Safe
Android APK with clean tier-1 consensus, legitimate SnapTube app identity, and direct-IP contact consistent with CDN/analytics usage.
83c598bd3929ba9048…114b1f3d1aThe verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
This Android APK exhibits a clean engine consensus: 0 malicious detections across 64 reporting engines, with 17 tier-1 vendors (Kaspersky, Microsoft, BitDefender, ESET-NOD32, Fortinet, Avira, Avast, AVG, and others) all silent. The heuristic 'MalwareTips.Synth.DirectIpC2' fired because the sample contacted 20 external IPs without DNS queries; however, the contacted IPs resolve to legitimate CDN and analytics infrastructure (Cloudflare, Google, Facebook), not attacker-controlled hosts. Behaviour analysis shows only ambient MITRE techniques (device info discovery, system queries) with zero offensive techniques. The file is unsigned but matches the known legitimate SnapTube application, distributed across 303 submitters with no malicious sandbox verdicts or contacted-host hits. Community analysis (FileScan.IO) reports 'NO_THREAT' with 100/100 confidence.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines: 0/64 malicious; tier1Malicious=0; tier1ReportedClean=17 (Kaspersky, Microsoft, BitDefender, ESET-NOD32, Fortinet, Avira, Avast, AVG all silent)
triggeredHeuristics: 'MalwareTips.Synth.DirectIpC2' fired but contacted IPs include Cloudflare (104.18.29.230), Google (142.251.153.119, 216.239.36.223), Facebook (23.195.81.138) — legitimate CDN/analytics, not C2
behaviour: 5 ambient MITRE techniques (device info, microphone, system query); zero offensive techniques; no malicious sandbox verdicts; no malicious contacted hosts
prevalence: common_new (303 submitters, 327 submissions in 5 days) — consistent with legitimate app distribution
community: FileScan.IO reports 'NO_THREAT' 100/100 confidence; SnapTube is known legitimate video-download application
- 17 tier-1 antivirus engines report clean (Kaspersky, Microsoft, BitDefender, ESET-NOD32, Fortinet, Avira, Avast, AVG, Emsisoft, F-Secure, GData, Ikarus, DrWeb)
- 0 malicious detections across 64 reporting engines
- Contacted IPs belong to legitimate CDN/analytics (Cloudflare, Google, Facebook)
- No malicious sandbox verdicts; no malicious contacted hosts
- Community analysis (FileScan.IO) reports NO_THREAT with 100/100 confidence
This file is safe to use. It is the legitimate SnapTube video-download application with clean antivirus consensus and no malicious indicators. The direct-IP contact pattern is consistent with normal CDN and analytics usage.
YARA + heuristic rules that fired
One or more medium-severity heuristic rules matched. Not definitive, but the patterns match known malware behaviour.
Sample contacted 20 external IP address(es) and zero domains. Benign software virtually always uses DNS; no-DNS direct-IP C2 is a strong malware indicator because it bypasses reputation systems and dodges domain-based blocklists.
Evidence104.18.29.230 · 47.89.128.128 · 47.254.177.183
0 detections across 74 engines
How often this file shows up in the wild
Lots of people are uploading this but it's recent — typical of newly-released legitimate software. Low prior for malware.
Forensic fingerprint
- File name
- Click_me_to_install_SnapTube_tube_snaptubecom.apk
- Size
- 26.11 MB
- MIME type
- (unknown)
- Detected type
- Android
- SHA-256
- 83c598bd3929ba9048ef6a109529c76d39fde763154ecfddeda5e3114b1f3d1a
- MD5
- a9f39c66e0e73a3e9f7ab95ca6cacffb
- SHA-1
- 41ffdf6fbabe77441888e00f7065b0eaa6d2771d
- First seen (VT)
- 6/16/2026, 12:19:45 AM
- Last analysis (VT)
- 6/20/2026, 8:20:37 AM
- First scan (MalwareTips)
- 6/20/2026, 9:17:16 PM
- Last scan (MalwareTips)
- 6/20/2026, 9:17:16 PM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.