Suspicious
Unsigned Android APK with zero engine detections but direct-IP contact flagged by heuristic and extremely low prevalence.
352af70965fe236b8d…35e872c169The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
Zero malicious detections from 61 reporting engines including 17 tier-1 products rules out any named family. The file remains unsigned with only two historical submissions, placing it in the rare_old prevalence bucket. A single heuristic fired on direct-IP contact without DNS, which is atypical for benign apps but insufficient alone for a malicious verdict. No sandbox verdicts, dropped children, or external-intel hits exist to corroborate threat. The combination of unsigned status, rarity, and the heuristic produces mixed signals that warrant a suspicious classification rather than safe or malicious.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines.malicious=0 with tier1Malicious=0 across 17 tier-1 engines (Avast, Avira, BitDefender, DrWeb, ESET-NOD32, Emsisoft, F-Secure, Fortinet, GData, Ikarus, Kaspersky, McAfee)
signing.signed=false with signerStats.found=false — unsigned APK
behaviour.contactedIps=["74.125.133.188"] and triggeredHeuristics[0].rule="MalwareTips.Synth.DirectIpC2"
prevalence.classification="rare_old" with uniqueSources=2
- Zero engine detections across 61 reporters
- No sandbox malicious verdict
- No external-intel hits
- Unsigned APK
- Rare distribution (2 submitters)
- Direct-IP contact without DNS
Treat as untrusted; avoid installation until a signed version from a verified publisher can be obtained and re-scanned.
YARA + heuristic rules that fired
One or more medium-severity heuristic rules matched. Not definitive, but the patterns match known malware behaviour.
Sample contacted 1 external IP address(es) and zero domains. Benign software virtually always uses DNS; no-DNS direct-IP C2 is a strong malware indicator because it bypasses reputation systems and dodges domain-based blocklists.
Evidence74.125.133.188
0 detections across 72 engines
How often this file shows up in the wild
Rarely uploaded, but has been around for a while. Often niche legitimate software or old internal tooling; not a strong malware signal on its own.
Forensic fingerprint
- File name
- cryptraider-dwapplications-157-56907840-c04adb6ab0a49b89fd899a975f04db81.apk
- Size
- 22.53 MB
- MIME type
- (unknown)
- Detected type
- Android
- SHA-256
- 352af70965fe236b8d9aa489b2e91025f5e43ab36262970d1df19635e872c169
- MD5
- c04adb6ab0a49b89fd899a975f04db81
- SHA-1
- d73d223f14adf645a2b60eebc398edf01fd2cf0c
- First seen (VT)
- 3/22/2023, 3:51:47 PM
- Last analysis (VT)
- 9/20/2023, 3:53:45 PM
- First scan (MalwareTips)
- 7/11/2026, 4:29:54 PM
- Last scan (MalwareTips)
- 7/11/2026, 4:29:54 PM
Safety FAQ
Common questions about cryptraider-dwapplications-157-56907840-c04adb6ab0a49b89fd899a975f04db81.apk, answered from the scan data above.
- cryptraider-dwapplications-157-56907840-c04adb6ab0a49b89fd899a975f04db81.apk is suspicious — treat it as unsafe until you're sure. 0 of 72 antivirus engines flag it, which isn't a strong consensus but is enough to be cautious. Don't installed it unless you fully trust where it came from, and prefer downloading the software fresh from its official site.
- cryptraider-dwapplications-157-56907840-c04adb6ab0a49b89fd899a975f04db81.apk is an Android app (APK), about 22.5 MB. We identify a file by its cryptographic hash rather than its name, because the same filename can be reused by completely different files — the hash below is the reliable fingerprint.
- None — all 72 antivirus engines we queried report cryptraider-dwapplications-157-56907840-c04adb6ab0a49b89fd899a975f04db81.apk as clean. That's reassuring, though brand-new malware can briefly evade detection before vendors add signatures, so we also weigh the file's behaviour and reputation.
- Act quickly. 1) Disconnect the device from the internet to stop the malware communicating or spreading. 2) Run a full scan with reputable anti-malware software (such as Malwarebytes) and quarantine everything it finds. 3) Change your important passwords from a DIFFERENT, clean device — many threats log keystrokes or steal saved credentials. 4) If you bank or shop on this device, watch closely for fraud and alert your bank. 5) For a confirmed infection, the most reliable fix is to back up your personal files and reinstall the operating system for a clean start.
- To remove cryptraider-dwapplications-157-56907840-c04adb6ab0a49b89fd899a975f04db81.apk: 1) restart into Safe Mode (Safe Mode with Networking if you need to download a tool) so the malware doesn't auto-start. 2) Run a full scan with reputable anti-malware software and let it quarantine or delete the detections. 3) Delete the original cryptraider-dwapplications-157-56907840-c04adb6ab0a49b89fd899a975f04db81.apk file and empty the Recycle Bin/Trash. 4) Check your browser extensions, startup items, and scheduled tasks for anything unfamiliar. 5) Reboot and scan again to confirm it's gone. If detections keep coming back, a clean operating-system reinstall is the most dependable cure.
- The SHA-256 hash of cryptraider-dwapplications-157-56907840-c04adb6ab0a49b89fd899a975f04db81.apk is 352af70965fe236b8d9aa489b2e91025f5e43ab36262970d1df19635e872c169, and its MD5 is c04adb6ab0a49b89fd899a975f04db81. This hash is the file's unique fingerprint — two files with the same SHA-256 are identical. Use it to confirm you're looking at exactly this file (not just one with the same name) when comparing against antivirus databases or a download's published checksum.
- This report reflects the scan run on July 11, 2026. Because a file's hash never changes, the identity of cryptraider-dwapplications-157-56907840-c04adb6ab0a49b89fd899a975f04db81.apk is fixed — but antivirus coverage improves over time, so a file that looks clean today can pick up detections later (and vice-versa). If you need the latest picture, MalwareTips staff can re-run the analysis from scratch.
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.