» itunes.exe
Overview
Analysis
File Details
Downloads (1)

itunes.exe

Mefal

BeamPlatform (New Media Holdings Ltd.)

The application itunes.exe, “Mefal Setup ” by BeamPlatform (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as Apple's iTunes but will also install additional software offers which include adware, PUPs and browser toolbars. The file has been seen being downloaded from www.applicationsdeliveryupdate.com.

File name:

itunes.exe

Publisher:

BeamPlatform (New Media Holdings Ltd.) (signed and verified)

Product:

Mefal

Description:

Mefal Setup

MD5:

860259cb548f28e0e6c85f935d9c5704

SHA-1:

a1c349475d120326962d088a4010792796380d67

SHA-256:

accf0b9349752a073068a03c3d137bb279c1e41f523fd806a4bcf20ba8fb0813

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

1/13/2025 5:16:42 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.NewMedia.NMH (M)

17.3.8.17

File size:

1.4 MB (1,478,152 bytes)

Product version:

2.3

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\Pictures\itunes.exe

Digital Signature

Signed by:

BeamPlatform (New Media Holdings Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

3/16/2016 11:08:35 AM

Valid to:

5/23/2017 10:16:57 AM

Subject:

CN=BeamPlatform (New Media Holdings Ltd.), O=BeamPlatform (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D8E01F3C9FE4D29F03B8E69514849785

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xAA98

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9882

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

40.5 KB (41,472 bytes)

The file itunes.exe has been seen being distributed by the following URL.

http://www.applicationsdeliveryupdate.com/foY7C9a9nScbShihtsMRxwbtyfGwak8IhsAnHxrh1HswaZvKgXoiSV_Bl0BgsDAu5l1 NH7T6Fb_weP_TCalkGxJh3IS_mCIpVQ2Bn36us8wUjoZxslHSzlWjuSEnpIjxMf1NNivheLISEWy4xRwU0J2bT4In5ZCrxWDL7ju8DmPPBmpdL45j_3RE vitvYYpPd3oCyYd4jfQ5cN9Rd e R6eIB_HncNHYvjZJuSXhUoU0P1E3q__SwAKSPsnQrJdlPLEmczKocl3CxuVoyAPdHzuL5xkddwGmgSrMta83vTxc5cnuRZV4asQ39UJu71SM7Mc3sJ938dTGVRe_V0Ei9C0ZOOWeIfmDlPgr7Nx05vEpCPhFJJ1LjifCRy qkC8LUAQCCgbS9olv6UL2d67BxdL24LlAkPxHYOuYZcr77m6Wrkef90xpyHyXjJ7yZxEUpbmv0If114G70iO STI3w KQzf4JqVY1WSXCSkp0USf2eUaJe2FSDg6tKYCtSN8xfs jLA Idb he9fI_U2jbWoqR7Qbq_CzPpayR0xknsAf_F2L50oVj36Nbiyrn3A2 0JxGPDXFcvPx4KmAy4D_bRhAj1gwepdlQOVJzCWlYdRNqHcvir6AKf vxz3ByEQ6KcX-G3EAAGTpGtJ20Zog94CdsAEHLlti44CD2HuMLWM5pJjc3_c CdkDx4bU61wjoUl2DPezNhfjhAoGVlMl 7xqxhmHELiWQmnwiUVgLOGJjoMXyVmeo6chkKES6dLcz47N3wA=

Remove itunes.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.