MalwareTips
File verdict·Decided by the MT AI Engine
Our call

Unknown

Our AI analyst is temporarily unavailable, so we've applied a conservative fallback: all 67 antivirus engines that scanned this file report it as clean.

Verified · Unison Audio Inc
Trust score50Caution
MT AI confidence · 30%
Unison Chord Genie - 1.0.37-3b36284f.exe
89.1 MB
3b36284f28824b8b8713e9abbb31
Antivirus engines
0 of 75 flagged
Code signing
Signed by Unison Audio Inc
Age
First seen 7mo ago
MT AI Engine · our arbiter

The verdict, reasoned out.

Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.

30%Confidence
Exploratory
Reasoning

Our AI analyst is temporarily unavailable, so we've applied a conservative fallback: all 67 antivirus engines that scanned this file report it as clean. With that much coverage, the file looks safe — but re-scan in a few minutes to get the full AI assessment.

Key signals · 3

Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.

  1. AI arbiter unavailable (reason: grok_exception:This operation was aborted)

  2. engines.tier1Malicious=0

  3. engines.reporting=67

Points in its favour
  • 67 antivirus engines all report this file as clean.
What to do

The file appears safe based on antivirus coverage. Re-scan for the full AI assessment.

Sources disagree

1 contradiction resolved by the scoring engine

MT AI Engine read "safe", displayed verdict is "unknown"
A ground-truth gate (admin override, MalwareBazaar, empty-file) or the low-confidence display rule shifted the final call.
Displayed verdict tracks the harder evidence.
Runtime behaviour

What this file did when executed

This file was detonated in 1 sandbox and its runtime behaviour was observed.

MITRE ATT&CK
18

Adversary techniques mapped to the MITRE ATT&CK framework.

T1012T1027T1027.002T1033T1055T1059T1070T1071T1082T1083T1129T1134T1202T1497T1497.001T1529T1614T1614.001
Spawned processes
7
$(unnamed)
C:\Windows\system32\services.exe
$(unnamed)
"C:\Users\<USER>\Desktop\Unison Chord Genie - 1.0.37-3b36284f.exe"
$(unnamed)
"C:\Users\<USER>\AppData\Local\Temp\is-DSDCM.tmp\Unison Chord Genie - 1.0.37-3b36284f.tmp" /SL5="$3006C,92394569,845824,C:\Users\<USER>\Desktop\Unison Chord Genie - 1.0.37-3b36284f.exe"
$(unnamed)
C:\Windows\Explorer.EXE
$(unnamed)
C:\Users\<USER>\AppData\Local\Temp\is-UUV3D.tmp\Unison Chord Genie - 1.0.37-3b36284f.tmp /SL5=$9013E,92394569,845824,C:\Users\<USER>\Downloads\Unison Chord Genie - 1.0.37-3b36284f.exe
$(unnamed)
"C:\Users\user\Desktop\Unison Chord Genie - 1.0.37-3b36284f.exe"
$(unnamed)
"C:\Users\user\AppData\Local\Temp\is-JFUC6.tmp\Unison Chord Genie - 1.0.37-3b36284f.tmp" /SL5="$10496,92394569,845824,C:\Users\user\Desktop\Unison Chord Genie - 1.0.37-3b36284f.exe"
Filesystem & mutexes
26
Files written15
  • C:\Users\<USER>\AppData\Local\Temp\is-DSDCM.tmp\Unison Chord Genie - 1.0.37-3b36284f.tmp
  • C:\Users\<USER>\AppData\Local\Temp\is-824DR.tmp\_isetup\_setup64.tmp
  • C:\Program Files\Steinberg\VSTPlugins\Unison\Unison Chord Genie.dll
  • C:\Program Files (x86)\Unison\Unison Chord Genie\unins000.dat
  • C:\Program Files (x86)\Unison\Unison Chord Genie\is-614GN.tmp
+10 more
Files deleted8
  • C:\Program Files (x86)\Unison\Unison Chord Genie\is-614GN.tmp
  • C:\Program Files\Steinberg\VSTPlugins\Unison\is-5HIL8.tmp
  • C:\Program Files\Common Files\VST3\Unison\Unison Chord Genie.vst3\Contents\x86_64-win\is-RD5R6.tmp
  • C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Unison Chord Genie.aaxplugin\Contents\x64\is-HTC55.tmp
  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unison\Uninstall Unison Chord Genie.lnk
+3 more
Mutexes created3
  • cversions.3.m
  • \Sessions\1\BaseNamedObjects\Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511
  • \Sessions\1\BaseNamedObjects\Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000
Dropped payload

Files this sample writes at runtime

This file drops 10 children at runtime. None are currently flagged malicious in our cache.

