MalwareTips
File verdict·Decided by the MT AI Engine
Our call

Safe

alsoft.ini is a benign configuration file with zero malicious detections across 61 engines and 5-year established prevalence.

Trust score92High trust
MT AI confidence · 98%
alsoft.ini
31 B
37b67ff73aa4fdd271d00ae21f5d
Antivirus engines
0 of 75 flagged
Code signing
Unsigned
Age
First seen 5y ago
MT AI Engine · our arbiter

The verdict, reasoned out.

Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.

98%Confidence
Very high
Reasoning

alsoft.ini is a configuration file (INI format, 31 bytes) with zero detections across 61 reporting engines, including unanimous agreement from 17 high-trust vendors. The file's 5-year prevalence history (common_old classification) with 4,148 submissions demonstrates it is an established benign commodity. Sandbox analysis detected only ambient system-discovery techniques (scripting, protocol enumeration, system-info queries) — normal for configuration processing. No malicious contacted hosts, no dropped children, no external-intelligence corroboration of threats. Five independent FileScan.IO analyses independently returned NO_THREAT verdicts with 100% confidence, reinforcing the safety assessment.

Key signals · 5

Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.

  1. tier1ReportedClean=17 (Avast, BitDefender, Kaspersky, Microsoft, ESET-NOD32, Fortinet, Emsisoft, F-Secure, GData, Ikarus, Avira, AVG, DrWeb all undetected)

  2. prevalence.classification='common_old' with 4148 submissions across 2995 sources since 2021 — established benign distribution

  3. File type INI (configuration), 31 bytes — non-executable, inherently low-risk

  4. behaviour.offensiveCount=0; no malicious sandbox verdicts; no malicious contacted hosts

  5. communityComments: 5/5 FileScan.IO analyses returned NO_THREAT with 100/100 confidence

Points in its favour
  • 17 tier-1 antivirus engines report clean (BitDefender, Kaspersky, Microsoft, ESET-NOD32, Fortinet, Emsisoft, F-Secure, GData, Ikarus, Avira, AVG, DrWeb, Avast)
  • 4,148 submissions across 2,995 sources since 2021 — common_old prevalence classification
  • Zero malicious sandbox verdicts; no C2 contact or dropped children
  • 5 independent FileScan.IO analyses all returned NO_THREAT with 100/100 confidence
  • INI configuration file format (non-executable, inherently low-risk)
What to do

This file is safe. No quarantine or removal is necessary. It is a benign configuration file with a 5-year clean history and universal agreement from leading antivirus vendors.

Runtime behaviour

What this file did when executed

This file was detonated in 1 sandbox and its runtime behaviour was observed.

MITRE ATT&CK
3

Adversary techniques mapped to the MITRE ATT&CK framework.

T1064T1071T1082
Spawned processes
6
$(unnamed)
"C:\Windows\system32\wscript.exe" "C:\Users\<USER>\AppData\Local\Temp\script.js"
$(unnamed)
C:\Windows\system32\services.exe
$(unnamed)
C:\Windows\system32\svchost.exe -k DcomLaunch -p
$(unnamed)
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
$(unnamed)
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
$(unnamed)
C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\sample.js"
No researcher-database hits
External threat-intel sources were not collected for this scan.
Antivirus engine breakdown

0 detections across 75 engines

0 malicious0 suspicious75 clean
Tier-117 engines
0flag
Top commercial AVs (low FP rate)
Tier-238 engines
0flag
Mainstream engines with mixed FP rates
Low-trust20 engines
0flag
Heuristic / generic-AI engines (high FP rate)
All 75 engines report this file as clean.
Hash 37b67ff73aa4… cross-referenced against 75 AV engines via our AV network.
Prevalence

How often this file shows up in the wild

Widely seen in the wild for a long time. High prior this is legitimate; isolated detections on common-old files are usually false positives.

Common & old
Unique uploaders
2,995
Hundreds of people have uploaded this — common.
Total submissions
4,148
Includes repeat uploads by the same source.
First seen by VT
5y ago
Apr 5, 2021
Prevalence quadrant
Rare · New
Targeted malware lives here
Common · New
Just-released software
Rare · Old
Niche or internal tooling
here
Common · Old
Trusted legitimate binaries
File identity

Forensic fingerprint

File biography
First seen (VT)
4/5/2021, 6:02:58 PM
First seen (MalwareBazaar)
Last analysis (VT)
5/17/2026, 7:00:43 PM
Scanned here
6/10/2026, 9:54:23 AM
File name
alsoft.ini
Size
31 B
MIME type
(unknown)
Detected type
INI
SHA-256
37b67ff73aa4fdd271c32e9652946e2557b0fc94ff460de6fc7983d00ae21f5d
MD5
c0a92d39626eab678620c85e8eff1730
SHA-1
c616cb514944d07c6c7b6fca1b08286538cff2f2
First seen (VT)
4/5/2021, 6:02:58 PM
Last analysis (VT)
5/17/2026, 7:00:43 PM
First scan (MalwareTips)
6/10/2026, 9:54:23 AM
Last scan (MalwareTips)
6/10/2026, 9:54:23 AM
Behavior tags
idlelong-sleepsini
Community classification

Reviews & malware reports(0)

Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.

Loading…
Loading reports…
Scanned by
viruscheck
Scan another
Check a different file
URL instead?
Check if a link is safe
Files are processed in a streaming pass-through — MalwareTips never stores the binary on its servers. Only the scan result (hash, detections, verdict) is retained so the next person who scans the same file gets an instant answer. If you ran this file on your computer and are worried, scan your system with an up-to-date antivirus and change critical passwords from a different device.