Safe
Unsigned RAR installer with zero engine detections and clean sandbox behaviour.
0d036d4cbbdd0a95b3…f7e4a43dd4The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
All 61 reporting engines returned undetected, including 16 tier-1 engines. The archive extracts to text documents and language files with no malicious dropped children. Sandbox behaviour shows only debug-evasion technique T1562.001 and no C2 or persistence. Medium prevalence on a one-day-old file is consistent with a new legitimate installer rather than widespread malware.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines.tier1Malicious=0 and engines.malicious=0 across 61 reporting engines
signing.verified=false (unsigned) with no signerStats history
behaviour.hasMaliciousSandboxVerdict=false and contactedHosts.maliciousHosts=null
prevalence.classification=medium with 6 submitters in 1 day
externalIntel.yaraify.ruleCount=0 and droppedChildren.hasMaliciousChild=false
- Zero engine detections
- No malicious dropped children
- No malicious host contact
- Unsigned archive
- Password-protected extraction
- Debug-evasion tags present
Treat as low-risk installer; verify extracted files with current signatures before running.
What this file did when executed
This file was detonated in 1 sandbox and its runtime behaviour was observed.
Adversary techniques mapped to the MITRE ATT&CK framework.
- C:\Users\user\AppData\Local\Temp\bxxb1j2o.f5p
- C:\Users\user\AppData\Local\Temp\bxxb1j2o.f5p\Installation_Instructions.txt
- C:\Users\user\AppData\Local\Temp\bxxb1j2o.f5p\License.txt
- C:\Users\user\AppData\Local\Temp\bxxb1j2o.f5p\Readme.txt
- C:\Users\user\AppData\Local\Temp\bxxb1j2o.f5p\Terms_Of_Use.txt
Files this sample writes at runtime
This file drops 1 child at runtime. None are currently flagged malicious in our cache.
- 222c5be681148a79c874…20c71cNever scannednever seen before
0 detections across 74 engines
How often this file shows up in the wild
Moderate prevalence — neither rare nor common. No strong prior applies.
Forensic fingerprint
- File name
- GitApp_Launch_Setup.rar
- Size
- 50.91 MB
- MIME type
- (unknown)
- Detected type
- RAR
- SHA-256
- 0d036d4cbbdd0a95b390f6b2b8e7264d8c1c77994cd0d76a42ce24f7e4a43dd4
- MD5
- f1d2c6897971727ab33c59eefa636117
- SHA-1
- 9c6c5869abcb2267e52f20ae00c057a0deb207d7
- First seen (VT)
- 7/10/2026, 6:09:11 PM
- Last analysis (VT)
- 7/10/2026, 6:09:11 PM
- First scan (MalwareTips)
- 7/11/2026, 6:51:48 AM
- Last scan (MalwareTips)
- 7/11/2026, 6:51:48 AM
Safety FAQ
Common questions about GitApp_Launch_Setup.rar, answered from the scan data above.
- GitApp_Launch_Setup.rar appears safe. 74 of 74 antivirus engines report it clean. As a habit, only run files you downloaded from the official source, since attackers sometimes distribute trojanised copies of legitimate software under the same name.
- GitApp_Launch_Setup.rar is a software installer, about 50.9 MB. Our analysis found no threat indicators for it. A file's name can be reused by different files, so we identify it by its cryptographic hash (below).
- None — all 74 antivirus engines we queried report GitApp_Launch_Setup.rar as clean. That's reassuring, though brand-new malware can briefly evade detection before vendors add signatures, so we also weigh the file's behaviour and reputation.
- The SHA-256 hash of GitApp_Launch_Setup.rar is 0d036d4cbbdd0a95b390f6b2b8e7264d8c1c77994cd0d76a42ce24f7e4a43dd4, and its MD5 is f1d2c6897971727ab33c59eefa636117. This hash is the file's unique fingerprint — two files with the same SHA-256 are identical. Use it to confirm you're looking at exactly this file (not just one with the same name) when comparing against antivirus databases or a download's published checksum.
- Based on this scan, yes — GitApp_Launch_Setup.rar shows no threat indicators. The important caveat is source: make sure you downloaded it from the official website or a trusted store, because attackers sometimes distribute malware-laced copies under a legitimate file's name. If your own antivirus flags it while we report it clean, that is most often a false positive, but verify the source before overriding your antivirus.
- This report reflects the scan run on July 11, 2026. Because a file's hash never changes, the identity of GitApp_Launch_Setup.rar is fixed — but antivirus coverage improves over time, so a file that looks clean today can pick up detections later (and vice-versa). If you need the latest picture, MalwareTips staff can re-run the analysis from scratch.
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.