home

itunes_setup.exe

My Program

Fast Downloads

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application itunes_setup.exe, “My Program Setup ” by Fast Downloads has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Apple's iTunes but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Fast Downloads  (signed and verified)

Product:
My Program

Description:
My Program Setup

MD5:
3aaebd4952665b233edaac89fca2f7dd

SHA-1:
1728e4c10e40a31e383655a19ea1fe9552759250

SHA-256:
ea7aa550a74b417ee92785ed89d881d9326e781a85a13823b54ac81c80d709c9

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/18/2024 7:32:07 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen9
7.11.196.174

AVG
InstallC
2015.0.3256

Dr.Web
Adware.InstallCore.494
9.0.1.05190

ESET NOD32
Win32/InstallCore.PK potentially unwanted application
7.0.302.0

K7 AntiVirus
Trojan
13.188.14380

NANO AntiVirus
Riskware.Win32.InstallCore.dhpyfp
0.28.6.64267

Reason Heuristics
PUP.Installer.FastDownloads.M
14.12.19.1

Sophos
PUA 'Install Core Click run software'
5.09

VIPRE Antivirus
Threat.5063361
35418

File size:
837.9 KB (857,976 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adlogica Downloader (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\itunes_setup.exe

Digital Signature
Signed by:
Fast Downloads

Authority:
COMODO CA Limited

Valid from:
8/13/2013 7:00:00 PM

Valid to:
8/14/2014 6:59:59 PM

Subject:
CN=Fast Downloads, O=Fast Downloads, STREET=96 Jessie st 4th floor, L=San Francisco, S=CA, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D9726FD3E4B9094351093A3495F1FE97

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:B4vYsBHNzECUPYMuSDxdQwx2Vf92EGPgKPs3x:BEZRNzlklkWXgKPsh

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8993

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file itunes_setup.exe has been seen being distributed by the following URL.

http://itunes.download-file.windownload.net/download/92/.../

Remove itunes_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.