File verdict·Decided by the MT AI Engine
Our call

Suspicious

Unsigned 3 KB DLL with three low-trust detections and one prior suspicious imphash match.

Trust score45Caution
MT AI confidence · 55%
vray_v41003_max_fix.dll
3.0 KB
21395b734f1360456c6c8d7a6b3c
Antivirus engines
3 of 76 flagged
Code signing
Unsigned
Age
First seen 7y ago
MT AI Engine · our arbiter

The verdict, reasoned out.

Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.

55%Confidence
Moderate
Reasoning

Low-trust-only detections on an unsigned DLL with medium prevalence and clean runtime signals point to a borderline case rather than clear malware. The single RAG match on the same imphash also returned suspicious. No tier-1 consensus, no sandbox hits, and no external intelligence strengthen the mixed-signal assessment.

Key signals · 4

Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.

  1. engines.onlyLowTrustFlagging=true and tier1Malicious=0 (CrowdStrike, Cynet, McAfeeD only)

  2. signing.signed=false and signerStats.found=false

  3. similarHashes[0].verdict=suspicious (matchKind=imphash)

  4. prevalence.classification=medium (21 uniqueSources, 26 submissions)

Points in its favour
  • Zero tier-1 malicious detections
  • Medium prevalence over 7 years
  • No malicious behaviour observed
Points against
  • Unsigned binary
  • Low-trust engine detections
  • Prior similar-hash suspicious verdict
What to do

Treat as untrusted until the source is verified; avoid loading in critical 3ds Max workflows without additional validation.

Sources disagree

1 contradiction resolved by the scoring engine

Only low-trust / heuristic engines flagged this file
3 engines from the heuristic / generic-AI set flagged it. No tier-1 engine agreed.
Detection weight reduced in scoring.
No researcher-database hits
External threat-intel sources were not collected for this scan.
Antivirus engine breakdown

3 detections across 76 engines

3 malicious0 suspicious73 clean
Tier-117 engines
0flag
Top commercial AVs (low FP rate)
Tier-238 engines
0flag
Mainstream engines with mixed FP rates
Low-trust21 engines
3flag
Heuristic / generic-AI engines (high FP rate)
CrowdStrike
malicious
win/grayware_confidence_100% (W)
Cynet
malicious
Malicious (score: 100)
McAfeeD
malicious
Real Protect-LS!C3100DF4BA6B
Hash 21395b734f13… cross-referenced against 76 AV engines via our AV network.
PE forensics

Section entropy & packers

Section-level entropy and packer detection from the PE header. Nothing suspicious here — entropy is within the normal range for unpacked code.

Unpacked
Section entropy2 sections
.text
6.42
.data
4.89
0.0Packed threshold 7.28.0
Prevalence

How often this file shows up in the wild

Moderate prevalence — neither rare nor common. No strong prior applies.

Medium
Unique uploaders
21
Moderate upload volume.
Total submissions
26
Includes repeat uploads by the same source.
First seen by VT
7y ago
Apr 1, 2019
Prevalence quadrant
Rare · New
Targeted malware lives here
Common · New
Just-released software
Rare · Old
Niche or internal tooling
Common · Old
Trusted legitimate binaries
File identity

Forensic fingerprint

File biography
First seen (VT)
4/1/2019, 1:10:05 PM
First seen (MalwareBazaar)
Last analysis (VT)
1/29/2026, 12:02:02 AM
Scanned here
7/3/2026, 9:52:36 AM
File name
vray_v41003_max_fix.dll
Size
3.0 KB
MIME type
(unknown)
Detected type
Win32 DLL
SHA-256
21395b734f1360456c25891fe43765484b21df095b0a5fd594de046c8d7a6b3c
MD5
c3100df4ba6b778b3db6939610dc3338
SHA-1
6143808146056a8c588f2661e572821cb73a7188
PE imphash
79b3362178937bf9559741c46bb9e035
First seen (VT)
4/1/2019, 1:10:05 PM
Last analysis (VT)
1/29/2026, 12:02:02 AM
First scan (MalwareTips)
7/3/2026, 9:52:36 AM
Last scan (MalwareTips)
7/3/2026, 9:52:36 AM
Behavior tags
64bitspedll
Community classification

Reviews & malware reports(0)

Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.

Loading…
Loading reports…
Files are processed in a streaming pass-through — MalwareTips never stores the binary on its servers. Only the scan result (hash, detections, verdict) is retained so the next person who scans the same file gets an instant answer. If you ran this file on your computer and are worried, scan your system with an up-to-date antivirus and change critical passwords from a different device.