Safe
Zero engine detections on a 3-year-old Android APK despite one direct-IP heuristic flag.
a18f41b93e21e7c1bf…f03586bb02The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The complete absence of malicious engine detections across tier-1 and tier-2 vendors is the dominant signal. The single triggered heuristic on direct-IP usage is noteworthy but not corroborated by sandbox results, dropped files, or external intelligence. Unsigned status and the heuristic together keep the file from a perfect clean score, yet the age and submission volume argue against active malice.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines: 0 malicious out of 74 total, tier1Malicious=0
behaviour.contactedIps: 5.255.255.77 and 87.250.250.120 with zero domains
triggeredHeuristics[0].rule: MalwareTips.Synth.DirectIpC2 fired true
signing.signed: false, prevalence.classification: medium
externalIntel.yaraify.ruleCount: 0, circl.hit: false
- Zero engine detections
- Medium prevalence over 1179 days
- No sandbox or external-intel malicious signals
- Unsigned APK
- Direct IP contact without DNS (heuristic trigger)
The file can be considered safe for use provided it originates from a trusted distribution channel and device security settings are kept current.
YARA + heuristic rules that fired
One or more medium-severity heuristic rules matched. Not definitive, but the patterns match known malware behaviour.
Sample contacted 2 external IP address(es) and zero domains. Benign software virtually always uses DNS; no-DNS direct-IP C2 is a strong malware indicator because it bypasses reputation systems and dodges domain-based blocklists.
Evidence5.255.255.77 · 87.250.250.120
0 detections across 74 engines
How often this file shows up in the wild
Moderate prevalence — neither rare nor common. No strong prior applies.
Forensic fingerprint
- File name
- android-comfastie4mlg-142.apk
- Size
- 66.40 MB
- MIME type
- (unknown)
- Detected type
- Android
- SHA-256
- a18f41b93e21e7c1bf2bbb0df5084362bac85ce9db6e75c78e2921f03586bb02
- MD5
- 6358a2bcf2df49620d63eeb51cc1ab27
- SHA-1
- bf375a9959d075ff7d782ce8abe0014c291bc260
- First seen (VT)
- 4/12/2023, 12:31:43 AM
- Last analysis (VT)
- 4/12/2023, 12:31:43 AM
- First scan (MalwareTips)
- 7/4/2026, 4:50:09 AM
- Last scan (MalwareTips)
- 7/4/2026, 4:50:09 AM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.