itunes_agent.exe

Selodeka

Dov gil Management Ltd.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application itunes_agent.exe, “Selodeka Setup ” by Dov gil Management has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download Apple's iTunes but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Dov gil Management Ltd.  (signed and verified)

Product:
Selodeka

Description:
Selodeka Setup

Version:
4.2.3.4

MD5:
a41a55b158b120e309363ed75dfc4761

SHA-1:
70e1d1b77ef8733c55a147c91f161bc152b6797f

SHA-256:
6077ddcadbaf45703353dfd6f77eacd7203f926191d84b8f95384a541acede88

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/24/2024 2:26:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.12.15

File size:
972.1 KB (995,384 bytes)

Product version:
2.7

Copyright:
Installer Program fast

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\itunes_agent.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/25/2016 2:55:19 PM

Valid to:
2/25/2017 2:55:19 PM

Subject:
CN=Dov gil Management Ltd., O=Dov gil Management Ltd., L=Petah Tikva, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112122DD56D12EE23B1F04CC8EDD5FC6C88B

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9017

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file itunes_agent.exe has been seen being distributed by the following URL.

http://www.safeapplicationfun.com/AUOHtEAC2Oxg7IgX0R6iPJUbu05UrT9ILIzXjrY5GyY deNvMOKWT6K2EMODj6qg6V8U3mQWbL7RseKo YKnxGywmB86S_vH60_cmYJBpDPCGfeNTuH4sj_j7Iy9LmbhXritnrWAO5VM7S9vc22VagdeeSiN7R89pAkGrZKSiuxQlk_X48KQLvywx0OE6Qh3eUfPwVn5bz6EXbCR pz5oDwkneZ5NUDBh2MRGO dcWcZiVPXwA32_9jSFrq7wDi0XvtmdNOWQhLnL5WrUb_yw79C633RXj0BBsZrSVjhiIREUdl_ueOSjFgRa2mbQar6fgQTxiQfN5GKqkZQN4tBG5LBPbvIKcs6 SEV6w5MiKKz8l1Be3stI_lxvykCF9J9 0AfOG R4sYSRStAFHGLJoREX4qHRKS5GxQnGgYtR8ADHk4Z76JcAOdyE4FYeqLjSeyUF4y pdbU_NoF60Tg2VMj0oSbRQlyPpoaaY2mKz7PAIrIw4VhMSwrqj65cddnSwEthr9RAbNEK9vA9c8vehoZDRxNeA==-G4wAAOR2tk1npCQxXCLLfkn6buDrODc4gQCx3wbKBxlkXXXA9Ybvai_FSD4H38adn551qcVlh9jA44l8FnhCT1Ar9AwpEs2b9RFc0bfp_ipzIcsw4JGBdKOQpOkVn88fEhZmBw==

Remove itunes_agent.exe - Powered by Reason Core Security