itunes_setup.exe

Compute Client

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application itunes_setup.exe, “Premium Installer ” by Compute Client has been detected as adware by 44 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The installer is marketed through download protals and search ads as Apple's iTunes but will also install additional software offers which include adware, PUPs and browser toolbars. The file has been seen being downloaded from downloadd.org.
Publisher:
Premium Installer   (signed by Compute Client)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
d7334b32eb0376a2f3ddd73e10bf77a6

SHA-1:
40fbd0924ffda27ff2d56d600ea406e328153ec1

SHA-256:
8bbcd92d4dc4b010963b1fd5837d5104fb78cd95f854ad3ae8f9b7d5e9deedcd

Scanner detections:
44 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/12/2017 9:10:26 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.439479
844

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
2014.08.14

Avira AntiVirus
Adware/iBryte.bxov
7.11.177.186

Antiy Labs AVL
Trojan[Clicker]/Win32.Agent
0.1.0.1

avast!
Win32:Adware-gen [Adw]
2014.9-141014

AVG
AdPlugin
2015.0.3324

Baidu Antivirus
Trojan.Win32.Clikug
4.0.3.141014

Bitdefender
Gen:Variant.Kazy.439479
1.0.20.1435

Clam AntiVirus
Win.Adware.Ibryte-5287
0.98/19505

Comodo Security
Application.Win32.AgentCV.HWYE
19774

Dr.Web
Trojan.DownLoader11.32275
9.0.1.0287

Emsisoft Anti-Malware
Gen:Variant.Kazy.439479
8.14.10.14.10

ESET NOD32
Win32/AdWare.iBryte.BL
8.10549

Fortinet FortiGate
W32/Malware_fam.NB
10/14/2014

F-Prot
W32/A-512ed8f8
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.439479
11.2014-14-10_3

G Data
Gen:Variant.Kazy.439479
14.10.24

IKARUS anti.virus
Trojan-Clicker.BFNI
t3scan.1.6.1.0

Jiangmin
Adware/iBryte.gtyg
KV141014

K7 AntiVirus
Unwanted-Program
13.183.13642

K7 Gateway Antivirus
Unwanted-Program
13.183.13650

Kaspersky
not-a-virus:AdWare.Win32.iBryte
15.0.0.494

Kingsoft AntiVirus
Win32.Troj.Staser.y.(kcloud)
331020.49267

Malwarebytes
PUP.Optional.iBryte
v2014.10.12.08

McAfee
Artemis!0FF2B0F7AD04
5600.6978

McAfee Web Gateway
GenericATG-FGI!746F50AE6DB0
7.6978

Microsoft Security Essentials
TrojanClicker:Win32/Clikug.A
1.10401

MicroWorld eScan
Gen:Variant.Kazy.439479
15.0.0.861

NANO AntiVirus
Riskware.Win32.IBryte.dgjgwq
0.28.2.62483

Norman
IBryte.PDB
11.20141014

nProtect
Trojan.GenericKD.1618449
14.04.10.01

Panda Antivirus
Trj/Genetic.gen
14.10.12.08

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Quick Heal
TrojanDownloader.Badur.A5
10.14.14.00

Reason Heuristics
PUP.Installer.ComputeClient.M
14.10.12.8

Rising Antivirus
PE:Malware.iBryte!6.192B
23.00.65.141012

SUPERAntiSpyware
PUP.OptimumInstaller/Variant
10300

Trend Micro House Call
TROJ_CLIKUG.A
7.2.287

Trend Micro
TROJ_CLIKUG.A
10.465.14

Vba32 AntiVirus
3.12.26.0

VIPRE Antivirus
Threat.4778314
33706

Zillya! Antivirus
Adware.iBryte.Win32.2546
2.0.0.1951

File size:
191.4 KB (195,960 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\itunes_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/24/2014 12:00:00 AM

Valid to:
3/24/2015 11:59:59 PM

Subject:
CN=Compute Client, O=Compute Client, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
26B6A2E42157A5020CF75500730F2CF3

File PE Metadata
Compilation timestamp:
10/11/2014 9:00:30 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:VYkLxk9JVVJzSdGt18OJe7cInPxXWBSOeRiPT:2VJzie8OJeFn4reE7

Entry address:
0x7B0D

Entry point:
E8, D0, 05, 00, 00, E9, D7, FC, FF, FF, CC, FF, 25, B8, 91, 40, 00, FF, 25, B4, 91, 40, 00, 68, 7D, 7B, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 1C, D0, 40, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
4.7359

Code size:
31.5 KB (32,256 bytes)

The file itunes_setup.exe has been seen being distributed by the following URL.

Remove itunes_setup.exe - Powered by Reason Core Security