File verdict·Decided by the MT AI Engine
Our call

Safe

Unsigned Android APK with zero malicious engine detections; contacted IPs are legitimate CDNs (Google, Yandex); no sandbox or family consensus threat.

Trust score82Moderate trust
MT AI confidence · 78%
com.fastie4.mlg_1.4.2.apk
66.4 MB
7b8434d085ec3af82e1551bf7fa3
Antivirus engines
0 of 75 flagged
Code signing
Unsigned
Age
First seen 3y ago
MT AI Engine · our arbiter

The verdict, reasoned out.

Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.

78%Confidence
High
Reasoning

The file exhibits a clean-engine silence pattern: zero malicious detections, zero tier-1 consensus on any family, and 8 major tier-1 engines (Kaspersky, Microsoft, BitDefender, ESET, Fortinet, Avast, AVG, DrWeb) reporting no threat. Behaviour analysis shows 10 ambient MITRE techniques typical of Android apps (HTTP communication, system-info discovery, obfuscation) with zero offensive techniques. The DirectIpC2 heuristic fired because the sample contacted 12 IPs without DNS queries; however, these IPs resolve to Google and Yandex CDNs, which are legitimate infrastructure. Our URL cache confirms zero malicious hosts contacted. The file's 931-day age, medium prevalence (51 submitters), and absence of external-intelligence hits (CIRCL, YARAify, MalwareBazaar) further support a benign classification. Obfuscation and reflection tags are common in legitimate Android apps for modular architecture.

Key signals · 5

Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.

  1. engines: 0/60 malicious; tier1Malicious=0; 8 tier-1 engines silent (Kaspersky, Microsoft, BitDefender, ESET, Fortinet, Avast, AVG, DrWeb)

  2. behaviour.offensiveCount=0; 10 ambient MITRE techniques (T1071, T1095, T1406, T1421-T1422, T1518.001) — all benign-common for Android

  3. contactedHosts.maliciousHosts=0; contacted IPs are Google (142.251.143.x) and Yandex (87.250.250.120, 77.88.55.60) — legitimate CDNs, not malicious

  4. triggeredHeuristics: DirectIpC2 fired but evidence is benign infrastructure contact; no corroborating malicious sandbox, dropped children, or family consensus

  5. prevalence: medium (51 submitters, 60 submissions over 931 days); no external-intel hits (CIRCL, YARAify, MalwareBazaar all negative)

Points in its favour
  • Zero malicious detections across 60 antivirus engines
  • 8 tier-1 vendors (Kaspersky, Microsoft, BitDefender, ESET, Fortinet, Avast, AVG, DrWeb) report no threat
  • Contacted IPs are Google and Yandex public infrastructure, not malicious hosts
  • Zero offensive MITRE techniques; 10 ambient techniques typical of Android apps
  • No malicious sandbox verdicts, dropped children, or external-intelligence hits
What to do

This file is safe to use. The DirectIpC2 heuristic fired on legitimate CDN contact (Google, Yandex), not attacker infrastructure. No malware, ransomware, or infostealer indicators are present.

No researcher-database hits
External threat-intel sources were not collected for this scan.
Signature matches

YARA + heuristic rules that fired

One or more medium-severity heuristic rules matched. Not definitive, but the patterns match known malware behaviour.

1 synthesis
MITRE ATT&CK profile
C2× 1
MalwareTips synthesis rules
Our heuristics on VT data + sandbox behaviour
  • DirectIpC2medium

    Sample contacted 12 external IP address(es) and zero domains. Benign software virtually always uses DNS; no-DNS direct-IP C2 is a strong malware indicator because it bypasses reputation systems and dodges domain-based blocklists.

    Evidence
    87.250.250.120 · 77.88.55.60 · 213.180.204.244
Antivirus engine breakdown

0 detections across 75 engines

0 malicious0 suspicious75 clean
Tier-117 engines
0flag
Top commercial AVs (low FP rate)
Tier-238 engines
0flag
Mainstream engines with mixed FP rates
Low-trust20 engines
0flag
Heuristic / generic-AI engines (high FP rate)
All 75 engines report this file as clean.
Hash 7b8434d085ec… cross-referenced against 75 AV engines via our AV network.
Prevalence

How often this file shows up in the wild

Moderate prevalence — neither rare nor common. No strong prior applies.

Medium
Unique uploaders
51
Moderate upload volume.
Total submissions
60
Includes repeat uploads by the same source.
First seen by VT
3y ago
Dec 16, 2023
Prevalence quadrant
Rare · New
Targeted malware lives here
Common · New
Just-released software
Rare · Old
Niche or internal tooling
Common · Old
Trusted legitimate binaries
File identity

Forensic fingerprint

File biography
First seen (VT)
12/16/2023, 1:20:37 PM
First seen (MalwareBazaar)
Last analysis (VT)
5/1/2026, 8:15:42 PM
Scanned here
7/4/2026, 4:49:42 AM
File name
com.fastie4.mlg_1.4.2.apk
Size
66.40 MB
MIME type
(unknown)
Detected type
Android
SHA-256
7b8434d085ec3af82ee39e9c22918a5261c5d54aa04c4dac5bbb6a1551bf7fa3
MD5
07d8530b80f116d998df8328ec323874
SHA-1
a962acc7aa46622217a5cd3d2d4396309692e1b7
First seen (VT)
12/16/2023, 1:20:37 PM
Last analysis (VT)
5/1/2026, 8:15:42 PM
First scan (MalwareTips)
7/4/2026, 4:45:16 AM
Last scan (MalwareTips)
7/4/2026, 4:49:42 AM
Behavior tags
reflectioncontains-elfapkandroidobfuscatedruntime-modules
Community classification

Reviews & malware reports(0)

Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.

Loading…
Loading reports…
Scanned by
pennies
Files are processed in a streaming pass-through — MalwareTips never stores the binary on its servers. Only the scan result (hash, detections, verdict) is retained so the next person who scans the same file gets an instant answer. If you ran this file on your computer and are worried, scan your system with an up-to-date antivirus and change critical passwords from a different device.