGXYY5yBEfIWxW0lUCPyEXkO2Cz34QTdU=-ixGAaHR0cDovL2RsLnN0cmVtLmlvL1N0cmVtaW8gMy42LjUuZXhlAw==

Remove stremio_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.