File verdict·Decided by the MT AI Engine
Our call

Safe

Old unsigned ZIP installer with zero engine detections and clean sandbox behaviour across 3752 days.

Trust score88High trust
MT AI confidence · 90%
truvision_device_manager_3.0.0.2.zip
35.6 MB
8ca4e6e6699b4f237b83e88fc252
Antivirus engines
0 of 75 flagged
Code signing
Unsigned
Age
First seen 10y ago
MT AI Engine · our arbiter

The verdict, reasoned out.

Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.

90%Confidence
Very high
Reasoning

Zero malicious detections from 68 engines including 17 tier-1 vendors eliminates any tier-1 consensus signal. The 3752-day age and medium prevalence classification indicate a long-standing commodity installer rather than new or rare malware. Sandbox execution produced only benign temporary installer files with no offensive MITRE techniques or malicious host contacts. External sources (YARAify, CIRCL) returned no matches, reinforcing the clean profile.

Key signals · 4

Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.

  1. engines.malicious=0 and engines.tier1Malicious=0 across 68 reporting engines

  2. prevalence.classification=medium with firstSubmissionDate 2016-03-26

  3. behaviour.hasMaliciousSandboxVerdict=false and droppedChildren.hasMaliciousChild=false

  4. externalIntel.yaraify.ruleCount=0 and externalIntel.circl.knownMalicious=null

Points in its favour
  • Zero engine detections across tier-1 and tier-2 vendors
  • 3752-day history with medium prevalence
  • Clean sandbox execution with no malicious indicators
What to do

The archive shows no malicious indicators and can be treated as benign commodity software.

Runtime behaviour

What this file did when executed

This file was detonated in 1 sandbox and its runtime behaviour was observed.

Spawned processes
1
$(unnamed)
C:\Users\<USER>\AppData\Local\Temp\{8280EDB4-9BD3-4137-BF8E-2B6F12C55E16}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BE8ED819-AF53-47A7-A6F9-11B1C37D09DF}
Filesystem & mutexes
29
Files written15
  • C:\Users\<USER>\AppData\Local\Temp\{539072F1-F4E1-4303-990D-2F727027779B}\Disk1\0x0409.ini
  • C:\Users\<USER>\AppData\Local\Temp\{539072F1-F4E1-4303-990D-2F727027779B}\Disk1\0x0804.ini
  • C:\Users\<USER>\AppData\Local\Temp\{539072F1-F4E1-4303-990D-2F727027779B}\Disk1\data1.cab
  • C:\Users\<USER>\AppData\Local\Temp\{539072F1-F4E1-4303-990D-2F727027779B}\Disk1\data1.hdr
  • C:\Users\<USER>\AppData\Local\Temp\{539072F1-F4E1-4303-990D-2F727027779B}\Disk1\ISSetup.dll
+10 more
Files deleted13
  • C:\Users\<USER>\AppData\Local\Temp\{8280EDB4-9BD3-4137-BF8E-2B6F12C55E16}\{66BF03E2-C132-4B07-95E6-623A35844D38}\setup.inx
  • C:\Users\<USER>\AppData\Local\Temp\{8280EDB4-9BD3-4137-BF8E-2B6F12C55E16}\{66BF03E2-C132-4B07-95E6-623A35844D38}\license.rtf
  • C:\Users\<USER>\AppData\Local\Temp\{8280EDB4-9BD3-4137-BF8E-2B6F12C55E16}\{66BF03E2-C132-4B07-95E6-623A35844D38}\Setup.xml
  • C:\Users\<USER>\AppData\Local\Temp\{8280EDB4-9BD3-4137-BF8E-2B6F12C55E16}\{66BF03E2-C132-4B07-95E6-623A35844D38}\vcredist_x86.exe
  • C:\Users\<USER>\AppData\Local\Temp\{8280EDB4-9BD3-4137-BF8E-2B6F12C55E16}\{66BF03E2-C132-4B07-95E6-623A35844D38}\FontData.ini
+8 more
Mutexes created1
  • 66BF03E2-C132-4B07-95E6-623A35844D38
Dropped payload

Files this sample writes at runtime

This file drops 10 children at runtime. None are currently flagged malicious in our cache.

10 unseen
  • e994689a13b9448c074f16d8f3Never scanned
    never seen before
  • b1422d24b8b703541404ce407cNever scanned
    never seen before
  • 9c80b94f182d0f6e8745c122a9Never scanned
    never seen before
  • 1fac3aa23390131843950e9070Never scanned
    never seen before
  • e810b040d619e43d12a6d3a338Never scanned
    never seen before
  • a51411ad8077ecc62583ff7e22Never scanned
    never seen before
  • 2ca41d7e10d94c0afdaabcc93cNever scanned
    never seen before
  • c5b0fe9bbfacb6c034bfe3f6e8Never scanned
    never seen before
  • b973d3d0260f70939ed0fdce66Never scanned
    never seen before
  • 2301902ec24434dd7475f7a706Never scanned
    never seen before
No researcher-database hits
External threat-intel sources were not collected for this scan.
Antivirus engine breakdown

0 detections across 75 engines

0 malicious0 suspicious75 clean
Tier-117 engines
0flag
Top commercial AVs (low FP rate)
Tier-237 engines
0flag
Mainstream engines with mixed FP rates
Low-trust21 engines
0flag
Heuristic / generic-AI engines (high FP rate)
All 75 engines report this file as clean.
Hash 8ca4e6e6699b… cross-referenced against 75 AV engines via our AV network.
Prevalence

How often this file shows up in the wild

Moderate prevalence — neither rare nor common. No strong prior applies.

Medium
Unique uploaders
8
Moderate upload volume.
Total submissions
8
Includes repeat uploads by the same source.
First seen by VT
10y ago
Mar 25, 2016
Prevalence quadrant
Rare · New
Targeted malware lives here
Common · New
Just-released software
Rare · Old
Niche or internal tooling
Common · Old
Trusted legitimate binaries
File identity

Forensic fingerprint

File biography
First seen (VT)
3/25/2016, 9:44:44 PM
First seen (MalwareBazaar)
Last analysis (VT)
12/18/2025, 12:04:33 AM
Scanned here
7/4/2026, 8:58:58 AM
File name
truvision_device_manager_3.0.0.2.zip
Size
35.59 MB
MIME type
(unknown)
Detected type
ZIP
SHA-256
8ca4e6e6699b4f237b64189dee8e26a9ecd2932a93fe18741ce54c83e88fc252
MD5
eb9d2bb2148f148588c4ce2d9036c9a8
SHA-1
760e7bffa162d852e61a3027386e6a0a2d972517
First seen (VT)
3/25/2016, 9:44:44 PM
Last analysis (VT)
12/18/2025, 12:04:33 AM
First scan (MalwareTips)
7/4/2026, 8:58:58 AM
Last scan (MalwareTips)
7/4/2026, 8:58:58 AM
Behavior tags
zipcontains-pe
Community classification

Reviews & malware reports(0)

Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.

Loading…
Loading reports…
Files are processed in a streaming pass-through — MalwareTips never stores the binary on its servers. Only the scan result (hash, detections, verdict) is retained so the next person who scans the same file gets an instant answer. If you ran this file on your computer and are worried, scan your system with an up-to-date antivirus and change critical passwords from a different device.