Suspicious
Single tier-1 backdoor detection without consensus; unsigned file; no behaviour or external corroboration available.
983b3aedb281deed97…2a235296abThe verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The sample presents a single tier-1 malicious detection (Kaspersky naming a specific backdoor family) against 16 tier-1 clean reports, yielding no strong family consensus. While Kaspersky is a trusted engine and the label is specific rather than generic heuristic, the absence of agreement from other tier-1 vendors and the complete lack of runtime behaviour data, external YARA rules, or malicious host contact prevent confident malicious classification. The unsigned status and medium prevalence (9 submitters, 10 submissions in 1 day) add uncertainty. This profile — one tier-1 hit, no consensus, no behaviour — sits in the suspicious zone pending additional evidence.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
Kaspersky (tier1) flagged 'Backdoor.Win64.Gsb.bww' — 1/64 reporting malicious
tier1FamilyConsensus.strong=false; only 1 tier-1 engine agrees; 16 tier-1 engines reported clean
Unsigned file with no signer history (signing.verified=null, signerStats.found=false)
No sandbox malicious verdict, no dropped children, no malicious host contact — behaviour unconfirmed
Prevalence=medium (9 submitters, 10 submissions); filename analysis shows looksLikePortable=true
- 16 tier-1 engines reported clean — no consensus malicious family
- No external YARA rules or CIRCL corroboration of malicious status
- No malicious host contact or dropped children observed
- Filename and archive structure consistent with modding/utility package
- Single tier-1 engine (Kaspersky) flagged as backdoor family
- Unsigned file with no publisher history or reputation
- No sandbox execution data to confirm or deny malicious behaviour
- Medium prevalence (9 submitters) — not rare, but not mainstream
Treat this file as suspicious pending further investigation. If obtained from an untrusted source, do not execute. If from a known modding community, verify source legitimacy and consider sandbox analysis to clarify the Kaspersky detection.
Backdoor.Win64.Gsb corroborated by 1 source
- MT AI EngineBackdoor.Win64.Gsb
1 detection across 75 engines
How often this file shows up in the wild
Moderate prevalence — neither rare nor common. No strong prior applies.
Forensic fingerprint
- File name
- Mod_Pack_x64.zip
- Size
- 1.15 MB
- MIME type
- (unknown)
- Detected type
- ZIP
- SHA-256
- 983b3aedb281deed97952841140141c67f9544d382f6ff72330d862a235296ab
- MD5
- 3e90ee4b9fa01f5424925b26609c8cfa
- SHA-1
- f704bcf936cb93434df50cd384a94e10aa4cb0a0
- First seen (VT)
- 6/27/2026, 1:20:22 PM
- Last analysis (VT)
- 6/27/2026, 1:20:22 PM
- First scan (MalwareTips)
- 6/28/2026, 3:54:06 AM
- Last scan (MalwareTips)
- 6/28/2026, 3:54:06 AM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.