iTunes.exe

  • File Path: C:\program files\iTunes\iTunes.exe
  • Description: iTunes

Screenshot

iTunes.exe

Hashes

Type Hash
MD5 89A09D30380E27A24A9DA9C6D0DFCFAF
SHA1 14549FCEF38632969397F712768C3DEE438F721C
SHA256 EDB82AF891DD510A6E8D349071AD3E52256D8B3BE938D8E821D4F5980AF4E461
SHA384 550154587E26EF60E3D75C2799B2796038E1D6AF000EDA592F9A105B9F2EF8748A24720C082EDB427DF3FA5B717AD44D
SHA512 1D9855B95AD5A4C634ABFED3B9AC4FE4129868A2E6492AA00E204F5FA87A40EBAAD0D24A58CE5B0C8871A8D6436F2B86273648B87C0A5B1CCE767BE59D5FEB86
SSDEEP 393216:URYEo5L/rRap8vHclJ2eFkwBz06faZ+pwvwCgRY1kkQgVqDQMi8Ga1F:URwMgeKZKF

Runtime Data

Window Title:

iTunes Software License Agreement

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\user32.dll.mui File
(R-D) C:\Windows\System32\en-US\wdmaud.drv.mui File
(RW-) C:\Users\user\Documents File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.450_none_fae7a009761b0b44 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-2047949552-857980807-821054962-504 Section
\Sessions\1\Windows\Theme4048709601 Section
\Windows\Theme603176458 Section

Loaded Modules:

Path
C:\program files\iTunes\ApplePushDirect.dll
C:\program files\iTunes\ASL.dll
C:\program files\iTunes\AVFoundationCF.dll
C:\program files\iTunes\CFNetwork.dll
C:\program files\iTunes\CoreAudioToolbox.dll
C:\program files\iTunes\CoreFoundation.dll
C:\program files\iTunes\CoreGraphics.dll
C:\program files\iTunes\CoreMedia.dll
C:\program files\iTunes\CoreText.dll
C:\program files\iTunes\CoreVideo.dll
C:\program files\iTunes\Foundation.dll
C:\program files\iTunes\GNSDK_DSP.DLL
C:\program files\iTunes\GNSDK_MANAGER.DLL
C:\program files\iTunes\GNSDK_MUSICID.DLL
C:\program files\iTunes\GNSDK_SUBMIT.DLL
C:\program files\iTunes\iTunes.exe
C:\program files\iTunes\JavaScriptCore.dll
C:\program files\iTunes\libcache.dll
C:\program files\iTunes\libdispatch.dll
C:\program files\iTunes\libicuin.dll
C:\program files\iTunes\libicuuc.dll
C:\program files\iTunes\libxml2.dll
C:\program files\iTunes\libxslt.dll
C:\program files\iTunes\MediaAccessibility.dll
C:\program files\iTunes\objc.dll
C:\program files\iTunes\pthreadVC2.dll
C:\program files\iTunes\QuartzCore.dll
C:\program files\iTunes\SQLite3.dll
C:\program files\iTunes\WebKit.dll
C:\program files\iTunes\WTF.dll
C:\program files\iTunes\zlib1.dll
C:\Windows\SYSTEM32\AcGenral.dll
C:\Windows\System32\ADVAPI32.dll
C:\Windows\SYSTEM32\apphelp.dll
C:\Windows\System32\bcrypt.dll
C:\Windows\System32\cfgmgr32.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\COMDLG32.dll
C:\Windows\System32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTUI.dll
C:\Windows\SYSTEM32\d2d1.dll
C:\Windows\SYSTEM32\DSOUND.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\SYSTEM32\DWrite.dll
C:\Windows\SYSTEM32\dxva2.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\SYSTEM32\IPHLPAPI.DLL
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\MPR.dll
C:\Windows\SYSTEM32\msi.dll
C:\Windows\SYSTEM32\MSIMG32.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\SYSTEM32\MSVCP140.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ODBC32.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\SYSTEM32\PROPSYS.dll
C:\Windows\System32\PSAPI.DLL
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SETUPAPI.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\SYSTEM32\UIAutomationCore.DLL
C:\Windows\System32\USER32.dll
C:\Windows\SYSTEM32\USERENV.dll
C:\Windows\SYSTEM32\UxTheme.dll
C:\Windows\SYSTEM32\VCRUNTIME140.dll
C:\Windows\SYSTEM32\VCRUNTIME140_1.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\System32\win32u.dll
C:\Windows\SYSTEM32\WININET.dll
C:\Windows\SYSTEM32\WINMM.dll
C:\Windows\System32\WS2_32.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\COMCTL32.dll
C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.450_none_fae7a009761b0b44\gdiplus.dll

Signature

  • Status: Signature verified.
  • Serial: 4EF16586A2FF12D69C556EC4C91BAEE1
  • Thumbprint: 634A0D892E72161714861C178015AFE9C1832E14
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Apple Inc., O=Apple Inc., L=Cupertino, S=California, C=US

File Metadata

  • Original Filename: iTunes.exe
  • Product Name: iTunes
  • Company Name: Apple Inc.
  • File Version: 12.10.8.5
  • Product Version: 12.10.8.5
  • Language: English (United States)
  • Legal Copyright: 2000-2020 Apple Inc. All rights reserved.

Possible Misuse

The following table contains possible examples of iTunes.exe being misused. While iTunes.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_currentversion.yml Details: '"C:\Program Files\iTunes\iTunesHelper.exe"' DRL 1.0
signature-base gen_osx_backdoor_bella.yar $subpart2_c = “iTunes” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.