Safe
51-byte JSON file with zero detections across 16 tier-1 antivirus engines and no behavioral or external malware indicators.
957d1d6645c4bdecc0…22aa68ca9bThe verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The file presents a clean profile across our antivirus network. Sixteen high-trust engines including Kaspersky, Microsoft, BitDefender, and ESET-NOD32 all report the sample undetected, with zero malicious detections across 61 reporting engines. No tier-1 family consensus exists, no sandbox execution data is available, and external intelligence sources (CIRCL, MalwareBazaar, YARAify) return no hits. The filename's piracy reference conflicts with the actual JSON content type and minimal 51-byte size, suggesting either a labeling error or a benign test sample. No heuristic rules fired, no adversarial input patterns were detected, and no brand mismatch was identified. The rare_new prevalence (2 submitters, 2 submissions) reflects novelty rather than evasion.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
0/75 engines malicious; tier1Malicious=0; 16 tier-1 engines (Kaspersky, Microsoft, BitDefender, ESET-NOD32, Fortinet, Avast, Avira, AVG, DrWeb, Emsisoft, F-Secure, GData, Ikarus failure) reporting undetected
prevalence.classification='rare_new' (2 submitters, 2 submissions, 0 days old) — minimal distribution but no detections
No sandbox verdict, no dropped children, no malicious contacted hosts, no external intel hits (CIRCL, MalwareBazaar, YARAify all false)
File is unsigned, 51 bytes, JSON type — minimal attack surface; filename mismatch (claims .rar but is JSON) suggests either mislabeled sample or benign test artifact
triggeredHeuristics=[] (empty); no adversarial input flags; no brand mismatch — no evidence of evasion or spoofing
- 16 tier-1 antivirus engines (Kaspersky, Microsoft, BitDefender, ESET-NOD32, Fortinet, Avast, Avira, AVG, DrWeb, Emsisoft, F-Secure, GData) all report undetected
- Zero malicious detections across 61 reporting engines
- No sandbox execution data, no dropped children, no malicious contacted hosts
- No external intelligence hits (CIRCL, MalwareBazaar, YARAify all negative)
- No triggered heuristics, no adversarial input flags, no brand mismatch
This file is safe to handle. The complete absence of detections across a broad tier-1 antivirus network, combined with zero behavioral or external threat intelligence signals, indicates no malware risk. If the filename or submission context raises questions, verify the source and intended use.
0 detections across 75 engines
How often this file shows up in the wild
Barely seen in the wild and first surfaced recently. This is the footprint of targeted malware the AV industry hasn't signatured yet — extra scrutiny is warranted.
Forensic fingerprint
- File name
- F1-22-SteamRIP.com.rar
- Size
- 51 B
- MIME type
- (unknown)
- Detected type
- JSON
- SHA-256
- 957d1d6645c4bdecc052ed1f0afc424d672d166e81ce389d2f0c8d22aa68ca9b
- MD5
- cb78707251eee1b13e515ba11464276f
- SHA-1
- 2500f1e9ee44f513fd1f0de9f86d3aaf3d995879
- First seen (VT)
- 6/28/2026, 7:53:24 AM
- Last analysis (VT)
- 6/28/2026, 7:53:24 AM
- First scan (MalwareTips)
- 6/28/2026, 7:54:34 AM
- Last scan (MalwareTips)
- 6/28/2026, 7:54:37 AM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.