Suspicious
Clean across 61 engines including 17 tier-1, but brand-new unsigned 7-Zip with PE files and password-bypass filename raises PUA/crack concerns.
7104b96b5007c3f5db…3a11566fa3The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The file scans completely clean with strong tier-1 consensus (17 clean) and good engine coverage, providing a strong safe signal. Countering this is its brand-new status, zero reputation, unsigned nature, and low prevalence, typical of emerging threats or unvetted software. The filename semantically implies a password-cracking utility for legitimate Motorola MOTOTRBO CPS software, common in PUA/cracked distributions. Absent runtime behavior or intel, we cannot confirm malice but cannot dismiss risks.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines.reporting=61, malicious=0, tier1Total=17 all clean
prevalence.classification='rare_new', file.ageDays=0
file.tags=['7zip','contains-pe'], signing.signed=false
filenameAnalysis.looksLikePortable=true
- engines.malicious=0 across 61 reporting
- tier1Total=17 all clean (e.g., Avast, BitDefender, Kaspersky)
- filenameAnalysis.looksLikePortable=true, hasNumericVersion=true — consistent with legit portable app
- adversarialInputFlags.anyInjectionSuspected=false
- No triggeredHeuristics fired
- file.ageDays=0 (brand new)
- prevalence.classification='rare_new' (2 submissions)
- signing.signed=false (unsigned)
- file.tags includes 'contains-pe' (executables inside archive)
- Filename suggests password bypass ('SALTAR CONTRASEÑAS')
- No signer history or similarHashes precedents
Do not execute directly; extract the 7-Zip contents and scan each PE file separately with updated security software. If this is for legitimate MOTOTRBO CPS use, obtain official password-protected version from Motorola.
0 detections across 75 engines
How often this file shows up in the wild
Barely seen in the wild and first surfaced recently. This is the footprint of targeted malware the AV industry hasn't signatured yet — extra scrutiny is warranted.
Forensic fingerprint
- File name
- SALTAR CONTRASEÑAS MOTOTRBO CPS2 v2.157.149.0.7z
- Size
- 328.0 KB
- MIME type
- application/octet-stream
- Detected type
- 7ZIP
- SHA-256
- 7104b96b5007c3f5db7f7de7b134f1be8820f5c0ff8753ea4c8eab3a11566fa3
- MD5
- 5b4826dbbf44f2bfee2787d3e7e2be34
- SHA-1
- 26513080fe5fd02463d51dd8ea7467f4b641aab6
- First seen (VT)
- 4/30/2026, 5:05:32 PM
- Last analysis (VT)
- 4/30/2026, 5:05:32 PM
- First scan (MalwareTips)
- 4/30/2026, 5:06:28 PM
- Last scan (MalwareTips)
- 4/30/2026, 10:21:23 PM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.