× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 762ccbc93ab82fe05a383aa7a3b5b27e352055dd39d815ad5bbb1b4de88555e9
File name: iTunes6464Setup.exe
Detection ratio: 1 / 57
Analysis date: 2016-03-15 00:16:05 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Bkav HW64.packed.C745 20160312
Ad-Aware 20160315
AegisLab 20160314
Yandex 20160314
AhnLab-V3 20160314
Alibaba 20160314
ALYac 20160315
Antiy-AVL 20160315
Arcabit 20160314
Avast 20160314
AVG 20160314
Avira (no cloud) 20160314
AVware 20160314
Baidu 20160314
Baidu-International 20160314
BitDefender 20160314
ByteHero 20160315
CAT-QuickHeal 20160314
ClamAV 20160311
CMC 20160314
Comodo 20160314
Cyren 20160314
DrWeb 20160314
Emsisoft 20160314
ESET-NOD32 20160314
F-Prot 20160314
F-Secure 20160314
Fortinet 20160314
GData 20160314
Ikarus 20160314
Jiangmin 20160314
K7AntiVirus 20160314
K7GW 20160314
Kaspersky 20160314
Malwarebytes 20160314
McAfee 20160314
McAfee-GW-Edition 20160314
Microsoft 20160314
eScan 20160314
NANO-Antivirus 20160314
nProtect 20160314
Panda 20160314
Qihoo-360 20160315
Rising 20160314
Sophos AV 20160314
SUPERAntiSpyware 20160314
Symantec 20160310
Tencent 20160315
TheHacker 20160314
TotalDefense 20160314
TrendMicro 20160314
TrendMicro-HouseCall 20160315
VBA32 20160314
VIPRE 20160315
ViRobot 20160315
Zillya 20160314
Zoner 20160314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
© Apple Inc. All Rights Reserved.

Product iTunes
Original name iTunesSetup.exe
Internal name iTunesSetup
File version 12.3.2.35
Description iTunes Installer
Signature verification Signed file, verified signature
Signing date 7:51 AM 12/18/2015
Signers
[+] Apple Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 7/29/2015
Valid to 12:59 AM 8/28/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 173A28539CA6DAB5AC8C3B995ABAA692F95C5FC4
Serial number 2B 20 EB 33 80 79 2A B0 11 F6 62 C0 64 FD B4 73
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT CAB
PE header basic information
Target machine x64
Compilation timestamp 2015-12-18 06:50:59
Entry Point 0x0000DF30
Number of sections 5
PE sections
Overlays
MD5 562b42ac1cd8c162891e31451f6ac067
File type data
Offset 167576576
Size 6424
Entropy 7.32
PE imports
InitCommonControlsEx
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
EncodePointer
FlsGetValue
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
LoadResource
SetLastError
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
SetProcessWorkingSetSize
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
SetUnhandledExceptionFilter
GetSystemDirectoryA
DecodePointer
TerminateProcess
WriteConsoleA
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
FlsSetValue
LoadLibraryA
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetProcAddress
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
GetFileType
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
FindResourceA
GetSystemMetrics
CreateWindowExA
UpdateWindow
SendMessageA
ShowWindow
DestroyWindow
Ord(112)
Ord(71)
Ord(8)
Ord(141)
Ord(93)
Number of PE resources by type
RT_ICON 4
RT_RCDATA 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.3.2.35

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
iTunes Installer

ImageFileCharacteristics
No relocs, Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
167522304

EntryPoint
0xdf30

OriginalFileName
iTunesSetup.exe

MIMEType
application/octet-stream

LegalCopyright
Apple Inc. All Rights Reserved.

FileVersion
12.3.2.35

TimeStamp
2015:12:18 07:50:59+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
iTunesSetup

ProductVersion
12.3.2.35

SubsystemVersion
5.2

OSVersion
5.2

FileOS
Win32

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Apple Inc.

CodeSize
80896

ProductName
iTunes

ProductVersionNumber
12.3.2.35

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9ad218beb93f936f3046a5615cc058a5
SHA1 85890efdd30d27af4408851441ee5f257effeef3
SHA256 762ccbc93ab82fe05a383aa7a3b5b27e352055dd39d815ad5bbb1b4de88555e9
ssdeep
3145728:1TX+hOF8WRbg+aPIZ+lIfZL851iLGMVgCEjiOdXWIQnYuqBYhuy:x+hOFfbAfWBc1imCE3d2Yuq+hn

authentihash 740edf19c57cb4fd88396d3019ddaffca001f315b85a74b2ec1a74e8324b4050
imphash d63289dba1c873b30bb637a801b94a51
File size 159.8 MB ( 167583000 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID InstallShield setup (56.1%)
Win64 Executable (generic) (36.0%)
OS/2 Executable (generic) (2.6%)
Generic Win/DOS Executable (2.6%)
DOS Executable Generic (2.6%)
Tags
peexe assembly overlay revoked-cert signed 64bits

VirusTotal metadata
First submission 2015-12-22 07:58:40 UTC ( 2 years, 11 months ago )
Last submission 2016-05-08 00:17:17 UTC ( 2 years, 6 months ago )
File names iTunes6464Setup.exe
target.exe.12d7eb7b-ec6f-11e5-b83c-20689d65614e.tmp
iTunes6464Setup.exe
iTunes6464Setup.exe
itunes6464setup.exe.pybft78.partial
itunes6464setup (3).exe
itunes6464setup.exe.ffs_tmp
unconfirmed 133430.crdownload
iTunes6464Setup12_3_2.exe
iTunes6464Setup.exe
bita9f3.tmp
unconfirmed 119839.crdownload
unconfirmed 159446.crdownload
itunes6464setup.exe.1wwfjxt.partial
itunes6464setup (1).exe
iTunesSetup.exe
unconfirmed 666015.crdownload
unconfirmed 34982.crdownload
ninite.2016-01-23.506b137e-c202-11e5-860f-989096d21979.tmp
itunes6464setup.exe.dcfqduk.partial
792694
iTunes6464Setup.exe
iTunes6464Setup.exe
iTunesSetup
bit62cf.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!