» itunessetup.exe
Overview
Analysis
File Details

itunessetup.exe

Monarch Downloads

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application itunessetup.exe by Monarch Downloads has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. The installer is marketed through download protals and search ads as Apple's iTunes but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

itunessetup.exe

Publisher:

Monarch Downloads (signed and verified)

MD5:

20262cff366b9c02f08cdafc349ffd82

SHA-1:

d64a9348c6001ca8c19a1786faa81470e5bddeea

SHA-256:

b0f5c9e97d778020a1cf3e58173aa3799e4e584cd90470f6dbe00b4ec4f248e0

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/27/2024 12:58:18 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Adknowledge (M)

17.3.13.18

File size:

111.8 KB (114,520 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion (using Nullsoft Install System)

Common path:

C:\users\{user}\downloads\itunessetup.exe

Digital Signature

Signed by:

Monarch Downloads

Authority:

COMODO CA Limited

Valid from:

3/23/2014 8:00:00 PM

Valid to:

3/24/2015 7:59:59 PM

Subject:

CN=Monarch Downloads, O=Monarch Downloads, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6ED4FE307D4F8068EFCDF769A3803C67

File PE Metadata

Compilation timestamp:

5/11/2014 4:04:44 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x322E

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 58, AF, 47, 00, E8, 9F, 2E, 00, 00, A3, A4, AE, 47, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, B8, 01, 44, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, A0, 2E, 47, 00, E8, 0A, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, B0, 4C, 00, 50, 53, E8, F8, 2A, 00, 00... 
[+]

Entropy:

4.7024

Packer / compiler:

Nullsoft install system v2.x

Code size:

24.5 KB (25,088 bytes)

Remove itunessetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.