× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1776bcb9621e1c36ace76f2e68d4c704d98a079f4caaf7f8e25bfe59b89106fc
File name: iTunesFusionSetup-3.2.exe
Detection ratio: 0 / 68
Analysis date: 2018-09-16 00:16:48 UTC ( 4 months ago ) View latest
Antivirus Result Update
Ad-Aware 20180913
AegisLab 20180915
AhnLab-V3 20180915
Alibaba 20180713
ALYac 20180916
Antiy-AVL 20180916
Arcabit 20180915
Avast 20180916
Avast-Mobile 20180915
AVG 20180916
Avira (no cloud) 20180915
AVware 20180915
Babable 20180907
Baidu 20180914
BitDefender 20180915
Bkav 20180915
CAT-QuickHeal 20180915
ClamAV 20180915
CMC 20180915
Comodo 20180916
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180916
Cyren 20180915
DrWeb 20180915
eGambit 20180916
Emsisoft 20180915
Endgame 20180730
ESET-NOD32 20180915
F-Prot 20180915
F-Secure 20180915
Fortinet 20180915
GData 20180915
Ikarus 20180915
Sophos ML 20180717
Jiangmin 20180915
K7AntiVirus 20180915
K7GW 20180915
Kaspersky 20180915
Kingsoft 20180916
Malwarebytes 20180915
MAX 20180916
McAfee 20180915
McAfee-GW-Edition 20180915
Microsoft 20180915
eScan 20180916
NANO-Antivirus 20180915
Palo Alto Networks (Known Signatures) 20180916
Panda 20180915
Qihoo-360 20180916
Rising 20180915
SentinelOne (Static ML) 20180830
Sophos AV 20180915
SUPERAntiSpyware 20180907
Symantec 20180915
Symantec Mobile Insight 20180911
TACHYON 20180916
Tencent 20180916
TheHacker 20180914
TotalDefense 20180915
TrendMicro 20180915
TrendMicro-HouseCall 20180915
Trustlook 20180916
VBA32 20180914
VIPRE 20180915
ViRobot 20180915
Webroot 20180916
Yandex 20180915
Zillya 20180914
ZoneAlarm by Check Point 20180915
Zoner 20180915
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product iTunesFusion
File version 3.2.0.0
Description iTunesFusion Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 5:00 PM 8/22/2018
Signers
[+] Binary Fortress Software Ltd.
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 11/3/2017
Valid to 12:59 AM 11/3/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 6738A934D3CFC503BA570738DAD2F93B8CAECAA6
Serial number 51 C1 C1 36 AE 71 9E 84 E7 48 E1 A4 8D 94 46 82
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G2
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 1:00 AM 1/2/2017
Valid to 12:59 AM 4/2/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
Serial number 54 58 F2 AA D7 41 D6 44 BC 84 A9 7B A0 96 52 E6
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 1/12/2016
Valid to 12:59 AM 1/12/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 4/2/2008
Valid to 12:59 AM 12/2/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-14 13:27:46
Entry Point 0x0001181C
Number of sections 8
PE sections
Overlays
MD5 5c5c4bb386d3da0d6f586756adcd477f
File type data
Offset 121344
Size 3480776
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetSystemDirectoryW
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetVersion
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 4
DUTCH 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
3.2.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
iTunesFusion Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
53760

EntryPoint
0x1181c

MIMEType
application/octet-stream

FileVersion
3.2.0.0

TimeStamp
2018:06:14 14:27:46+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.2.0.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Binary Fortress Software

CodeSize
66560

ProductName
iTunesFusion

ProductVersionNumber
3.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a8ffdbafdfefe5375c2b7316f86c50d2
SHA1 e7c0e37b71c7cb297de1d004b0050944364e36da
SHA256 1776bcb9621e1c36ace76f2e68d4c704d98a079f4caaf7f8e25bfe59b89106fc
ssdeep
98304:BH3x4ngXxdo3L76r4KMdwPgSat4cOB/MxV6tgrSWPWgF:lCnghdon6r4KMdwPgmxq6tgrSWPWgF

authentihash caa1646609db4b793910107c6224ea1487107afd1bce079fe9931a227b686e54
imphash 20dd26497880c05caed9305b3c8b9109
File size 3.4 MB ( 3602120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (42.4%)
Win32 Dynamic Link Library (generic) (19.7%)
Win32 Executable (generic) (13.5%)
Win16/32 Executable Delphi generic (6.2%)
OS/2 Executable (generic) (6.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-08-22 20:44:44 UTC ( 4 months, 3 weeks ago )
Last submission 2018-10-04 01:27:52 UTC ( 3 months, 2 weeks ago )
File names iTunesFusionSetup-3.2.exe
iTunesFusionSetup-3.2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Runtime DLLs