» itunes.exe
Overview
Analysis
File Details
Downloads (1)

itunes.exe

Software Updater

Install Manager

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application itunes.exe, “Software Updater ” by Install Manager has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The installer is marketed through download protals and search ads as Apple's iTunes but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

itunes.exe

Publisher:

AirInstaller (signed by Install Manager)

Product:

Software Updater

Description:

Software Updater

Version:

2.0.49.0

MD5:

89d29abd26890f62113751553f1939e3

SHA-1:

b4c5c13aa2c3b5c2540ed55094039d0b1fe7f517

SHA-256:

90fe652d260a40d140f8b59da18892bf4fa93fe30c018261924caf694fba448c

Scanner detections:

28 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 6:17:47 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.AirInstaller.2

6463993

Agnitum Outpost

PUA.AirAd

7.1.1

Avira AntiVirus

Adware/InstallCo.zka

7.11.211.248

avast!

Win32:Adware-gen [Adw]

150101-1

AVG

Adware BundleApp_r.AK

2014.0.4257

Bitdefender

Gen:Variant.Application.Bundler.AirInstaller.2

1.0.20.260

Dr.Web

Trojan.SMSSend.5388

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.AirInstaller

9.0.0.4799

ESET NOD32

Win32/AirAdInstaller.A potentially unwanted application

7.0.302.0

F-Prot

W32/S-227f52f6

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2015-21-02_7

G Data

Gen:Variant.Application.Bundler.AirInstaller

15.2.25

IKARUS anti.virus

not-a-virus:AdWare.AirAdInstaller

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.197.15042

Kaspersky

not-a-virus:AdWare.Win32.AirAdInstaller

15.0.0.543

Malwarebytes

PUP.Optional.AirAdInstaller

v2015.02.21.03

MicroWorld eScan

Gen:Variant.Application.Bundler.AirInstaller.2

16.0.0.156

NANO AntiVirus

Riskware.Win32.AirAdInstaller.dedofp

0.30.0.296

Norman

Gen:Variant.Zusy.104506

03.12.2014 13:20:04

nProtect

Trojan-Clicker/W32.AirAdInstaller.919448.C

15.02.17.01

Panda Antivirus

Trj/Genetic.gen

15.02.21.03

Quick Heal

Adware.AirAdInstaller.I5

2.15.14.00

Reason Heuristics

PUP.Installer.Adknowledge

15.2.21.15

Rising Antivirus

PE:PUF.Airinstall!1.9C4C

23.00.65.15219

Sophos

PUA 'AirInstaller'

5.10

Vba32 AntiVirus

AdWare.AirAdInstaller

3.12.26.3

VIPRE Antivirus

Threat.4784938

36694

Zillya! Antivirus

Backdoor.PePatch.Win32.42736

2.0.0.2077

File size:

897.9 KB (919,448 bytes)

Product version:

2.0.49.0

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\itunes.exe

Digital Signature

Signed by:

Install Manager

Authority:

DigiCert Inc

Valid from:

8/6/2013 8:00:00 PM

Valid to:

8/11/2015 8:00:00 AM

Subject:

CN=Install Manager, O=Install Manager, L=Victoria, S=British Columbia, C=CA

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

06C0BBB90999729C33560EC18A203261

File PE Metadata

Compilation timestamp:

8/13/2014 5:57:47 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:nbznouPOpl5mnLFR0KyHBkE146x0ro+QCPDCamrgPS39qXqllzGfyuL6BzmsAv5i:nPu3y0DBz5AQCPDjmYPs4yd

Entry address:

0x298C90

Entry point:

60, BE, 00, 90, 5C, 00, 8D, BE, 00, 80, E3, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

832 KB (851,968 bytes)

The file itunes.exe has been seen being distributed by the following URL.

http://files.getsoftfree.com/get/click/.../?uid=${PIXEL_CONTEXT}&sid=ADM-itunes-up-ca&filename=iTunes

Remove itunes.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.