Suspicious
Unsigned 3.5 KB Win32 DLL with one tier-1 detection and one prior safe imphash match.
de532365f06ed36585…e02a0ac881The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The detection profile sits between low-trust FP and genuine threat: one tier-1 engine reports a named family while 65 engines remain silent. Absence of signing, sandbox data, and external intelligence leaves the sample in mixed-signals territory. The single similar-hash precedent leans safe but is insufficient to override the tier-1 label. Medium prevalence and long age argue against a brand-new malicious dropper yet do not confirm legitimacy.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines.tier1Malicious=1 (TrendMicro-HouseCall) with tier1FamilyConsensus.family=win64 (strong=false)
signing.signed=false and signerStats.found=false
similarHashes[0].verdict=safe (matchKind=imphash, reasonCode=ai:low_trust_engines_only)
prevalence.classification=medium (13 uniqueSources, 15 timesSubmitted)
- Only 4/70 engines flagged
- Prior imphash match received safe verdict
- No sandbox or network indicators
- Unsigned binary
- Tier-1 engine detection naming specific Trojan family
- Small file size with DLL extension
Quarantine the sample and perform dynamic analysis before any execution; avoid running unsigned DLLs from unknown origins.
tl0101dg26zh corroborated by 1 source
- VT (74 engines)tl0101dg26zh
4 detections across 74 engines
Section entropy & packers
Section-level entropy and packer detection from the PE header. Nothing suspicious here — entropy is within the normal range for unpacked code.
How often this file shows up in the wild
Moderate prevalence — neither rare nor common. No strong prior applies.
Forensic fingerprint
- File name
- 8pfrpl.exe
- Size
- 3.5 KB
- MIME type
- (unknown)
- Detected type
- Win32 DLL
- SHA-256
- de532365f06ed36585d37fda4e13c331f5cdc375d381950b8d473de02a0ac881
- MD5
- 1090cf0c2e5bfa1211f771ae6bbc88cd
- SHA-1
- 0218fb145270391a64279e6fc6f4e8b6be7c0600
- PE imphash
- 6e19abb36f191604c3793aee28e89b75
- First seen (VT)
- 3/8/2019, 1:42:29 AM
- Last analysis (VT)
- 6/30/2026, 11:07:22 PM
- First scan (MalwareTips)
- 7/3/2026, 9:53:40 AM
- Last scan (MalwareTips)
- 7/3/2026, 9:53:40 AM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.