iTunesHelper.exe

  • File Path: C:\program files\iTunes\iTunesHelper.exe
  • Description: iTunesHelper

Hashes

Type Hash
MD5 64928B67BB87CFF67A4B20C1D86C87D0
SHA1 8684ED8DD82B35BB2C812D369C7B09EB8993BD7E
SHA256 30465855E68627488CA1D461D555C729B06DB01C860C7E2DFA73050BE2201433
SHA384 6DD8BC5DA058C1A24126147DC47D743160D732BA7384B6ADB2A1737154DC5081E0F0B6C7AC1EC87CA9D95A9A783B9F1C
SHA512 7A4A730ED48E5DD23FCCF34C2B33FB4E48CF19175968CA373F91522BD48EE5DE32F8FC9CA7F4C8B3D46817BE445044DEE6D663C6ADF672D3078BB384CC114E1D
SSDEEP 6144:gfTOkkp8nmxfMRHpToV6grVB4s023+FM2+zIv+n7:gCx8mxfmTBsZDt4i

Runtime Data

Open Handles:

Path Type
(RW-) C:\Users\user\Documents File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme4048709601 Section
\Windows\Theme603176458 Section

Loaded Modules:

Path
C:\program files\iTunes\CoreFoundation.dll
C:\program files\iTunes\iTunesHelper.exe
C:\Windows\System32\cfgmgr32.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\SETUPAPI.dll
C:\Windows\System32\ucrtbase.dll

Signature

  • Status: Signature verified.
  • Serial: 4EF16586A2FF12D69C556EC4C91BAEE1
  • Thumbprint: 634A0D892E72161714861C178015AFE9C1832E14
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Apple Inc., O=Apple Inc., L=Cupertino, S=California, C=US

File Metadata

  • Original Filename: iTunesHelper.exe
  • Product Name: iTunes
  • Company Name: Apple Inc.
  • File Version: 12.10.8.5
  • Product Version: 12.10.8.5
  • Language: English (United States)
  • Legal Copyright: 2000-2020 Apple Inc. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Program Files\iTunes\iTunesHelper.exe 66

Possible Misuse

The following table contains possible examples of iTunesHelper.exe being misused. While iTunesHelper.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_currentversion.yml TargetObject\|endswith: '\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iTunesHelper' DRL 1.0
sigma registry_event_asep_reg_keys_modification_currentversion.yml Details: '"C:\Program Files\iTunes\iTunesHelper.exe"' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.