Malicious
14 tier-1 antivirus engines independently flagged this RAR archive as a trojan patcher/keygen tool with strong family consensus.
bd50ae2f1c5b54b6d9…e72c1c5422The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The evidence overwhelmingly supports a malicious classification. Fourteen tier-1 antivirus engines independently reported trojan detections, with five engines converging on the 'win32' family. The filename 'UNLOCKER_MODS.rar' paired with 'patcher' threat labeling and multiple HackTool detections (alibabacloud, Antiy-AVL, CAT-QuickHeal, Malwarebytes) indicate software-cracking or license-bypass tooling. The file is unsigned and has no legitimate signer history. Prevalence data shows this is a well-known malicious sample (206 unique submitters, 223 submissions since March 2023), not a rare new file. Community researchers independently scored it 8/10 threat severity. The tier-1 consensus is not driven by low-trust heuristics; it reflects established malware signatures from leading security vendors.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
tier1Malicious=14/17 tier-1 engines flagged malicious; tier1FamilyConsensus.strong=true (5 engines agreeing on 'win32' family)
BitDefender, Microsoft, Sophos, Avast, ESET-NOD32, TrendMicro all independently reported trojan/malware detections
Filename 'UNLOCKER_MODS.rar' + 'patcher' threat label + HackTool detections (alibabacloud, Antiy-AVL, CAT-QuickHeal, Malwarebytes) indicate software-cracking tooling
prevalence.classification='common_old' (206 submitters, 223 submissions since 2023-03-28) — established malware circulation, not a rare new sample
Community researcher (jaffacakes118) independently scored 8/10 threat severity and tagged #malware
- No adversarial filename injection or hidden unicode detected
- No brand mismatch — file does not impersonate a legitimate publisher
- 14 tier-1 antivirus engines report trojan/malware detections
- Filename and threat labels indicate software-cracking or keygen tooling
- File is unsigned with no legitimate signer history
- Widely circulated malware (206 submitters, 223 submissions since March 2023)
- Multiple HackTool detections across independent vendors
- Community researchers independently scored 8/10 threat severity
Block and quarantine this file immediately. Do not extract or execute the archive. If already downloaded, perform a full system scan and monitor for unauthorized software modifications or system changes.
patcher corroborated by 2 sources
- VT (75 engines)patcher
- MT AI EngineAgent Tesla
38 detections across 75 engines
How often this file shows up in the wild
Widely seen in the wild for a long time. High prior this is legitimate; isolated detections on common-old files are usually false positives.
Forensic fingerprint
- File name
- UNLOCKER_MODS.rar
- Size
- 18.26 MB
- MIME type
- (unknown)
- Detected type
- RAR
- SHA-256
- bd50ae2f1c5b54b6d935a81a02dee0eb3637801683332b3520c628e72c1c5422
- MD5
- be7343b14fae5a29f161f717cfd12612
- SHA-1
- 40ba8c3b3213999ec19c44dfc715d85e2f7062f1
- First seen (VT)
- 3/28/2023, 7:23:27 AM
- Last analysis (VT)
- 6/15/2026, 9:16:19 AM
- First scan (MalwareTips)
- 6/22/2026, 6:48:26 PM
- Last scan (MalwareTips)
- 6/22/2026, 6:48:26 PM
- Community reputation
- -9flagged
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.