home

itunes.exe

Sambamedia SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application itunes.exe by Sambamedia SL has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. With this installer, users are expecting to download Apple's iTunes but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Sambamedia SL  (signed and verified)

MD5:
2a69a9d822d41f69a3adaeedf9475041

SHA-1:
3073116718c60e5a06f23deea4f9e355582b1fb7

SHA-256:
b1ad79a9438f780a8db720d4697fb72a7a1cbd3fd02960531762806ff98811a9

Scanner detections:
30 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 9:14:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11812434
836

AegisLab AV Signature
AdWare.W32.Agent
2.1.4+

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.10.22

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

avast!
Win32:SoftPulse-AH [PUP]
141003-0

AVG
Found Win32/DH{gRJ UIEHeVRPFVGBFYEJHFOBE0GBDw}
2014.0.4040

Bitdefender
Trojan.Generic.11812434
1.0.20.1470

Clam AntiVirus
Win.Trojan.Agent-761383
0.98/21411

Comodo Security
Application.Win32.SoftPulse.J
19868

Dr.Web
Trojan.DownLoader11.24441
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.11812434
8.14.10.21.10

ESET NOD32
Win32/SoftPulse.J potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/AntiAV.AVAS!tr
10/21/2014

F-Secure
Trojan.Generic.11812434
11.2014-21-10_3

G Data
Trojan.Generic.11812434
14.10.24

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.184.13741

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
15.0.0.494

Malwarebytes
PUP.Optional.DomaIQ.Gen
v2014.10.21.10

McAfee
Socrydo
5600.6970

MicroWorld eScan
Trojan.Generic.11812434
15.0.0.882

NANO AntiVirus
Trojan.Win32.DownLoader11.ddviag
0.28.2.62841

Norman
Malware
11.20141021

nProtect
Trojan.Generic.11812434
14.10.21.01

Reason Heuristics
PUP.SambamediaSL.G
14.10.21.22

Sophos
SoftPulse
4.98

Vba32 AntiVirus
AdWare.SoftPulse
3.12.26.3

VIPRE Antivirus
Threat.4150696
33706

Zillya! Antivirus
Adware.Agent.Win32.11263
2.0.0.1962

File size:
1.3 MB (1,373,248 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\itunes.exe

Digital Signature
Signed by:
Sambamedia SL

Authority:
GlobalSign nv-sa

Valid from:
4/28/2014 11:13:17 AM

Valid to:
4/29/2015 11:13:17 AM

Subject:
E=contact@sambamediasl.com, CN=Sambamedia SL, O=Sambamedia SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A6F5CA8560763435DF885221AE3B200F

File PE Metadata
Compilation timestamp:
8/14/2014 4:04:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:+S6Cqp3hVbl9HxvLhgAFlMlCcmpElsnevdxK1Np:jqp3LDxdg4lMASl9dxKn

Entry address:
0x3DF6

Entry point:
E8, 09, 27, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, F4, 95, 41, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 80, 41, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, F4, 95, 41, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Entropy:
7.6726

Code size:
61.5 KB (62,976 bytes)

Remove itunes.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.