× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 04cb63e51153ebc17475fc0ae8770b165ae823d0451ac3063bedd6d549208611
File name: iTunes 12.3.2.35 (x86).exe
Detection ratio: 0 / 57
Analysis date: 2016-03-23 05:35:10 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160323
AegisLab 20160323
Yandex 20160316
AhnLab-V3 20160323
Alibaba 20160323
ALYac 20160323
Antiy-AVL 20160323
Arcabit 20160323
Avast 20160323
AVG 20160322
Avira (no cloud) 20160323
AVware 20160322
Baidu 20160322
Baidu-International 20160322
BitDefender 20160323
Bkav 20160322
ByteHero 20160323
CAT-QuickHeal 20160323
ClamAV 20160319
CMC 20160322
Comodo 20160322
Cyren 20160323
DrWeb 20160323
Emsisoft 20160323
ESET-NOD32 20160323
F-Prot 20160323
F-Secure 20160323
Fortinet 20160323
GData 20160323
Ikarus 20160323
Jiangmin 20160323
K7AntiVirus 20160322
K7GW 20160323
Kaspersky 20160322
Malwarebytes 20160323
McAfee 20160323
McAfee-GW-Edition 20160323
Microsoft 20160323
eScan 20160323
NANO-Antivirus 20160323
nProtect 20160322
Panda 20160322
Qihoo-360 20160323
Rising 20160323
Sophos AV 20160323
SUPERAntiSpyware 20160323
Symantec 20160323
Tencent 20160323
TheHacker 20160321
TotalDefense 20160323
TrendMicro 20160323
TrendMicro-HouseCall 20160323
VBA32 20160322
VIPRE 20160323
ViRobot 20160323
Zillya 20160322
Zoner 20160323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Apple Inc. All Rights Reserved.

Product iTunes
Original name iTunesSetup.exe
Internal name iTunesSetup
File version 12.3.2.35
Description iTunes Installer
Signature verification Signed file, verified signature
Signing date 1:08 AM 12/10/2015
Signers
[+] Apple Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 7/29/2015
Valid to 12:59 AM 8/28/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 173A28539CA6DAB5AC8C3B995ABAA692F95C5FC4
Serial number 2B 20 EB 33 80 79 2A B0 11 F6 62 C0 64 FD B4 73
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT SFX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-10 00:08:25
Entry Point 0x0000BA63
Number of sections 5
PE sections
Overlays
MD5 c30e809a5c2ae1fb25f4f2b9edc7fcb6
File type data
Offset 117517824
Size 6424
Entropy 7.31
PE imports
InitCommonControlsEx
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
LoadResource
InterlockedDecrement
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetProcessWorkingSetSize
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
SetUnhandledExceptionFilter
GetSystemDirectoryA
TerminateProcess
WriteConsoleA
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetProcAddress
GetProcessHeap
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetSystemMetrics
CreateWindowExA
UpdateWindow
SendMessageA
ShowWindow
DestroyWindow
Ord(112)
Ord(71)
Ord(8)
Ord(141)
Ord(93)
Number of PE resources by type
RT_ICON 4
RT_RCDATA 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
117460480

ImageVersion
0.0

ProductName
iTunes

FileVersionNumber
12.3.2.35

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
iTunesSetup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12.3.2.35

TimeStamp
2015:12:10 01:08:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
iTunesSetup

ProductVersion
12.3.2.35

FileDescription
iTunes Installer

OSVersion
5.0

FileOS
Win32

LegalCopyright
Apple Inc. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Apple Inc.

CodeSize
73216

FileSubtype
0

ProductVersionNumber
12.3.2.35

EntryPoint
0xba63

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 2934443f1c31325bcba6bdf3449cad4b
SHA1 390045f3b1f8562030fb93cff5fe26d7031ce2d4
SHA256 04cb63e51153ebc17475fc0ae8770b165ae823d0451ac3063bedd6d549208611
ssdeep
3145728:P3MojT1PnRuwzXQ5o5yzmnJvswQRZBmEg:P8o1RuwrQ4YmJiR3mEg

authentihash 6d3ea97aceacc537f6199b53170117f76e466931bd309e70e10b1b141a9cc619
imphash c0ade6201d24f8d29e74b8018ecc27fa
File size 112.1 MB ( 117524248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2015-12-12 02:47:27 UTC ( 2 years, 6 months ago )
Last submission 2018-04-28 07:43:45 UTC ( 1 month, 3 weeks ago )
File names iTunesSetup.exe
iTunesSetup_12.3.2.35.exe
iTunes 12.3.2.35.exe
390045f3b1f8562030fb93cff5fe26d7031ce2d4.eb6afa15-a3ff-11e5-be59-f4ce4612c6dc.tmp
iTunesSetup.exe_
04CB63E51153EBC17475FC0AE8770B165AE823D0451AC3063BEDD6D549208611
iTunes 12.3.2.35 (x86).exe
iTunesSetup.exe
iTunesSetup.exe
iTunesSetup
iTunesSetup (2).exe
iTunesSetup.exe
iTunesSetup.exe
iTunesSetup (1).exe
itunessetup.exe
iTunesSetup.exe
iTunesSetup_12.3.2.exe
iTunesSetup_v12.3.2.exe
iTunesSetup (1).exe
iTunesSetup.exe
itunes-12-3-2-64-bit-multi-win.exe
itunes_12.3.2.35_setup.1450159837.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!