File name:

hitpaw-voice-changer.exe

Full analysis: https://app.any.run/tasks/78ff5ad8-25c0-4294-9656-9fc4d404fe61
Verdict: Malicious activity
Analysis date: October 01, 2023, 21:23:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

05F2EDB8621E49275E0029C6754B942D

SHA1:

F0AE6CAFDED1BF60C70E5050F6D2A6AD1B13D8A8

SHA256:

90279B02D3AFB48D50D70201AE740DAA2761D0D3F06FD60C4DB8690D9BA586FE

SSDEEP:

49152:RBfoNtu1abLX7EzIZdMOo305WebRyyfdEGUYcz57GO00Bx0KY8D2kwU3st0sUZ:RBfBSH9Ro305WeFyyfdEHYoyGBhpD2kN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Connects to the CnC server

      • hitpaw-voice-changer.exe (PID: 2840)

  • SUSPICIOUS

    • Checks Windows Trust Settings

      • hitpaw-voice-changer.exe (PID: 2840)

    • Reads the Internet Settings

      • hitpaw-voice-changer.exe (PID: 2840)

    • Reads settings of System Certificates

      • hitpaw-voice-changer.exe (PID: 2840)

    • Reads security settings of Internet Explorer

      • hitpaw-voice-changer.exe (PID: 2840)

    • Checks for external IP

      • hitpaw-voice-changer.exe (PID: 2840)

  • INFO

    • Reads the computer name

      • hitpaw-voice-changer.exe (PID: 2840)

    • Reads Environment values

      • hitpaw-voice-changer.exe (PID: 2840)

    • Checks supported languages

      • hitpaw-voice-changer.exe (PID: 2840)

    • Checks proxy server information

      • hitpaw-voice-changer.exe (PID: 2840)

    • Reads the machine GUID from the registry

      • hitpaw-voice-changer.exe (PID: 2840)

    • Creates files or folders in the user directory

      • hitpaw-voice-changer.exe (PID: 2840)

    • Create files in a temporary directory

      • hitpaw-voice-changer.exe (PID: 2840)

    • Creates files in the program directory

      • hitpaw-voice-changer.exe (PID: 2840)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:11 10:06:20+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 2023424
InitializedDataSize: 868352
UninitializedDataSize: 2789376
EntryPoint: 0x497130
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.7.11.0
ProductVersionNumber: 2.7.11.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: HitPaw Co., Ltd.
FileDescription: HitPaw Voice Changer
FileVersion: 2.7.11.0
LegalCopyright: Copyright © 2007-2023 HitPaw Co.,Ltd.
ProductName: 20230711160553
ProductVersion: 2.7.11.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start hitpaw-voice-changer.exe hitpaw-voice-changer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2840"C:\Users\admin\AppData\Local\Temp\hitpaw-voice-changer.exe" C:\Users\admin\AppData\Local\Temp\hitpaw-voice-changer.exe
explorer.exe
User:
admin
Company:
HitPaw Co., Ltd.
Integrity Level:
HIGH
Description:
HitPaw Voice Changer
Exit code:
0
Version:
2.7.11.0
Modules
Images
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\users\admin\appdata\local\temp\hitpaw-voice-changer.exe
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
3352"C:\Users\admin\AppData\Local\Temp\hitpaw-voice-changer.exe" C:\Users\admin\AppData\Local\Temp\hitpaw-voice-changer.exeexplorer.exe
User:
admin
Company:
HitPaw Co., Ltd.
Integrity Level:
MEDIUM
Description:
HitPaw Voice Changer
Exit code:
3221226540
Version:
2.7.11.0
Modules
Images
c:\users\admin\appdata\local\temp\hitpaw-voice-changer.exe
c:\windows\system32\ntdll.dll
Total events
4 952
Read events
4 928
Write events
24
Delete events
0

