» itunes_setup.exe
Overview
Analysis
File Details
Downloads (2)

itunes_setup.exe

Quick Downloader

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application itunes_setup.exe by Quick Downloader has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Adlogica Quick Downloader installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. With this installer, users are expecting to download Apple's iTunes but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

itunes_setup.exe

Publisher:

Quick Downloader (signed and verified)

MD5:

bd2e0114e1fd8195a3999c4f3525a864

SHA-1:

ebe8761105f5148e10e4c238c34528d8ba3ff57d

SHA-256:

8cd253e1c027bb7bc0d1f74fb3834703284a3fb9cfaed288cbdf74f56e5daeb7

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/23/2024 8:33:16 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.MyWebSearch

7.1.1

avast!

Win32:PUP-gen [PUP]

2014.9-140923

AVG

AdPlugin

2015.0.3342

Baidu Antivirus

PUA.Win32.MyWebSearch

4.0.3.14923

ESET NOD32

Win32/Toolbar.MyWebSearch (variant)

8.10786

Fortinet FortiGate

Riskware/Toolbar_MyWebSearch

9/23/2014

herdProtect (fuzzy)

variant of google_chrome_setup.exe (Adware)

2014.12.5.22

K7 AntiVirus

Unwanted-Program

13.186.14150

Malwarebytes

PUP.Optional.Downloadster

v2014.09.23.07

McAfee

Artemis!CA9B0CE2C45B

5600.6998

Panda Antivirus

Trj/Chgt.D

14.09.23.07

Reason Heuristics

PUP.Installer.QuickDownloader.M

14.9.23.19

Sophos

Generic PUA CH

4.98

Trend Micro House Call

Suspicious_GEN.F47V1106

7.2.266

VIPRE Antivirus

InstallCore

35156

File size:

809.4 KB (828,824 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adlogica Quick Downloader

Language:

English (United States)

Common path:

C:\users\{user}\downloads\itunes_setup.exe

Digital Signature

Signed by:

Quick Downloader

Authority:

COMODO CA Limited

Valid from:

8/11/2014 8:00:00 PM

Valid to:

8/11/2017 7:59:59 PM

Subject:

CN=Quick Downloader, O=Quick Downloader, STREET="96 Jessie St, 4th Floor", L=San Francisco, S=CA, PostalCode=94105, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0087CE63C7728E982ECA2980DCA8DDE091

File PE Metadata

Compilation timestamp:

6/21/2014 10:05:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:2uR5EPHvTzifZumcynKfFfIrTVRL8SpX1c8y1MmG3ss23atdLEk3Fi:2f7zikNyKNmTESpFc8y2t3ss23axi

Entry address:

0x162E0

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C8, 89, 45, CC, 89, 45, D0, 89, 45, EC, 89, 45, D8, 89, 45, D4, B8, D4, 5E, 41, 00, E8, 12, 00, FF, FF, 33, C0, 55, 68, ED, 64, 41, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, 8B, 64, 41, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, 50, 8D, 45, D8, E8, BE, AF, FF, FF, 8B, 45, D8, 89, 45, DC, C6, 45, E0, 0B, 8D, 55, D4, B8, 08, 00, 00, 00, E8, CF, AF, FF, FF, 8B, 45, D4, 89, 45, E4, C6, 45, E8, 0B, 8D, 55, DC, B9, 01, 00, 00, 00, B8, 04, 65, 41, 00... 
[+]

Entropy:

7.8713

Developed / compiled with:

Microsoft Visual C++

Code size:

85.5 KB (87,552 bytes)

The file itunes_setup.exe has been seen being distributed by the following 2 URLs.

http://software.windownload.net/itunes_setup.exe

http://itunes.download-file.windownload.net/download/91/.../

Remove itunes_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.