10 unseen
  • a8a2ae67a11ce05447237dce50Never scanned
    never seen before
  • 355a946bb8164a71feff94ee41Never scanned
    never seen before
  • 388a796580234efc95f3136f95Never scanned
    never seen before
  • 0285cefdc97eb3cf947b1ba648Never scanned
    never seen before
  • 8490373134e8a4279ac0e5d2b3Never scanned
    never seen before
  • e0a5114172276a53cb31ff79e8Never scanned
    never seen before
  • be0294393ccebf054ae2f955a7Never scanned
    never seen before
  • 84c9cd7391c06b41dfbb0357a9Never scanned
    never seen before
  • 5ed0233c0922e9f20307313b66Never scanned
    never seen before
  • 40a3d73c95b8f33fa270ef3854Never scanned
    never seen before
No researcher-database hits
External threat-intel sources were not collected for this scan.
Signature matches

YARA + heuristic rules that fired

A researcher-curated or high-severity heuristic rule matched this sample. These rules target specific malware families and are near-definitive.

1 synthesis
MITRE ATT&CK profile
Defense evasion× 1
MalwareTips synthesis rules
Our heuristics on VT data + sandbox behaviour
  • ProcessInjection
    T1055
    high

    MITRE T1055 (Process Injection) observed — CreateRemoteThread / APC / reflective-DLL injection. The payload is being smuggled into a legitimate process to bypass AV hooks.

    Evidence
    C:\Windows\Explorer.EXE
Antivirus engine breakdown

0 detections across 75 engines

0 malicious0 suspicious75 clean
Tier-117 engines
0flag
Top commercial AVs (low FP rate)
Tier-238 engines
0flag
Mainstream engines with mixed FP rates
Low-trust20 engines
0flag
Heuristic / generic-AI engines (high FP rate)
All 75 engines report this file as clean.
Hash 3b36284f2882… cross-referenced against 75 AV engines via our AV network.
PE forensics

Section entropy & packers

Section-level entropy and packer detection from the PE header. Nothing suspicious here — entropy is within the normal range for unpacked code.

ent 8.00Unpacked
Section entropy10 sections
.text
6.38
.itext
6.11
.data
4.96
.bss
0.00
.idata
5.02
.didata
2.73
.edata
1.31
.tls
0.00
.rdata
1.39
.reloc
6.71
0.0Packed threshold 7.28.0
Prevalence

How often this file shows up in the wild

Moderate prevalence — neither rare nor common. No strong prior applies.

Medium
Unique uploaders
4
Moderate upload volume.
Total submissions
4
Includes repeat uploads by the same source.
First seen by VT
7mo ago
Oct 29, 2025
Prevalence quadrant
Rare · New
Targeted malware lives here
Common · New
Just-released software
Rare · Old
Niche or internal tooling
Common · Old
Trusted legitimate binaries
File identity

Forensic fingerprint

File biography
First seen (VT)
10/29/2025, 2:50:08 PM
First seen (MalwareBazaar)
Last analysis (VT)
4/26/2026, 12:49:19 AM
Scanned here
5/15/2026, 9:33:25 PM
File name
Unison Chord Genie - 1.0.37-3b36284f.exe
Size
89.07 MB
MIME type
(unknown)
Detected type
Win32 EXE
SHA-256
3b36284f28824b8b8777bec4faecf2facd0ed87328942791fcd2b013e9abbb31
MD5
cc8119d48d2c06f0b7bb40e55ccd9964
SHA-1
4058f057af5667fc7f4f1f94ab9e9b0f4fe7d9c4
PE imphash
40ab50289f7ef5fae60801f88d4541fc
First seen (VT)
10/29/2025, 2:50:08 PM
Last analysis (VT)
4/26/2026, 12:49:19 AM
First scan (MalwareTips)
5/15/2026, 9:33:25 PM
Last scan (MalwareTips)
5/15/2026, 9:33:25 PM
Code signer
Unison Audio Incverified
Behavior tags
peexeoverlaysigned
Community classification

Reviews & malware reports(0)

Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.

Loading…
Loading reports…
Scanned by
mmw3
Scan another
Check a different file
URL instead?
Check if a link is safe
Files are processed in a streaming pass-through — MalwareTips never stores the binary on its servers. Only the scan result (hash, detections, verdict) is retained so the next person who scans the same file gets an instant answer. If you ran this file on your computer and are worried, scan your system with an up-to-date antivirus and change critical passwords from a different device.