» itunes.exe
Overview
Analysis
File Details
Downloads (1)

itunes.exe

Fakadal

BULLY UNITY LTD

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application itunes.exe, “Fakadal Setup ” by BULLY UNITY has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as Apple's iTunes but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

itunes.exe

Publisher:

Nofedu (signed by BULLY UNITY LTD)

Product:

Fakadal

Description:

Fakadal Setup

Version:

2.3.3.8

MD5:

d0ca5cbd5f73cd7e6a9882cbdaf80ad2

SHA-1:

9cd8cb5736da059eaf69d8c96cb7e4e2c67eb6e5

SHA-256:

2dd847a00c59d839ef0dcf2d6b38d848508d7e67b1c1bb6bf57963a04fc17fdb

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/23/2025 11:35:22 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

17.3.14.10

File size:

1.5 MB (1,612,496 bytes)

Product version:

1.0

Application

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\itunes.exe

Digital Signature

Signed by:

BULLY UNITY LTD

Authority:

GlobalSign nv-sa

Valid from:

8/9/2016 6:55:02 AM

Valid to:

8/10/2017 6:55:02 AM

Subject:

CN=BULLY UNITY LTD, O=BULLY UNITY LTD, L=Jerusalem, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:

60FCAE84E0126FC8F49EC1AD

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file itunes.exe has been seen being distributed by the following URL.

http://www.bestmetagrab.com/4i67Ce3 uhb6tbPZWroOn8UDM5FW8cVj650sb7 imeXCLssfT1FDYUAgGIaOtBQ5V40GiRfFnFI vhhf Dbo5HIqXBSO2iDCArDCciw0z5W7SaxQGiAu_9 XeOSy0aLEckVemGDwbMaAruFUwbDZRSKhugSUG4CK0igVYH04M9UdVH6gih4D4KRArjIWhqmN9ctN_Nkx-G2gAAORte69pY0lrioWEQwtTyCkHDq2ogDLJ6fM7D n4o0T6doxrfGiWy4ObIDnv4yPad7J jj4qjd6pWIIa3IAzgpahVaifVd 8TIz6

Remove itunes.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.