Suspicious
Unsigned 64-bit DLL with one tier-1 detection and mixed imphash history shows borderline signals.
5586668d58c8320d23…13b64aa5f2The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The engine set is sparse (4 malicious out of 66) yet includes a tier-1 detection, preventing a clean low-trust FP dismissal. Absence of code signing and any trusted-publisher history removes the benign-signed-installer safety net. Sandbox execution produced only ambient techniques and no malicious host contact, lowering immediate risk. Historical imphash matches split between safe and suspicious, so the file cannot be confidently cleared or condemned.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
TrendMicro-HouseCall tier1 detection: Trojan.Win64.Gen.TL0101DG26ZH
signing.verified=false, signerStats.found=false
similarHashes[0].verdict=suspicious (imphash match)
engines.malicious=4 with tier1Malicious=1
behaviour.hasMaliciousSandboxVerdict=false, offensiveCount=0
- Zero offensive MITRE techniques
- No malicious sandbox verdict
- Medium prevalence over 7 years
- Unsigned DLL
- Tier-1 engine detection present
- Filename suggests crack/patch utility
Treat as untrusted; do not load in production environments without additional verification or sandbox testing.
tl0101dg26zh corroborated by 2 sources
- VT (74 engines)tl0101dg26zh
- MT AI Enginetl0101dg26zh
What this file did when executed
This file was detonated in 1 sandbox and its runtime behaviour was observed.
Adversary techniques mapped to the MITRE ATT&CK framework.
- \Device\ConDrv\\Connect
4 detections across 74 engines
Section entropy & packers
Section-level entropy and packer detection from the PE header. Nothing suspicious here — entropy is within the normal range for unpacked code.
How often this file shows up in the wild
Moderate prevalence — neither rare nor common. No strong prior applies.
Forensic fingerprint
- File name
- vray_v41003_fix.dlr
- Size
- 3.5 KB
- MIME type
- (unknown)
- Detected type
- Win32 DLL
- SHA-256
- 5586668d58c8320d234edcebc9bc861b997b716d7e61d77a9afb0013b64aa5f2
- MD5
- cb89019b27a4eed1c7ba33f3149eb65c
- SHA-1
- 92a0b7b33ef7c20e0fed8e776dc5e2950d991711
- PE imphash
- 6e19abb36f191604c3793aee28e89b75
- First seen (VT)
- 4/1/2019, 1:09:04 PM
- Last analysis (VT)
- 7/1/2026, 11:03:16 PM
- First scan (MalwareTips)
- 7/3/2026, 9:54:53 AM
- Last scan (MalwareTips)
- 7/3/2026, 9:54:53 AM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.