Malicious
Unsigned ZIP containing PE flagged by four tier-1 engines as Yogi/Agent.AIRX variant.
932a6a30fd544497c3…e2d18b336dThe verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
Tier-1 consensus on the Yogi family outweighs the modest total detection count. Absence of signing and zero historical reputation for this rare_new sample further support a malicious classification. No sandbox or network telemetry contradicts the engine findings, and no similar-hash RAG entries exist to suggest prior clean verdicts.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines.tier1Malicious=4 (BitDefender, ESET-NOD32, GData, Kaspersky)
tier1FamilyConsensus.family='variant' with agreeingEngines=2
popularThreatLabel='trojan.yogi/airx' and topDetections include 'Win32/Agent.AIRX trojan'
signing.verified=false and prevalence.classification='rare_new'
filenameAnalysis.looksLikePortable=true with contains-pe tag
- Unsigned file
- rare_new prevalence
- tier-1 detections naming Yogi/Agent.AIRX
Treat the archive as malicious and remove it; avoid execution until a clean source is verified.
yogi corroborated by 2 sources
- VT (74 engines)yogi
- MT AI Engineyogi
6 detections across 74 engines
How often this file shows up in the wild
Barely seen in the wild and first surfaced recently. This is the footprint of targeted malware the AV industry hasn't signatured yet — extra scrutiny is warranted.
Forensic fingerprint
- File name
- ryujinx.zip
- Size
- 48.42 MB
- MIME type
- application/x-zip-compressed
- Detected type
- ZIP
- SHA-256
- 932a6a30fd544497c37f29c7a3ea1323636e5bbb65bcd8ce035841e2d18b336d
- MD5
- 93581008fe5bc0addd1b5a617b029ad5
- SHA-1
- 06af1a4202f65e5f75f57364a85960d5d78bb1cd
- First seen (VT)
- 7/6/2026, 5:24:12 PM
- Last analysis (VT)
- 7/6/2026, 5:25:36 PM
- First scan (MalwareTips)
- 7/6/2026, 5:25:24 PM
- Last scan (MalwareTips)
- 7/6/2026, 5:27:25 PM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.