home

itunes.exe

SetupWizard

Volvan Premium SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application itunes.exe by Volvan Premium SL has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The installer is marketed through download protals and search ads as Apple's iTunes but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Volvan Premium SL  (signed and verified)

Product:
SetupWizard

Description:
Setup Wizard

Version:
3.4.5.2

MD5:
2f66c98cf5a1fc238903a54f2de58798

SHA-1:
090c05a281d2354101eb3665afcf20590d8a3f27

SHA-256:
a9cfa844f26766531bf48b16ae11d749abd8ee71227a7f8c1f414a31ab4ba8bc

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/1/2025 3:18:44 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.SoftPulse.F
6354578

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2015.01.20

Avira AntiVirus
TR/Agent.982304
7.11.203.36

avast!
Win32:SoftPulse-CM [PUP]
150102-1

AVG
Generic
2016.0.3224

Bitdefender
Application.Bundler.SoftPulse.F
1.0.20.95

Clam AntiVirus
Win.Adware.MultiPlug-31138
0.98/19949

Comodo Security
Application.Win32.SoftPulse.D
20773

Dr.Web
Adware.SoftPules.3
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.SoftPulse
9.0.0.4799

ESET NOD32
Win32/SoftPulse.S potentially unwanted application
7.0.302.0

F-Prot
W32/S-7d1c0da9
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.SoftPulse
5.13.68

G Data
Application.Bundler.SoftPulse
15.1.24

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.191.14689

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
15.0.0.543

McAfee
Program.SoftPulse
16.8.708.2

MicroWorld eScan
Application.Bundler.SoftPulse.F
16.0.0.57

NANO AntiVirus
Riskware.Win32.SoftPulse.djopku
0.30.0.64448

Norman
Application.Bundler.SoftPulse.F
03.12.2014 13:20:04

nProtect
Trojan/W32.Buzus.983488
15.01.19.01

Panda Antivirus
Trj/Genetic.gen
15.01.19.09

Reason Heuristics
PUP.Installer.Solimba
15.1.19.20

Sophos
PUA 'SoftPulse' (of type Adware)
5.09

Vba32 AntiVirus
Downloader.Agent
3.12.26.3

VIPRE Antivirus
Threat.4150696
36666

Zillya! Antivirus
Adware.SoftPulse.Win32.16
2.0.0.2039

File size:
960.4 KB (983,488 bytes)

Product version:
3.4.5.2

Copyright:
Copyright (C) 2014

Original file name:
SetupWizard.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Spanish (Spain, International Sort)

Common path:
C:\users\{user}\downloads\itunes.exe

Digital Signature
Signed by:
Volvan Premium SL

Authority:
VeriSign, Inc.

Valid from:
8/19/2014 8:00:00 PM

Valid to:
8/20/2015 7:59:59 PM

Subject:
CN=Volvan Premium SL, O=Volvan Premium SL, L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
248F413947247E20924C496ECEB61F8A

File PE Metadata
Compilation timestamp:
11/28/2014 7:52:44 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:zob9GXioEE6FY5fQ5emJYeXOxXzF6oHU9gf8:zohGXiBE6FY1ps656tgE

Entry address:
0x118E6

Entry point:
B8, 30, F2, 56, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 2A, FB, B6, 3A, 1C, 64, E5, 8A, D4, C7, FD, 61, 8E, E7, E8, E9, B4, 0A, 4C, 91, E3, 22, 20, 39, CE, 45, CE, CE, D5, D6, F9, 25, BA, 89, 97, 3F, 4A, 32, 73, 92, 1D, B4, B7, 8A, F2, 3B, 40, A1, 0F, E4, 3F, D9, FE, 2B, 6B, B2, B7, A5, 26, 45, CE, 8D, E0, 84, 93, B3, 69, C6, 53, 90, 23, 6D, D5, 49, CE, 85, 4B, 61, DE, F6, 6E, 89, 8A, CA, BC, 33, 93, 9E, E5, F0, CE, 8F, 6E...
 
[+]

Entropy:
7.9777

Packer / compiler:
PECompact v2

Code size:
155 KB (158,720 bytes)

The file itunes.exe has been seen being distributed by the following URL.

http://ttb.files101.com/download/request/.../9RRyPe4A?__tc=1417391096.357&keyword=itunes&affid=69781&rid=f149c6173dc884ac5e9099a7d7391961&fileName=itunes

Remove itunes.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.