download-itunes.exe

Covus Freemium GmbH

The application download-itunes.exe by Covus Freemium GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as Apple's iTunes but will also install additional software offers which include adware, PUPs and browser toolbars. The file has been seen being downloaded from dc606.4shared.com.
Publisher:
Covus Freemium GmbH  (signed and verified)

MD5:
1a3eb0b0eb54c8e6cfacabdb878a62b5

SHA-1:
0022b79d9d27c05ab834308fce9242ff22dead25

SHA-256:
7a08f63a05c601748543e3b9aaa0ae1f891c7f043b63431990f5f57f76b8fd1b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Includes bundled offers in the installer/download manager that include adware components such as Best-markit, and Search Protect (ClientConnect).

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 1:24:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Covus (M)
17.3.13.5

File size:
584.6 KB (598,616 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
English (United States)

Common path:
C:\users\{user}\downloads\download-itunes.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/28/2013 6:21:57 AM

Valid to:
1/29/2015 6:21:57 AM

Subject:
CN=Covus Freemium GmbH, O=Covus Freemium GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211DBCB8A07ED407612FC406EFD259BE29

File PE Metadata
Compilation timestamp:
12/9/2014 2:30:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x22931

Entry point:
E8, EC, 66, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, EB, 14, 00, 00, 6A, 16, 5E, 89, 30, E8, 8F, 14, 00, 00, 8B, C6, E9, 8F, 00, 00, 00, 57, 39, 5D, 08, 77, 13, E8, CF, 14, 00, 00, 6A, 16, 5E, 89, 30, E8, 73, 14, 00, 00, 8B, C6, EB, 75, 33, C9, 39, 5D, 10, 88, 1E, 0F, 95, C1, 41, 39, 4D, 08, 77, 09, E8, AC, 14, 00, 00, 6A, 22, EB, DB, 8B, 4D, 0C, 83, C1, FE, 83, F9, 22, 77, C9, 8B, CE, 39, 5D, 10, 74, 0B, 33, DB, 43, C6, 06, 2D, 8D, 4E, 01, F7, D8, 8B, F9...
 
[+]

Code size:
320.5 KB (328,192 bytes)

The file download-itunes.exe has been seen being distributed by the following URL.

https://dc606.4shared.com/download/.../download-itunes.exe

Remove download-itunes.exe - Powered by Reason Core Security