itunes-32.exe

Sipid

Setup Manager LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application itunes-32.exe, “Sipid Setup ” by Setup Manager has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Softpulse SoftwareBundler installer. With this installer, users are expecting to download Apple's iTunes but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Setup Manager LLC  (signed and verified)

Product:
Sipid

Description:
Sipid Setup

MD5:
8f19b54b6f8ee4707e8ce2b2e84dfedc

SHA-1:
c661c79bd55170ce5fbc3bc82d4978047d79f065

SHA-256:
de8ca12c2d3a4dc3e3d32a1dd6583e378f5cc13a8d123b464e08910775f05d3d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 4:34:02 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softpulse (M)
16.8.11.1

File size:
937.7 KB (960,232 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\itunes-32.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
12/17/2015 12:00:00 AM

Valid to:
1/15/2017 11:59:59 PM

Subject:
CN=Setup Manager LLC, O=Setup Manager LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
5B54F9A49482444F2A26324DAC8E187D

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:zRiG+3ZC4aAJFya33Vl4iggHXdbtG2x3GDMkjlQefNut8lP+nZZclKhC2IqjzvaY:zRiH3Voa3Fl4pgHXeaGRNSLZGsIt

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9333

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file itunes-32.exe has been seen being distributed by the following URL.

Remove itunes-32.exe - Powered by Reason Core Security