itunessetup.exe

01net

The application itunessetup.exe by 01net has been detected as a potentially unwanted program by 42 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
01net  (signed and verified)

MD5:
ceb0b11b84c8fba2275ffa878eaef9f1

SHA-1:
2ce708252c95d7b41d6c1a4ff152a48785485d94

SHA-256:
45da3c8f61afa61fb79983f889d0f44ecd6afde3b62ab70bbd78ba29f7b8b4da

Scanner detections:
42 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
11/5/2024 10:16:54 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Parite.B
754

AegisLab AV Signature
W32.Sality
2.1.4+

Agnitum Outpost
Win32.Parite.B
7.1.1

AhnLab V3 Security
Win32/Parite
2014.07.18

Avira AntiVirus
W32/Parite
7.11.30.172

avast!
Win32:Parite
2014.9-150112

AVG
Adware Toolbar
2016.0.3232

Baidu Antivirus
Virus.Win32.Parite.$b
4.0.3.15112

Bitdefender
Win32.Parite.B
1.0.20.60

Bkav FE
W32.Clod8f1.Trojan
1.3.0.4613

Clam AntiVirus
Heuristics.W32.Parite.B
0.98/19185

Comodo Security
UnclassifiedMalware
17579

Dr.Web
Adware.Babylon.15
9.0.1.012

Emsisoft Anti-Malware
Win32.Parite
8.15.01.12.11

ESET NOD32
Win32/Toolbar.Babylon.A potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
W32/Parite.B
1/12/2015

F-Prot
W32/Parite.B
v6.4.6.5.141

F-Secure
Win32.Parite.B
11.2015-12-01_2

G Data
Win32.Parite
15.1.24

IKARUS anti.virus
Virus.Parite
t3scan.1.6.1.0

K7 AntiVirus
Virus
13.180.12763

Kaspersky
Virus.Win32.Parite
14.0.0.2653

Malwarebytes
v2015.01.12.11

McAfee
W32/Pate.b
5600.6888

Microsoft Security Essentials
Threat.Undefined
1.179.317.0

MicroWorld eScan
Win32.Parite.B
16.0.0.36

NANO AntiVirus
Riskware.Win32.Babylon.craswq
0.28.0.57029

Norman
Pinfi.A
11.20150112

nProtect
Virus/W32.Parite.C
14.07.17.01

Panda Antivirus
W32/Parite.B
15.01.12.11

Qihoo 360 Security
Virus.Win32.Parite.H
1.0.0.1015

Quick Heal
W32.Perite.A
1.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.12.11

Rising Antivirus
PE:Win32.Parite.b!16043
23.00.65.15110

Sophos
W32/Parite-B
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10120

Total Defense
Win32/Pinfi.A
37.0.11065

Trend Micro House Call
HV_ZYX_CB2402E8.TOMC
7.2.12

Trend Micro
PE_PARITE.A
10.465.12

Vba32 AntiVirus
Virus.Win32.Parite.b
3.12.26.3

VIPRE Antivirus
Babylon
22470

ViRobot
Win32.Parite.A
2011.4.7.4223

File size:
67.2 MB (70,508,120 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\itunessetup.exe

Digital Signature
Signed by:

Authority:
Ascertia

Valid from:
1/17/2012 4:31:00 PM

Valid to:
1/16/2013 4:31:00 PM

Subject:
CN=01net, E=rbertoux@groupe01.fr, C=France

Issuer:
CN=Ascertia Public CA 1, O=Ascertia, C=GB

Serial number:
0122BF3B7A1A7BE7CB

File PE Metadata
Compilation timestamp:
2/1/2012 7:48:48 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1572864:B3G7Pah8dkOEq8gusnpSmdKYRquY7RgBf6HDkEwQj:B3G7aLOEq8guGQl7GVM

Entry address:
0x1762

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 38, 02, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 34, 02, 00, 00, 56, 57, 33, FF, 57, FF, 15, 40, 40, 40, 00, 6A, 0A, 8B, F0, 68, E8, 41, 40, 00, 56, FF, 15, 5C, 40, 40, 00, 3B, C7, 74, 16, 50, 8D, 44, 24, 20, 50, 8D, 44, 24, 20, 50, 56, E8, 61, 03, 00, 00, 83, C4, 10, EB, 05, B8, 16, 07, 00, 00, 3B, C7, 0F, 85, BB, 00, 00, 00, 8B, C6, 8D, 4C, 24, 20, 89, 7C, 24, 08, 89, 7C, 24, 0C, 89, 7C, 24, 10, C7, 44, 24, 14, 03, 00, 00, 00, E8, 23, F8, FF, FF, 3B, C7, 0F, 85, 94...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

Remove itunessetup.exe - Powered by Reason Core Security