itunes.exe

The application itunes.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from www.1freedown.com.
MD5:
44950c82db583c1d2003bdac9784ab19

SHA-1:
ecbc274dd5b8c9c785b8da2797b4ef1ea63f57c5

SHA-256:
f73fb9f801822a29bc22684dbf24adc9f594f124443f52bd5b1402b1517f14c2

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/30/2024 11:38:31 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.08.15

Avira AntiVirus
APPL/Downloader.Gen
7.11.167.110

avast!
Win32:Adware-gen [Adw]
2014.9-160716

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.16716

Dr.Web
Adware.Downware.2081
9.0.1.0198

ESET NOD32
Win32/OutBrowse
10.10258

Fortinet FortiGate
Riskware/OutBrowse
7/16/2016

F-Prot
W32/Outbrowse.B.gen
v6.4.7.1.166

IKARUS anti.virus
AdWare.Downware
t3scan.1.7.5.0

NANO AntiVirus
Trojan.Win32.Generic.cthmwf
0.28.2.61519

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
Adware.Generic.AT (M)
16.7.16.6

File size:
966.2 KB (989,371 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\itunes.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:SxotnqUABc227+aoloS07p+V0ahIDiZlj9zWKwE6BZ70:2oZqrBcH7+aqoSggSahQiZ1FZwpZ70

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9251

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file itunes.exe has been seen being distributed by the following URL.

Remove itunes.exe - Powered by Reason Core Security