File verdict·Decided by the MT AI Engine
Our call

Safe

Unsigned RAR installer with zero engine detections and clean sandbox behaviour.

Trust score82Moderate trust
GitApp_Launch_Setup.rar
50.9 MB
0d036d4cbbdd0a95b3f7e4a43dd4
Antivirus engines
0 of 74 flagged
Code signing
Unsigned
Age
First seen 1 day ago
MT AI Engine · our arbiter

The verdict, reasoned out.

Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.

78%Confidence
High
Reasoning

All 61 reporting engines returned undetected, including 16 tier-1 engines. The archive extracts to text documents and language files with no malicious dropped children. Sandbox behaviour shows only debug-evasion technique T1562.001 and no C2 or persistence. Medium prevalence on a one-day-old file is consistent with a new legitimate installer rather than widespread malware.

Key signals · 5

Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.

  1. engines.tier1Malicious=0 and engines.malicious=0 across 61 reporting engines

  2. signing.verified=false (unsigned) with no signerStats history

  3. behaviour.hasMaliciousSandboxVerdict=false and contactedHosts.maliciousHosts=null

  4. prevalence.classification=medium with 6 submitters in 1 day

  5. externalIntel.yaraify.ruleCount=0 and droppedChildren.hasMaliciousChild=false

Points in its favour
  • Zero engine detections
  • No malicious dropped children
  • No malicious host contact
Points against
  • Unsigned archive
  • Password-protected extraction
  • Debug-evasion tags present
What to do

Treat as low-risk installer; verify extracted files with current signatures before running.

Runtime behaviour

What this file did when executed

This file was detonated in 1 sandbox and its runtime behaviour was observed.

MITRE ATT&CK
3

Adversary techniques mapped to the MITRE ATT&CK framework.

T1082T1497T1562.001
Spawned processes
3
$(unnamed)
C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWow64\unarchiver.exe" "C:\Users\user\Desktop\GitApp_Launch_Setup.rar"
$(unnamed)
C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\bxxb1j2o.f5p" "C:\Users\user\Desktop\GitApp_Launch_Setup.rar"
$(unnamed)
C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Filesystem & mutexes
15
Files written15
  • C:\Users\user\AppData\Local\Temp\bxxb1j2o.f5p
  • C:\Users\user\AppData\Local\Temp\bxxb1j2o.f5p\Installation_Instructions.txt
  • C:\Users\user\AppData\Local\Temp\bxxb1j2o.f5p\License.txt
  • C:\Users\user\AppData\Local\Temp\bxxb1j2o.f5p\Readme.txt
  • C:\Users\user\AppData\Local\Temp\bxxb1j2o.f5p\Terms_Of_Use.txt
+10 more
Dropped payload

Files this sample writes at runtime

This file drops 1 child at runtime. None are currently flagged malicious in our cache.

1 unseen
  • 222c5be681148a79c87420c71cNever scanned
    never seen before
No researcher-database hits
External threat-intel sources were not collected for this scan.
Antivirus engine breakdown

0 detections across 74 engines

0 malicious0 suspicious74 clean
Tier-117 engines
0flag
Top commercial AVs (low FP rate)
Tier-240 engines
0flag
Mainstream engines with mixed FP rates
Low-trust17 engines
0flag
Heuristic / generic-AI engines (high FP rate)
All 74 engines report this file as clean.
Hash 0d036d4cbbdd… cross-referenced against 74 AV engines via our AV network.
Prevalence

How often this file shows up in the wild

Moderate prevalence — neither rare nor common. No strong prior applies.

Medium
Unique uploaders
6
Moderate upload volume.
Total submissions
6
Includes repeat uploads by the same source.
First seen by VT
0d ago
Jul 10, 2026
Prevalence quadrant
Rare · New
Targeted malware lives here
Common · New
Just-released software
Rare · Old
Niche or internal tooling
Common · Old
Trusted legitimate binaries
File identity

Forensic fingerprint

File biography
First seen (VT)
7/10/2026, 6:09:11 PM
First seen (MalwareBazaar)
Last analysis (VT)
7/10/2026, 6:09:11 PM
Scanned here
7/11/2026, 6:51:48 AM
File name
GitApp_Launch_Setup.rar
Size
50.91 MB
MIME type
(unknown)
Detected type
RAR
SHA-256
0d036d4cbbdd0a95b390f6b2b8e7264d8c1c77994cd0d76a42ce24f7e4a43dd4
MD5
f1d2c6897971727ab33c59eefa636117
SHA-1
9c6c5869abcb2267e52f20ae00c057a0deb207d7
First seen (VT)
7/10/2026, 6:09:11 PM
Last analysis (VT)
7/10/2026, 6:09:11 PM
First scan (MalwareTips)
7/11/2026, 6:51:48 AM
Last scan (MalwareTips)
7/11/2026, 6:51:48 AM
Behavior tags
rardetect-debug-environmentlong-sleeps
Frequently asked

Safety FAQ

Common questions about GitApp_Launch_Setup.rar, answered from the scan data above.

  • GitApp_Launch_Setup.rar appears safe. 74 of 74 antivirus engines report it clean. As a habit, only run files you downloaded from the official source, since attackers sometimes distribute trojanised copies of legitimate software under the same name.
  • GitApp_Launch_Setup.rar is a software installer, about 50.9 MB. Our analysis found no threat indicators for it. A file's name can be reused by different files, so we identify it by its cryptographic hash (below).
  • None — all 74 antivirus engines we queried report GitApp_Launch_Setup.rar as clean. That's reassuring, though brand-new malware can briefly evade detection before vendors add signatures, so we also weigh the file's behaviour and reputation.
  • The SHA-256 hash of GitApp_Launch_Setup.rar is 0d036d4cbbdd0a95b390f6b2b8e7264d8c1c77994cd0d76a42ce24f7e4a43dd4, and its MD5 is f1d2c6897971727ab33c59eefa636117. This hash is the file's unique fingerprint — two files with the same SHA-256 are identical. Use it to confirm you're looking at exactly this file (not just one with the same name) when comparing against antivirus databases or a download's published checksum.
  • Based on this scan, yes — GitApp_Launch_Setup.rar shows no threat indicators. The important caveat is source: make sure you downloaded it from the official website or a trusted store, because attackers sometimes distribute malware-laced copies under a legitimate file's name. If your own antivirus flags it while we report it clean, that is most often a false positive, but verify the source before overriding your antivirus.
  • This report reflects the scan run on July 11, 2026. Because a file's hash never changes, the identity of GitApp_Launch_Setup.rar is fixed — but antivirus coverage improves over time, so a file that looks clean today can pick up detections later (and vice-versa). If you need the latest picture, MalwareTips staff can re-run the analysis from scratch.
Community classification

Reviews & malware reports(0)

Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.

Loading…
Loading reports…
Files are processed in a streaming pass-through — MalwareTips never stores the binary on its servers. Only the scan result (hash, detections, verdict) is retained so the next person who scans the same file gets an instant answer. If you ran this file on your computer and are worried, scan your system with an up-to-date antivirus and change critical passwords from a different device.