File verdict·Decided by the MT AI Engine
Our call

Malicious

Unsigned ZIP containing PE flagged by four tier-1 engines as Yogi/Agent.AIRX variant.

yogi
Trust score12Critical
MT AI confidence · 78%
ryujinx.zip
48.4 MB
932a6a30fd544497c3e2d18b336d
Antivirus engines
6 of 74 flagged
Code signing
Unsigned
Age
First seen 2 days ago
MT AI Engine · our arbiter

The verdict, reasoned out.

Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.

78%Confidence
High
Reasoning

Tier-1 consensus on the Yogi family outweighs the modest total detection count. Absence of signing and zero historical reputation for this rare_new sample further support a malicious classification. No sandbox or network telemetry contradicts the engine findings, and no similar-hash RAG entries exist to suggest prior clean verdicts.

Key signals · 5

Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.

  1. engines.tier1Malicious=4 (BitDefender, ESET-NOD32, GData, Kaspersky)

  2. tier1FamilyConsensus.family='variant' with agreeingEngines=2

  3. popularThreatLabel='trojan.yogi/airx' and topDetections include 'Win32/Agent.AIRX trojan'

  4. signing.verified=false and prevalence.classification='rare_new'

  5. filenameAnalysis.looksLikePortable=true with contains-pe tag

Points against
  • Unsigned file
  • rare_new prevalence
  • tier-1 detections naming Yogi/Agent.AIRX
What to do

Treat the archive as malicious and remove it; avoid execution until a clean source is verified.

Threat family attribution

yogi corroborated by 2 sources

  • VT (74 engines)
    yogi
  • MT AI Engine
    yogi
No researcher-database hits
External threat-intel sources were not collected for this scan.
Antivirus engine breakdown

6 detections across 74 engines

6 malicious0 suspicious68 clean
Tier-117 engines
4flag
Top commercial AVs (low FP rate)
Tier-240 engines
1flag
Mainstream engines with mixed FP rates
Low-trust17 engines
1flag
Heuristic / generic-AI engines (high FP rate)
BitDefender
malicious
Gen:Variant.Yogi.23923
Bkav
malicious
W32.Malware.F9C11E55
CTX
malicious
zip.unknown.yogi
ESET-NOD32
malicious
Win32/Agent.AIRX trojan
GData
malicious
Gen:Variant.Yogi.23923
Kaspersky
malicious
UDS:Trojan.Win32.GenericML.xnet
Hash 932a6a30fd54… cross-referenced against 74 AV engines via our AV network.
Prevalence

How often this file shows up in the wild

Barely seen in the wild and first surfaced recently. This is the footprint of targeted malware the AV industry hasn't signatured yet — extra scrutiny is warranted.

Rare & new
Unique uploaders
2
Very few people have ever uploaded this — rare.
Total submissions
2
Includes repeat uploads by the same source.
First seen by VT
1d ago
Jul 6, 2026
Prevalence quadrant
here
Rare · New
Targeted malware lives here
Common · New
Just-released software
Rare · Old
Niche or internal tooling
Common · Old
Trusted legitimate binaries
File identity

Forensic fingerprint

File biography
First seen (VT)
7/6/2026, 5:24:12 PM
First seen (MalwareBazaar)
Last analysis (VT)
7/6/2026, 5:25:36 PM
Scanned here
7/6/2026, 5:27:25 PM
File name
ryujinx.zip
Size
48.42 MB
MIME type
application/x-zip-compressed
Detected type
ZIP
SHA-256
932a6a30fd544497c37f29c7a3ea1323636e5bbb65bcd8ce035841e2d18b336d
MD5
93581008fe5bc0addd1b5a617b029ad5
SHA-1
06af1a4202f65e5f75f57364a85960d5d78bb1cd
First seen (VT)
7/6/2026, 5:24:12 PM
Last analysis (VT)
7/6/2026, 5:25:36 PM
First scan (MalwareTips)
7/6/2026, 5:25:24 PM
Last scan (MalwareTips)
7/6/2026, 5:27:25 PM
Behavior tags
zipcontains-pe
Community classification

Reviews & malware reports(0)

Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.

Loading…
Loading reports…
Files are processed in a streaming pass-through — MalwareTips never stores the binary on its servers. Only the scan result (hash, detections, verdict) is retained so the next person who scans the same file gets an instant answer. If you ran this file on your computer and are worried, scan your system with an up-to-date antivirus and change critical passwords from a different device.