Modification events

(PID) Process:(2840) hitpaw-voice-changer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2840) hitpaw-voice-changer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000004F010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2840) hitpaw-voice-changer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2840) hitpaw-voice-changer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2840) hitpaw-voice-changer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2840) hitpaw-voice-changer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2840) hitpaw-voice-changer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2840) hitpaw-voice-changer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2840) hitpaw-voice-changer.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
0
Suspicious files
4
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
2840hitpaw-voice-changer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\XVR59OG6.txttext
MD5:849D5AB23344375551338A9BBE1F3B0C
SHA256:6591D62663C63418FD53353B9B8604C16D3BB75EEB1C024A8C0F468AE3C9A60B
2840hitpaw-voice-changer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\6BB9CGV3.txttext
MD5:70FF1735A769707583D3155EE4CFDFE0
SHA256:C626806C94B393B8E9E4AECDA41942DA0234A1030A39332A1646118C3C3A236A
2840hitpaw-voice-changer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97Cbinary
MD5:E1D9821386AD06FDE06D79CEC9FD4AFE
SHA256:7E0B16F904C01912FE46BD74E72978FB9F0FFC2E9FD03107DCAEBD3470EA4E2E
2840hitpaw-voice-changer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:ABF29FE70D362C3324A24DD86EDC0B11
SHA256:1ABAEF216DBE86A3E2DF23A08DFC283BACD063B07FA87A459BB38FD56FC67BA2
2840hitpaw-voice-changer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97Cbinary
MD5:9B9684999B8B832177A19E9C323F66FD
SHA256:FD5BB87882CD0AFF6A0299B49FFDFF69687309AB6C4E47618CD1291A362988AE
2840hitpaw-voice-changer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
2840hitpaw-voice-changer.exeC:\Users\admin\AppData\Local\Temp\voicechanger_hitpaw\voicechanger_hitpaw_1.1.1.exe.xmltext
MD5:0932C077A2A0D00B51B69B7A0E6FCFD0
SHA256:549F3CDC3451B67E176FE880A4E88C139EDEBFF829F633CEB2F1E4233225204D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
92
DNS requests
7
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2840
hitpaw-voice-changer.exe
GET
200
208.95.112.1:80
http://ip-api.com/csv
unknown
text
155 b
2840
hitpaw-voice-changer.exe
GET
200
8.253.207.121:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?366df85d1b420095
unknown
compressed
4.66 Kb
2840
hitpaw-voice-changer.exe
POST
200
142.250.186.142:80
http://www.google-analytics.com/collect
unknown
image
35 b
2840
hitpaw-voice-changer.exe
POST
200
142.250.186.142:80
http://www.google-analytics.com/collect
unknown
image
35 b
2840
hitpaw-voice-changer.exe
POST
200
142.250.186.142:80
http://www.google-analytics.com/collect
unknown
image
35 b
2840
hitpaw-voice-changer.exe
POST
200
142.250.186.142:80
http://www.google-analytics.com/collect
unknown
image
35 b
2840
hitpaw-voice-changer.exe
POST
200
142.250.186.142:80
http://www.google-analytics.com/collect
unknown
image
35 b
2840
hitpaw-voice-changer.exe
POST
200
142.250.186.142:80
http://www.google-analytics.com/collect
unknown
image
35 b
2840
hitpaw-voice-changer.exe
POST
200
142.250.186.142:80
http://www.google-analytics.com/collect
unknown
image
35 b
2840
hitpaw-voice-changer.exe
POST
200
142.250.186.142:80
http://www.google-analytics.com/collect
unknown
image
35 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
2840
hitpaw-voice-changer.exe
104.18.24.249:80
www.tenorshare.com
CLOUDFLARENET
unknown
3284
svchost.exe
239.255.255.250:1900
unknown
2840
hitpaw-voice-changer.exe
104.18.24.249:443
www.tenorshare.com
CLOUDFLARENET
unknown
2840
hitpaw-voice-changer.exe
8.253.207.121:80
ctldl.windowsupdate.com
LEVEL3
US
unknown
2840
hitpaw-voice-changer.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
unknown
2840
hitpaw-voice-changer.exe
208.95.112.1:80
ip-api.com
TUT-AS
US
unknown
2840
hitpaw-voice-changer.exe
142.250.186.142:443
www.google-analytics.com
GOOGLE
US
unknown
2840
hitpaw-voice-changer.exe
142.250.186.142:80
www.google-analytics.com
GOOGLE
US
unknown
4
System
192.168.100.255:138
unknown

DNS requests

Domain
IP
Reputation
www.tenorshare.com
  • 104.18.24.249
  • 104.18.25.249
unknown
ctldl.windowsupdate.com
  • 8.253.207.121
  • 67.27.158.126
  • 8.253.95.249
  • 8.241.9.254
  • 8.241.123.126
unknown
update.tenorshare.com
  • 104.18.24.249
  • 104.18.25.249
unknown
ocsp.digicert.com
  • 192.229.221.95
unknown
ip-api.com
  • 208.95.112.1
unknown
www.google-analytics.com
  • 142.250.186.142
unknown
download.hitpaw.com
  • 104.18.24.102
  • 104.18.25.102
unknown

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
Potential Corporate Privacy Violation
AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
Possibly Unwanted Program Detected
ET ADWARE_PUP Tensorshare Google Analytics Checkin
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
hitpaw-voice-changer.exe