Suspicious
Single tier-1 detection conflicts with 17 silent peer engines and community no-threat verdict; runtime behaviour clean.
c14ab1d2d1ed9c3a19…6c1bd5ee74The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The file presents a mixed-signal case. Ikarus (tier-1) names a specific family, 'Trojan.OSX.Spy', which normally carries weight. However, this detection stands alone: 17 peer tier-1 engines (Kaspersky, BitDefender, ESET, Avast, Fortinet, etc.) are silent, and Google's generic 'Detected' label provides no family corroboration. The community FileScan.IO analysis reports NO_THREAT with 100% confidence, noting only benign apple.com contact. Behaviour analysis reveals zero offensive MITRE techniques, zero malicious sandbox verdicts, and zero malicious dropped children. The file is old (May 2020) and unsigned, but the complete absence of malicious runtime indicators contradicts a malware classification. The tier-1 disagreement and community verdict suggest Ikarus may be flagging a false positive or an old sample with outdated signatures.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
Ikarus (tier1) flags 'Trojan.OSX.Spy' but 17/18 other tier-1 engines silent (Kaspersky, BitDefender, ESET, Avast, Fortinet, etc.)
Google (tier2) generic 'Detected' label; no named family; 59/61 engines undetected
FileScan.IO community verdict: NO_THREAT confidence 100/100; contacted only apple.com
Behaviour: 0 offensive MITRE, 0 malicious sandbox verdicts, 0 malicious dropped children, no malicious host contact
File age 2211 days (May 2020); filename matches legitimate Audirvana audio player product; medium prevalence (15 submitters)
- 17 peer tier-1 engines silent (Kaspersky, BitDefender, ESET, Avast, Fortinet, etc.)
- Community FileScan.IO analysis: NO_THREAT confidence 100/100
- Zero offensive MITRE techniques in behaviour analysis
- Zero malicious sandbox verdicts
- Filename matches legitimate Audirvana audio player product
- Single tier-1 engine (Ikarus) flags a named family (Trojan.OSX.Spy)
- File is unsigned
- File is old (May 2020) with potentially outdated detection signatures
- Generic tier-2 detection (Google) provides no family corroboration
The conflicting tier-1 signals and strong community no-threat verdict suggest this is likely a false positive. Verify the file source independently; if obtained from the official Audirvana website or a trusted distributor, it is safe to use.
Files this sample writes at runtime
This file drops 2 children at runtime. None are currently flagged malicious in our cache.
- 472d9a36d30d876b9290…45ab75Never scannednever seen before
- 45f8b43453cb19232902…c26817Never scannednever seen before
2 detections across 76 engines
How often this file shows up in the wild
Moderate prevalence — neither rare nor common. No strong prior applies.
Forensic fingerprint
- File name
- Audirvana 3.5.35 macOS.dmg
- Size
- 12.14 MB
- MIME type
- (unknown)
- Detected type
- Macintosh Disk Image
- SHA-256
- c14ab1d2d1ed9c3a19b708dab560e8eca03aca3b18098fe424a76e6c1bd5ee74
- MD5
- f27d6138c4356b9a557b44aeb56c2922
- SHA-1
- 77e63601e78460998ec36cbf22632a91b940d2ae
- First seen (VT)
- 5/24/2020, 5:05:51 AM
- Last analysis (VT)
- 10/23/2022, 3:35:58 AM
- First scan (MalwareTips)
- 6/13/2026, 2:59:51 AM
- Last scan (MalwareTips)
- 6/13/2026, 2:59:51 AM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.