iTunes.exe
- File Path:
C:\Program Files\iTunes\iTunes.exe - Description: iTunes
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | E886BCAE538C37D7772AC3BB3AE9810C |
| SHA1 | 972E998C91121B750E0318B0E5EE04EE55B703E9 |
| SHA256 | F38684D912C27AFF8F73483BDEE7D6396B307C0ED7D30EE5338563EAE5505DD8 |
| SHA384 | F0AEC89E5C78E0DBA13397A8126DC3C16874E3384D90FA7F746635C6DDB463E760CE8426F98E60D94F470AC154ABAEA8 |
| SHA512 | D77840C99E95D5F0A8CBAED0CE602777F0BA8453258CB6082216B0905E3BB88B3CA54EEEBD10579F244C6D82AE59E5D63ACF99859B63E42E875DE9E00F3CB451 |
| SSDEEP | 393216:lxOYYkFxGuYGwLo3EsuoI7xykr1d6Et9D7VM3wYOpaBncI5+/FhF8gTj:lP3eIsthF8gTj |
| IMP | 2E1E7AF6AA6EC8C5D8C3B84CA8226FE9 |
| PESHA1 | 8F6796BCC4442462644064F5D1BE314E6A6CEEB0 |
| PE256 | D0983C194BE80C784EECAB51189B3D38B6002BDF1E74DF73222674426F12FF2B |
Runtime Data
Window Title:
iTunes Software License Agreement
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\System32\en-US\user32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\wdmaud.drv.mui | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_faefa4f37613d18e | File |
| (RW-) C:\xCyclopedia | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\1\BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\1\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-2047949552-857980807-821054962-504 | Section |
| \Sessions\1\Windows\Theme2547664911 | Section |
| \Windows\Theme3854699184 | Section |
Loaded Modules:
| Path |
|---|
| C:\Program Files\iTunes\ApplePushDirect.dll |
| C:\Program Files\iTunes\AVFoundationCF.dll |
| C:\Program Files\iTunes\CFNetwork.dll |
| C:\Program Files\iTunes\CoreAudioToolbox.dll |
| C:\Program Files\iTunes\CoreFoundation.dll |
| C:\Program Files\iTunes\CoreGraphics.dll |
| C:\Program Files\iTunes\CoreMedia.dll |
| C:\Program Files\iTunes\CoreText.dll |
| C:\Program Files\iTunes\CoreVideo.dll |
| C:\Program Files\iTunes\iTunes.exe |
| C:\Program Files\iTunes\JavaScriptCore.dll |
| C:\Program Files\iTunes\libdispatch.dll |
| C:\Program Files\iTunes\MediaAccessibility.dll |
| C:\Program Files\iTunes\QuartzCore.dll |
| C:\Program Files\iTunes\WebKit.dll |
| C:\Program Files\iTunes\zlib1.dll |
| C:\Windows\SYSTEM32\AcGenral.dll |
| C:\Windows\System32\ADVAPI32.dll |
| C:\Windows\SYSTEM32\apphelp.dll |
| C:\Windows\System32\bcrypt.dll |
| C:\Windows\System32\cfgmgr32.dll |
| C:\Windows\System32\combase.dll |
| C:\Windows\System32\COMDLG32.dll |
| C:\Windows\System32\CRYPT32.dll |
| C:\Windows\SYSTEM32\d2d1.dll |
| C:\Windows\SYSTEM32\dwmapi.dll |
| C:\Windows\SYSTEM32\DWrite.dll |
| C:\Windows\SYSTEM32\dxva2.dll |
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\IMM32.DLL |
| C:\Windows\SYSTEM32\IPHLPAPI.DLL |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\SYSTEM32\MPR.dll |
| C:\Windows\SYSTEM32\MSIMG32.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\SYSTEM32\MSVCP140.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\ole32.dll |
| C:\Windows\System32\OLEAUT32.dll |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\SETUPAPI.dll |
| C:\Windows\System32\shcore.dll |
| C:\Windows\System32\SHELL32.dll |
| C:\Windows\System32\SHLWAPI.dll |
| C:\Windows\SYSTEM32\SspiCli.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\SYSTEM32\UIAutomationCore.DLL |
| C:\Windows\System32\USER32.dll |
| C:\Windows\SYSTEM32\USERENV.dll |
| C:\Windows\SYSTEM32\UxTheme.dll |
| C:\Windows\SYSTEM32\VCRUNTIME140.dll |
| C:\Windows\SYSTEM32\VCRUNTIME140_1.dll |
| C:\Windows\SYSTEM32\VERSION.dll |
| C:\Windows\System32\win32u.dll |
| C:\Windows\SYSTEM32\WININET.dll |
| C:\Windows\SYSTEM32\WINMM.dll |
| C:\Windows\System32\WS2_32.dll |
| C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\COMCTL32.dll |
| C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_faefa4f37613d18e\gdiplus.dll |
Signature
- Status: Signature verified.
- Serial:
4EF16586A2FF12D69C556EC4C91BAEE1 - Thumbprint:
634A0D892E72161714861C178015AFE9C1832E14 - Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
- Subject: CN=Apple Inc., O=Apple Inc., L=Cupertino, S=California, C=US
File Metadata
- Original Filename: iTunes.exe
- Product Name: iTunes
- Company Name: Apple Inc.
- File Version: 12.10.9.3
- Product Version: 12.10.9.3
- Language: English (United States)
- Legal Copyright: 2000-2020 Apple Inc. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/68
- VirusTotal Link: https://www.virustotal.com/gui/file/f38684d912c27aff8f73483bdee7d6396b307c0ed7d30ee5338563eae5505dd8/detection/
Possible Misuse
The following table contains possible examples of iTunes.exe being misused. While iTunes.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | registry_event_asep_reg_keys_modification_currentversion.yml | Details: '"C:\Program Files\iTunes\iTunesHelper.exe"' |
DRL 1.0 |
| signature-base | gen_osx_backdoor_bella.yar | $subpart2_c = “iTunes” fullword ascii | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.