MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 49ebb927cbe947326337e1da5be8e4478d2243e6adc7ef33be544fe005a5aac2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 49ebb927cbe947326337e1da5be8e4478d2243e6adc7ef33be544fe005a5aac2
SHA3-384 hash: 10b352334676f97e7e0ba351cb67481c3368f7b45173a170aa3064b7b58f5325269540584d8f5589d5067ec1bb86a36b
SHA1 hash: df0d7ab5f3cc6dc6b256285c3003956669b2b7f0
MD5 hash: 9d9c017d4a6373c420c4478ecda8f2e3
humanhash: johnny-magazine-romeo-mississippi
File name:HitPaw AI Editor.exe
Download: download sample
File size:40'960 bytes
First seen:2023-04-12 03:50:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c0305d98db2cb0845d8756255d9c64c0
ssdeep 768:ZMYEhSWfV/97hTOz4cN+Yk3E+w4dgtTd7URw3T/:SbT/97lOz/NKShx7Ui
TLSH T12103C14DE77626CAE6AE833945F39901D9F4F6037232D39F43B0C5253E605E11872B9A
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon e8b230cdcc68aa96
Reporter milannshrestga
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
446
Origin country :
NP NP
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
HitPaw AI Editor.exe
Verdict:
No threats detected
Analysis date:
2023-04-12 03:52:36 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4e03656c-0553-4e74-b436-d8615565e88f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/381630/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/77504/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Unknown
Threat level:
  0/10
Confidence:
75%
Tags:
packed
Link:
https://www.filescan.io/uploads/64362aa7f17a8f86fc8cb028/reports/81c6b8c6-80ba-4d9f-9466-7fa2eb37973f/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/49ebb927cbe947326337e1da5be8e4478d2243e6adc7ef33be544fe005a5aac2
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/78b56200-d24a-4501-808c-c811319a7395
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1212232
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/49ebb927cbe947326337e1da5be8e4478d2243e6adc7ef33be544fe005a5aac2/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-04-10 22:58:26 UTC
File Type:
PE+ (Exe)
Extracted files:
2
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jhv3sj6l5fdteyzx4hnfx2hei6gseq7gvxd66m56krh6abnfvlba._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230412-eegx5sbb5w/
Unpacked files
SH256 hash:
49ebb927cbe947326337e1da5be8e4478d2243e6adc7ef33be544fe005a5aac2
MD5 hash:
9d9c017d4a6373c420c4478ecda8f2e3
SHA1 hash:
df0d7ab5f3cc6dc6b256285c3003956669b2b7f0
Link:
https://www.unpac.me/results/7ed1237d-99de-4d2d-a89e-56c1f0144bbb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/49ebb927cbe947326337e1da5be8e4478d2243e6adc7ef33be544fe005a5aac2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/381630/

Comments