Suspicious
Signed by VoodooSoft with reflective code loading and high entropy; tier-1 engines silent but prior signer history flagged suspicious.
08070415a1bfd55e04…54c6c74645The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The file presents a mixed-signal profile. On one hand, 16 tier-1 engines (Avast, BitDefender, Kaspersky, ESET-NOD32, Fortinet, GData, F-Secure, Emsisoft, Avira, AVG, DrWeb, Ikarus) all report the file undetected, and no sandbox malicious verdict was generated despite behaviour analysis. On the other hand, the signer VoodooSoft has minimal history (1/2 safe), is not on our curated trusted-publisher list, and a prior file from the same signer (TaskbarPlus60.exe) was verdicted suspicious. The file exhibits reflective code loading (T1620), high entropy (7.607), and packing signatures — techniques used by both legitimate and malicious software. The rare-new prevalence (1 submission, first seen today) and absence of external-intel hits (no YARA rules, no MalwareBazaar family, no CIRCL match) suggest either a newly released legitimate tool or a fresh malware variant not yet catalogued by researchers. The balance of evidence leans toward caution rather than confidence in either direction.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines: 0/71 malicious; tier1Malicious=0; tier1ReportedClean=16 (Avast, BitDefender, Kaspersky, ESET-NOD32, Fortinet, GData, F-Secure, Emsisoft, Avira, AVG, DrWeb all undetected)
signing.verified=true, signer='VoodooSoft'; signerStats 1/2 safe (50%), autoTrusted=false — minimal signer history, not on curated trusted-publisher list
similarHashes: 1 prior verdict on same signer (71b99bdf4511…, TaskbarPlus60.exe) verdicted 'suspicious' with ai:signed_but_unusual_behaviour on 2026-04-26
behaviour: T1620 (Reflective Code Loading) + 12 ambient techniques; no sandbox malicious verdict, no malicious contacted hosts, no dropped children
PE analysis: highEntropyCode=true, likelyPacked=true, entropy=7.607; prevalence: rare_new (1 submitter, first seen 2026-06-13); no external-intel hits (CIRCL, YARAify, MalwareBazaar all negative)
- All 16 tier-1 antivirus engines (Avast, BitDefender, Kaspersky, ESET-NOD32, Fortinet, GData, F-Secure, Emsisoft, Avira, AVG, DrWeb, Ikarus) report undetected
- No sandbox malicious verdict despite dynamic behaviour analysis
- No contacted malicious hosts, no dropped malicious children
- Signing verified as authentic (not forged or revoked)
- No external-intelligence hits (CIRCL, YARAify, MalwareBazaar all negative)
- Reflective code loading (T1620) — technique used by both legitimate and malicious software for code injection
- High entropy (7.607) and packing signatures — suggests obfuscation or compression, common in both legitimate and malicious binaries
- Signer VoodooSoft has minimal history (1/2 safe) and is not on curated trusted-publisher list
- Prior file from same signer (TaskbarPlus60.exe) was verdicted suspicious
- Rare-new prevalence (1 submission, first seen today) — insufficient distribution history for reputation assessment
Do not execute this file in a production or sensitive environment without additional verification. If the source is trusted and the file's purpose is known, consider isolated sandbox testing or requesting vendor documentation. If the source is untrusted or the purpose unclear, defer execution pending further investigation.
0 detections across 75 engines
Section entropy & packers
Executable sections have high entropy (7.2+) — the code is compressed or encrypted and only decrypted at runtime. Classic packing behaviour.
How often this file shows up in the wild
Barely seen in the wild and first surfaced recently. This is the footprint of targeted malware the AV industry hasn't signatured yet — extra scrutiny is warranted.
Forensic fingerprint
- File name
- SiriusLLM110.exe
- Size
- 1.17 MB
- MIME type
- application/x-msdownload
- Detected type
- Win32 EXE
- SHA-256
- 08070415a1bfd55e045610a0d37e3770a9442e54a2bd04b322099954c6c74645
- MD5
- a39ada49ac26b70aedbb178234484a8d
- SHA-1
- 6ca09892bf425707323157ea06454e40d35b4b31
- First seen (VT)
- 6/13/2026, 11:01:46 AM
- Last analysis (VT)
- 6/13/2026, 11:01:46 AM
- First scan (MalwareTips)
- 6/13/2026, 11:02:59 AM
- Last scan (MalwareTips)
- 6/13/2026, 11:04:27 AM
- Code signer
- VoodooSoftverified
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.