Safe
Zero detections from 70 engines, clean sandbox behaviour, and medium prevalence support a benign classification.
3592e0e444671ba38e…1eeb28c1baThe verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
All 70 reporting engines returned clean results, including 16 tier-1 engines. The executable is unsigned and carries no signer history, yet the complete absence of detections combined with zero offensive MITRE techniques and no malicious sandbox verdict outweighs the unsigned status. Medium prevalence across 25 sources further reduces the chance of a novel threat. No brand mismatch, no triggered heuristics, and no external-intel hits corroborate the clean profile.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines.malicious=0 and engines.tier1Malicious=0 across 70 reporting engines
signing.signed=false with no signerStats history
behaviour.hasMaliciousSandboxVerdict=false and behaviour.offensiveCount=0
prevalence.classification=medium with 25 unique sources
similarHashes=[] — no conflicting prior verdicts on this imphash
- Zero malicious detections across all engine tiers
- Clean sandbox verdict with no malicious host contact
- Medium prevalence across 25 sources
Treat as safe for normal use; continue monitoring for any future engine detections as the file ages.
What this file did when executed
This file was detonated in 1 sandbox and its runtime behaviour was observed.
Adversary techniques mapped to the MITRE ATT&CK framework.
0 detections across 74 engines
Section entropy & packers
Section-level entropy and packer detection from the PE header. Nothing suspicious here — entropy is within the normal range for unpacked code.
How often this file shows up in the wild
Moderate prevalence — neither rare nor common. No strong prior applies.
Forensic fingerprint
- File name
- Universe Sandbox x64.exe
- Size
- 652.0 KB
- MIME type
- (unknown)
- Detected type
- Win32 EXE
- SHA-256
- 3592e0e444671ba38e01d66b630bec20b77b0d4858da2459084f9d1eeb28c1ba
- MD5
- ada895232b35630b444582fbc6e189a9
- SHA-1
- b10b0c4a486b79ce57925f4510ac85820c490cad
- PE imphash
- a136217cdd3247ff6a8766561064ca0b
- First seen (VT)
- 6/25/2026, 11:29:52 PM
- Last analysis (VT)
- 7/2/2026, 11:31:52 PM
- First scan (MalwareTips)
- 7/4/2026, 5:01:32 PM
- Last scan (MalwareTips)
- 7/4/2026, 5:01:32 PM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.