itunes_x64_rus_setup.exe

Interactive Install

LiveSoftAction

The program utilizes the Appscion Download and Install manager, an adware distribution bundler from SIEN SA. The setup program includes ad-supported toolbars and utilities. The application itunes_x64_rus_setup.exe by LiveSoftAction has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer. With this installer, users are expecting to download Apple's iTunes but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Live Soft Action S. R. L.   (signed by LiveSoftAction)

Product:
Interactive Install

Version:
8.31.4.2

MD5:
d577a85044711c46f422c638f96ae229

SHA-1:
671b36e7c5fed9e5676a0502e72bc70abf5aa41c

SHA-256:
f6b01f5f7df5b29066c82ccce7d4df6a3780d08fff3f262d7865b6968c163405

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a modified installer that uses the Appscion to bundle adware.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 4:16:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien.LiveSoft.Bundler (M)
16.5.15.18

File size:
746.4 KB (764,352 bytes)

Product version:
8.31.4.2

Copyright:
(c) Live Soft Action S .R .L . All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\downloads\itunes_x64_rus_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/13/2013 3:00:00 AM

Valid to:
12/14/2014 2:59:59 AM

Subject:
CN=LiveSoftAction, O=LiveSoftAction, STREET="Str. Dionisie Lupu, Nr. 64-66, Et.", L=Bucharest, S=Bucharest, PostalCode=010458, C=RO

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2CAFD284C3B4147AD3E7601989FCCF42

File PE Metadata
Compilation timestamp:
7/31/2014 11:54:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:ZKxuKD5tDwtHxKOOz0K49D/VdrSuysmpsV6+WIsz5PTp1YRX6CEqgzwUy90xN:ZKxVD5tEHxKn4K49jVlLdq+xs9TpSoJz

Entry address:
0x1C7040

Entry point:
60, BE, 00, 50, 52, 00, 8D, BE, 00, C0, ED, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
652 KB (667,648 bytes)

The file itunes_x64_rus_setup.exe has been seen being distributed by the following URL.

Remove itunes_x64_rus_setup.exe - Powered by Reason Core Security