Safe
Registry file with universal engine silence, common prevalence, and no malicious indicators across 61 reporting engines.
c13194d748d3c0549d…33948e7f60The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The file exhibits a clean profile across all detection channels. Zero malicious detections from any engine tier, combined with common_old prevalence (147 submitters, 155 submissions), indicates this is an established benign artifact. The .reg extension and minimal 300-byte size are consistent with a Windows registry import/export file, not executable malware. Unsigned status is normal for registry files. No external intelligence (CIRCL, YARAify, MalwareBazaar) corroborates any threat. The absence of any heuristic triggers or behaviour data, paired with universal tier-1 engine silence, rules out both known and novel malware.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines.tier1Malicious=0; tier1ReportedClean=17 (Avast, AVG, Avira, BitDefender, DrWeb, Emsisoft, ESET-NOD32, F-Secure, Fortinet, GData, Ikarus, Kaspersky, Microsoft all undetected)
prevalence.classification='common_old' with 147 unique submitters and 155 submissions — established benign prevalence
engines.malicious=0, engines.suspicious=0, onlyLowTrustFlagging=false — no detections across any trust tier
signing.verified=false, unsigned file; no signer history; no brand mismatch — clean metadata
externalIntel: circl.hit=false, yaraify.ruleCount=0, malwareBazaar.hit=false — no researcher corroboration of malice
- Universal tier-1 engine silence (17 tier-1 vendors undetected)
- Common_old prevalence (147 submitters, 155 submissions over 246 days)
- No external intelligence corroboration (CIRCL, YARAify, MalwareBazaar all negative)
- Minimal file size (300 bytes) consistent with benign registry artifact
- No sandbox, behaviour, or host-contact malice signals
This file is safe. No further analysis or remediation is needed. If flagged by legacy security tools, update your antivirus definitions or whitelist this known-benign registry file.
0 detections across 75 engines
How often this file shows up in the wild
Widely seen in the wild for a long time. High prior this is legitimate; isolated detections on common-old files are usually false positives.
Forensic fingerprint
- File name
- Xpand!2.reg
- Size
- 300 B
- MIME type
- (unknown)
- Detected type
- unknown
- SHA-256
- c13194d748d3c0549d1757d0c3cbbca5ec529dd81b26b2abc18be233948e7f60
- MD5
- 3e08e949f4f183efc4a43a858adda568
- SHA-1
- 8ef2eb0699cb7804005179927e3f741394d26e77
- First seen (VT)
- 10/26/2025, 4:05:05 PM
- Last analysis (VT)
- 6/12/2026, 5:19:59 PM
- First scan (MalwareTips)
- 6/29/2026, 9:47:58 AM
- Last scan (MalwareTips)
- 6/29/2026, 9:47:58 AM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.