File verdict·Decided by the MT AI Engine
Our call

Malicious

38 of 68 engines flag the unsigned rare_new PE with tier-1 consensus on Convagent/Dacic family.

convagent
Trust score12Critical
MT AI confidence · 88%
Fortnite Public.exe
1.1 MB
6bb13b556d2f002955e173d42294
Antivirus engines
38 of 73 flagged
Code signing
Unsigned
Age
First seen 1 day ago
MT AI Engine · our arbiter

The verdict, reasoned out.

Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.

88%Confidence
Very high
Reasoning

Strong tier-1 consensus (11 malicious, 5 engines naming the same family) combined with an unsigned state and rare_new prevalence outweighs the lack of sandbox or network telemetry. Multiple high-trust engines independently surface Convagent or Dacic labels, confirming the threat family. The filename Fortnite Public.exe is a common social-engineering lure but does not alter the engine evidence. No prior clean RAG matches exist to offset the current signals.

Key signals · 5

Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.

  1. engines.tier1Malicious=11 and tier1FamilyConsensus.strong=true (win64, 5 engines)

  2. signing.verified=false, signerStats.found=false

  3. prevalence.classification=rare_new, ageDays=0

  4. topDetections: Microsoft (Trojan:Win64/Convagent.RVA!MTB), Kaspersky (HEUR:Trojan.Win64.Convagent.gen), ESET-NOD32 (Win64/Agent_AGen.MCC trojan)

  5. popularThreatLabel=trojan.dacic/convagent

Points in its favour
  • No malicious sandbox verdict recorded
  • No contacted malicious hosts
  • No dropped malicious children
Points against
  • Unsigned executable
  • rare_new prevalence (single submission)
  • tier-1 family consensus on Convagent/Dacic
  • social-engineering filename
What to do

Treat as malicious; avoid execution and remove the file immediately.

Threat family attribution

dacic corroborated by 2 sources

  • VT (73 engines)
    dacic
  • MT AI Engine
    convagent
No researcher-database hits
External threat-intel sources were not collected for this scan.
Antivirus engine breakdown

38 detections across 73 engines

38 malicious0 suspicious35 clean
Tier-117 engines
11flag
Top commercial AVs (low FP rate)
Tier-240 engines
17flag
Mainstream engines with mixed FP rates
Low-trust16 engines
10flag
Heuristic / generic-AI engines (high FP rate)
AhnLab-V3
malicious
Malware/Win.Dacic.R769932
ALYac
malicious
Generic.Dacic.11262.12306E22
Antiy-AVL
malicious
Trojan/Win64.Convagent
APEX
malicious
Malicious
Arcabit
malicious
Generic.Dacic.11262.12306E22
Avast
malicious
Win64:MalwareX-gen [Misc]
AVG
malicious
Win64:MalwareX-gen [Misc]
Avira
malicious
TR/W64.Agent
BitDefender
malicious
Generic.Dacic.11262.12306E22
Bkav
malicious
W32.Malware.3373F46F
CrowdStrike
malicious
win/malicious_confidence_100% (D)
CTX
malicious
exe.unknown.dacic
Cylance
malicious
Unsafe
Cynet
malicious
Malicious (score: 99)
Elastic
malicious
malicious (high confidence)
Emsisoft
malicious
Generic.Dacic.11262.12306E22 (B)
ESET-NOD32
malicious
Win64/Agent_AGen.MCC trojan
F-Secure
malicious
Trojan.TR/W64.Agent
Fortinet
malicious
W64/Agent.MCC!tr
GData
malicious
Generic.Dacic.11262.12306E22
Google
malicious
Detected
Gridinsoft
malicious
Trojan.Win64.Agent.oa!s1
huorong
malicious
Backdoor/Agent.rv
K7AntiVirus
malicious
Trojan ( 006dd7ed1 )
K7GW
malicious
Trojan ( 006dd7ed1 )
Kaspersky
malicious
HEUR:Trojan.Win64.Convagent.gen
Malwarebytes
malicious
Malware.AI.3512878609
MaxSecure
malicious
Trojan.Malware.121218.susgen
McAfeeD
malicious
ti!6BB13B556D2F
Microsoft
malicious
Trojan:Win64/Convagent.RVA!MTB
MicroWorld-eScan
malicious
Generic.Dacic.11262.12306E22
Panda
malicious
Trj/GdSda.A
Rising
malicious
Trojan.Agent/x64!1.13F42 (CLASSIC)
Tencent
malicious
Malware.Win32.Gencirc.10c4701c
Varist
malicious
W64/Convagent.FI.gen!Eldorado
VIPRE
malicious
Generic.Dacic.11262.12306E22
Webroot
malicious
Win.Trojan.Gen
Zillya
malicious
Trojan.AgentAGen.Win64.42445
Hash 6bb13b556d2f… cross-referenced against 73 AV engines via our AV network.
PE forensics

Section entropy & packers

Section-level entropy and packer detection from the PE header. Nothing suspicious here — entropy is within the normal range for unpacked code.

Unpacked
Section entropy7 sections
.text
6.37
.rdata
1.08
.data
4.74
.pdata
5.78
.CRT
0.00
.tls
0.01
.reloc
4.11
0.0Packed threshold 7.28.0
Prevalence

How often this file shows up in the wild

Barely seen in the wild and first surfaced recently. This is the footprint of targeted malware the AV industry hasn't signatured yet — extra scrutiny is warranted.

Rare & new
Unique uploaders
1
Very few people have ever uploaded this — rare.
Total submissions
1
Includes repeat uploads by the same source.
First seen by VT
0d ago
Jul 7, 2026
Prevalence quadrant
here
Rare · New
Targeted malware lives here
Common · New
Just-released software
Rare · Old
Niche or internal tooling
Common · Old
Trusted legitimate binaries
File identity

Forensic fingerprint

File biography
First seen (VT)
7/7/2026, 1:30:45 PM
First seen (MalwareBazaar)
Last analysis (VT)
7/7/2026, 1:30:45 PM
Scanned here
7/7/2026, 1:39:11 PM
File name
Fortnite Public.exe
Size
1.09 MB
MIME type
(unknown)
Detected type
Win32 EXE
SHA-256
6bb13b556d2f002955a5d096115eedf3a511e95df969b4d4cbdb46e173d42294
MD5
0cd612bdf6c929b75573bfb3d3cab0ab
SHA-1
8b09a87ab29fafbd261b1cdf5c63fedd6b70dbb3
PE imphash
73f461c771aef77ec43d53a0c54f0c8d
First seen (VT)
7/7/2026, 1:30:45 PM
Last analysis (VT)
7/7/2026, 1:30:45 PM
First scan (MalwareTips)
7/7/2026, 1:39:11 PM
Last scan (MalwareTips)
7/7/2026, 1:39:11 PM
Behavior tags
64bitspeexe
Community classification

Reviews & malware reports(0)

Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.

Loading…
Loading reports…
Files are processed in a streaming pass-through — MalwareTips never stores the binary on its servers. Only the scan result (hash, detections, verdict) is retained so the next person who scans the same file gets an instant answer. If you ran this file on your computer and are worried, scan your system with an up-to-date antivirus and change critical passwords from a different device.