iTunes.exe

iTunes

Apple Inc.

It runs as a scheduled task under the Windows Task Scheduler. This is installed with multiple programs including Apple iTunes and iTunes. The file has been seen being downloaded from www.unlocktutorials.com and multiple other hosts.
Publisher:
Apple Inc.  (signed and verified)

Product:
iTunes

Version:
12.0.1.26

MD5:
3081748a52d6a5cfe5f974b27a1be4c8

SHA-1:
6e61697edcca7d369fb4e23be4ddb2786607eb0e

SHA-256:
09e22eb3c8acb5b92530ef96ed8d69631e04c27ea837f204fcfbf2777a412a4c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 2:30:04 AM UTC  (today)

File size:
4 MB (4,175,144 bytes)

Product version:
12.0.1.26

Copyright:
© 2003-2014 Apple Inc. All rights reserved.

Original file name:
iTunes.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\itunes\itunes.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/23/2013 5:00:00 PM

Valid to:
7/23/2015 4:59:59 PM

Subject:
CN=Apple Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Apple Inc., L=Cupertino, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47DE2F9FBF7A1D4191F45773FA113E1D

File PE Metadata
Compilation timestamp:
10/15/2014 4:07:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:HviYIvEEtC2ZQCabeEXirpafnfPTEBMV8Y:TIvEEZZQCabeEXirpavfPTOMV8Y

Entry address:
0x18EB

Entry point:
E8, 0E, 20, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, 05, 41, 00, E8, AF, 25, 00, 00, E8, DF, 21, 00, 00, 0F, B7, F0, 6A, 02, E8, A1, 1F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 60, 17, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.2562

Code size:
42.5 KB (43,520 bytes)

4 Autoplay Handlers
Display name:
iTunesBurnCDOnArrival

CLSID name:
{1A03F196-9617-4CA0-842B-A83CEECB022B}

Display name:
iTunesImportSongsOnArrival

CLSID name:
{1A03F196-9617-4CA0-842B-A83CEECB022B}

Display name:
iTunesPlaySongsOnArrival

CLSID name:
{1A03F196-9617-4CA0-842B-A83CEECB022B}

Display name:
iTunesShowSongsOnArrival

CLSID name:
{1A03F196-9617-4CA0-842B-A83CEECB022B}


Scheduled Task
Task name:
{111C767C-8CFF-4502-9196-D08580F7B0E7}

Trigger:
Registration (Runs on registration)


4 Windows Firewall Allowed Programs
Name:
C:\Program Files\iTunes\iTunes.exe

Name:
C:\Programme\iTunes\iTunes.exe

Name:
D:\iTunes.exe

Name:
H:\Itunes\iTunes.exe


The file iTunes.exe has been discovered within the following programs.

Apple iTunes  by Apple Inc.
3% remove it
iTunes  by Apple Inc.
Apple's iTunes is a proprietary media player computer program, used for playing and organizing digital music and video files on desktop computers. It can also manage contents on iPod, iPhone and iPad.
www.apple.com/itunes
9% remove it
 
Powered by Should I Remove It?

The file iTunes.exe has been seen being distributed by the following 16 URLs.

http://www.unlocktutorials.com/iCloudBypasser.exe

http://www.icloudnosurvey.com/iCloudBypasser.exe

temp:iCloudBypasser.exe