iTunesHelper.exe

  • File Path: C:\Program Files\iTunes\iTunesHelper.exe
  • Description: iTunesHelper

Hashes

Type Hash
MD5 20E702A75DC25E28EEE0047668B27811
SHA1 FF30104C4D8AB2E03BF8A13CEE99741C190089B0
SHA256 2846B21465DC8DDC9F1F3A259ECEE300313D8A43C5778802E6BAB33A4768272E
SHA384 4205FFCBF73B771FD6FB4050D4464EC509381016291A593A14847DC23A80A837C6E0B0506AC898FE8AF0965C4C814561
SHA512 5AAB2B8DB00EEE8BC5065F2B2C8C3364BA01B5BF97BBFAE8051739D6AD3FE062454B332FF858997DAEF4210DA86E003F3478139BE5F40F61A849044CDB147EAD
SSDEEP 6144:ffTKQQB8nmxfMRHpTlVRsPV54iE23+FM2+zIv+B3:fGh8mxfmTpEPTt4M
IMP 3292D2FB9D849B13963CBF1C301EFC4A
PESHA1 98D89236C41C2AB7313B8B3D500E6E82B2DA66EC
PE256 08E4CD53B5FCAEC4AF02DA6355C740C5A1B3B5D5528F297CEAD3719047A2C35C

Runtime Data

Open Handles:

Path Type
(RW-) C:\xCyclopedia File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme2547664911 Section
\Windows\Theme3854699184 Section

Loaded Modules:

Path
C:\Program Files\iTunes\CoreFoundation.dll
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\cfgmgr32.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\SETUPAPI.dll
C:\Windows\System32\ucrtbase.dll

Signature

  • Status: Signature verified.
  • Serial: 4EF16586A2FF12D69C556EC4C91BAEE1
  • Thumbprint: 634A0D892E72161714861C178015AFE9C1832E14
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Apple Inc., O=Apple Inc., L=Cupertino, S=California, C=US

File Metadata

  • Original Filename: iTunesHelper.exe
  • Product Name: iTunes
  • Company Name: Apple Inc.
  • File Version: 12.10.9.3
  • Product Version: 12.10.9.3
  • Language: English (United States)
  • Legal Copyright: 2000-2020 Apple Inc. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/2846b21465dc8ddc9f1f3a259ecee300313d8a43c5778802e6bab33a4768272e/detection/

File Similarity (ssdeep match)

File Score
C:\program files\iTunes\iTunesHelper.exe 66

Possible Misuse

The following table contains possible examples of iTunesHelper.exe being misused. While iTunesHelper.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_currentversion.yml TargetObject\|endswith: '\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iTunesHelper' DRL 1.0
sigma registry_event_asep_reg_keys_modification_currentversion.yml Details: '"C:\Program Files\iTunes\iTunesHelper.exe"' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.