Safe
Single low-trust engine flagged this rare ZIP archive; 17 tier-1 engines silent; no external corroboration or sandbox malice detected.
5ed89f4d17c2be859c…2bc8f4acceThe verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The file exhibits a classic low-trust-only false positive shape: a single malicious flag from McAfeeD (low-trust tier) using a generic 'SuspiciousBundler' heuristic label, while all major tier-1 engines (Kaspersky, Microsoft, BitDefender, ESET, Avira, Fortinet, Emsisoft, F-Secure, Ikarus, GData, DrWeb, Avast, AVG) remain silent. The archive is unsigned, rare (1 submission, 0 days old), and has no signer history or sandbox execution data. External intelligence sources returned no hits. The filename pattern and installer/portable hints are consistent with legitimate bundled software distributions. The absence of any tier-1 consensus, external corroboration, or runtime malicious behaviour strongly indicates this is a false positive rather than genuine malware.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
McAfeeD (low-trust tier) sole malicious flag: 'Trojan:Archive/SuspiciousBundler.N' — generic heuristic label, no tier-1 consensus
tier1Malicious=0; 17/17 tier-1 engines reporting clean (Kaspersky, Microsoft, BitDefender, ESET, Avira, Fortinet, Emsisoft, F-Secure, Ikarus, GData, DrWeb, Avast, AVG)
onlyLowTrustFlagging=true; engines.malicious=1/64 (1.56%); no external intel corroboration (yaraify.ruleCount=0, circl.hit=false, malwareBazaar.hit=false)
File is unsigned, rare_new (1 submission, 0 days), no signer history, no sandbox verdict, no dropped children — insufficient evidence depth
filenameAnalysis: hasInstallerHint=true, looksLikePortable=true; no adversarial injection; generic archive filename pattern consistent with legitimate bundled installers
- 17/17 tier-1 engines reporting clean (Kaspersky, Microsoft, BitDefender, ESET, Avira, Fortinet, Emsisoft, F-Secure, Ikarus, GData, DrWeb, Avast, AVG)
- No external intelligence corroboration (yaraify.ruleCount=0, circl.hit=false, malwareBazaar.hit=false)
- No sandbox malicious verdict, no dropped children, no malicious contacted hosts
- No triggered heuristics; no adversarial filename injection detected
- Generic heuristic label ('SuspiciousBundler') from single low-trust engine; no named family consensus
This file exhibits a low-trust-only false positive pattern. If obtained from a trusted source, it is safe to use. Verify the publisher through official channels if uncertain about origin.
suspiciousbundler corroborated by 1 source
- VT (75 engines)suspiciousbundler
1 contradiction resolved by the scoring engine
1 detection across 75 engines
How often this file shows up in the wild
Barely seen in the wild and first surfaced recently. This is the footprint of targeted malware the AV industry hasn't signatured yet — extra scrutiny is warranted.
Forensic fingerprint
- File name
- SETUP_FILE_(KEY=1463).zip
- Size
- 30.63 MB
- MIME type
- application/x-zip-compressed
- Detected type
- ZIP
- SHA-256
- 5ed89f4d17c2be859c42a9d3649a2f75df30b2dc149b7a50d55a4f2bc8f4acce
- MD5
- 1905b4aee59068b8bf09d8b0b4134cef
- SHA-1
- e7ece1c20c1f401588ba6c3969eaf8b40d11c49b
- First seen (VT)
- 6/28/2026, 4:41:05 PM
- Last analysis (VT)
- 6/28/2026, 4:41:05 PM
- First scan (MalwareTips)
- 6/28/2026, 4:42:18 PM
- Last scan (MalwareTips)
- 6/28/2026, 4:43:03 PM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.