Safe
Old unsigned ZIP installer with zero engine detections and clean sandbox behaviour across 3752 days.
8ca4e6e6699b4f237b…83e88fc252The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
Zero malicious detections from 68 engines including 17 tier-1 vendors eliminates any tier-1 consensus signal. The 3752-day age and medium prevalence classification indicate a long-standing commodity installer rather than new or rare malware. Sandbox execution produced only benign temporary installer files with no offensive MITRE techniques or malicious host contacts. External sources (YARAify, CIRCL) returned no matches, reinforcing the clean profile.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines.malicious=0 and engines.tier1Malicious=0 across 68 reporting engines
prevalence.classification=medium with firstSubmissionDate 2016-03-26
behaviour.hasMaliciousSandboxVerdict=false and droppedChildren.hasMaliciousChild=false
externalIntel.yaraify.ruleCount=0 and externalIntel.circl.knownMalicious=null
- Zero engine detections across tier-1 and tier-2 vendors
- 3752-day history with medium prevalence
- Clean sandbox execution with no malicious indicators
The archive shows no malicious indicators and can be treated as benign commodity software.
What this file did when executed
This file was detonated in 1 sandbox and its runtime behaviour was observed.
- C:\Users\<USER>\AppData\Local\Temp\{539072F1-F4E1-4303-990D-2F727027779B}\Disk1\0x0409.ini
- C:\Users\<USER>\AppData\Local\Temp\{539072F1-F4E1-4303-990D-2F727027779B}\Disk1\0x0804.ini
- C:\Users\<USER>\AppData\Local\Temp\{539072F1-F4E1-4303-990D-2F727027779B}\Disk1\data1.cab
- C:\Users\<USER>\AppData\Local\Temp\{539072F1-F4E1-4303-990D-2F727027779B}\Disk1\data1.hdr
- C:\Users\<USER>\AppData\Local\Temp\{539072F1-F4E1-4303-990D-2F727027779B}\Disk1\ISSetup.dll
- C:\Users\<USER>\AppData\Local\Temp\{8280EDB4-9BD3-4137-BF8E-2B6F12C55E16}\{66BF03E2-C132-4B07-95E6-623A35844D38}\setup.inx
- C:\Users\<USER>\AppData\Local\Temp\{8280EDB4-9BD3-4137-BF8E-2B6F12C55E16}\{66BF03E2-C132-4B07-95E6-623A35844D38}\license.rtf
- C:\Users\<USER>\AppData\Local\Temp\{8280EDB4-9BD3-4137-BF8E-2B6F12C55E16}\{66BF03E2-C132-4B07-95E6-623A35844D38}\Setup.xml
- C:\Users\<USER>\AppData\Local\Temp\{8280EDB4-9BD3-4137-BF8E-2B6F12C55E16}\{66BF03E2-C132-4B07-95E6-623A35844D38}\vcredist_x86.exe
- C:\Users\<USER>\AppData\Local\Temp\{8280EDB4-9BD3-4137-BF8E-2B6F12C55E16}\{66BF03E2-C132-4B07-95E6-623A35844D38}\FontData.ini
- 66BF03E2-C132-4B07-95E6-623A35844D38
Files this sample writes at runtime
This file drops 10 children at runtime. None are currently flagged malicious in our cache.
- e994689a13b9448c074f…16d8f3Never scannednever seen before
- b1422d24b8b703541404…ce407cNever scannednever seen before
- 9c80b94f182d0f6e8745…c122a9Never scannednever seen before
- 1fac3aa2339013184395…0e9070Never scannednever seen before
- e810b040d619e43d12a6…d3a338Never scannednever seen before
- a51411ad8077ecc62583…ff7e22Never scannednever seen before
- 2ca41d7e10d94c0afdaa…bcc93cNever scannednever seen before
- c5b0fe9bbfacb6c034bf…e3f6e8Never scannednever seen before
- b973d3d0260f70939ed0…fdce66Never scannednever seen before
- 2301902ec24434dd7475…f7a706Never scannednever seen before
0 detections across 75 engines
How often this file shows up in the wild
Moderate prevalence — neither rare nor common. No strong prior applies.
Forensic fingerprint
- File name
- truvision_device_manager_3.0.0.2.zip
- Size
- 35.59 MB
- MIME type
- (unknown)
- Detected type
- ZIP
- SHA-256
- 8ca4e6e6699b4f237b64189dee8e26a9ecd2932a93fe18741ce54c83e88fc252
- MD5
- eb9d2bb2148f148588c4ce2d9036c9a8
- SHA-1
- 760e7bffa162d852e61a3027386e6a0a2d972517
- First seen (VT)
- 3/25/2016, 9:44:44 PM
- Last analysis (VT)
- 12/18/2025, 12:04:33 AM
- First scan (MalwareTips)
- 7/4/2026, 8:58:58 AM
- Last scan (MalwareTips)
- 7/4/2026, 8:58:58 AM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.