Safe
Unsigned Android APK with zero malicious engine detections; contacted IPs are legitimate CDNs (Google, Yandex); no sandbox or family consensus threat.
7b8434d085ec3af82e…1551bf7fa3The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The file exhibits a clean-engine silence pattern: zero malicious detections, zero tier-1 consensus on any family, and 8 major tier-1 engines (Kaspersky, Microsoft, BitDefender, ESET, Fortinet, Avast, AVG, DrWeb) reporting no threat. Behaviour analysis shows 10 ambient MITRE techniques typical of Android apps (HTTP communication, system-info discovery, obfuscation) with zero offensive techniques. The DirectIpC2 heuristic fired because the sample contacted 12 IPs without DNS queries; however, these IPs resolve to Google and Yandex CDNs, which are legitimate infrastructure. Our URL cache confirms zero malicious hosts contacted. The file's 931-day age, medium prevalence (51 submitters), and absence of external-intelligence hits (CIRCL, YARAify, MalwareBazaar) further support a benign classification. Obfuscation and reflection tags are common in legitimate Android apps for modular architecture.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines: 0/60 malicious; tier1Malicious=0; 8 tier-1 engines silent (Kaspersky, Microsoft, BitDefender, ESET, Fortinet, Avast, AVG, DrWeb)
behaviour.offensiveCount=0; 10 ambient MITRE techniques (T1071, T1095, T1406, T1421-T1422, T1518.001) — all benign-common for Android
contactedHosts.maliciousHosts=0; contacted IPs are Google (142.251.143.x) and Yandex (87.250.250.120, 77.88.55.60) — legitimate CDNs, not malicious
triggeredHeuristics: DirectIpC2 fired but evidence is benign infrastructure contact; no corroborating malicious sandbox, dropped children, or family consensus
prevalence: medium (51 submitters, 60 submissions over 931 days); no external-intel hits (CIRCL, YARAify, MalwareBazaar all negative)
- Zero malicious detections across 60 antivirus engines
- 8 tier-1 vendors (Kaspersky, Microsoft, BitDefender, ESET, Fortinet, Avast, AVG, DrWeb) report no threat
- Contacted IPs are Google and Yandex public infrastructure, not malicious hosts
- Zero offensive MITRE techniques; 10 ambient techniques typical of Android apps
- No malicious sandbox verdicts, dropped children, or external-intelligence hits
This file is safe to use. The DirectIpC2 heuristic fired on legitimate CDN contact (Google, Yandex), not attacker infrastructure. No malware, ransomware, or infostealer indicators are present.
YARA + heuristic rules that fired
One or more medium-severity heuristic rules matched. Not definitive, but the patterns match known malware behaviour.
Sample contacted 12 external IP address(es) and zero domains. Benign software virtually always uses DNS; no-DNS direct-IP C2 is a strong malware indicator because it bypasses reputation systems and dodges domain-based blocklists.
Evidence87.250.250.120 · 77.88.55.60 · 213.180.204.244
0 detections across 75 engines
How often this file shows up in the wild
Moderate prevalence — neither rare nor common. No strong prior applies.
Forensic fingerprint
- File name
- com.fastie4.mlg_1.4.2.apk
- Size
- 66.40 MB
- MIME type
- (unknown)
- Detected type
- Android
- SHA-256
- 7b8434d085ec3af82ee39e9c22918a5261c5d54aa04c4dac5bbb6a1551bf7fa3
- MD5
- 07d8530b80f116d998df8328ec323874
- SHA-1
- a962acc7aa46622217a5cd3d2d4396309692e1b7
- First seen (VT)
- 12/16/2023, 1:20:37 PM
- Last analysis (VT)
- 5/1/2026, 8:15:42 PM
- First scan (MalwareTips)
- 7/4/2026, 4:45:16 AM
- Last scan (MalwareTips)
- 7/4/2026, 4:49:42 AM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.