Safe
Zero engine detections and clean sandbox verdict outweigh isolated MITRE technique flags in an unsigned JAR.
e59dc7e7f388fb8d50…bc17f7ef43The reasoning behind this verdict
The MT AI Engine weighs every signal from this scan — antivirus detections, sandbox behaviour, code signing, prevalence and historical matches — to reach a single, evidence-based verdict.
The complete absence of malicious engine detections across 17 tier-1 engines and 65 total reporters is the dominant signal. Sandbox analysis recorded T1055, T1543.002 and T1562.001 but returned no malicious verdict and no malicious host or child artefacts. The file is an unsigned JAR with medium prevalence and no external-intel hits. The single triggered heuristic references a Java command line that matches the observed ambient behaviour rather than a confirmed exploit chain. These factors together support a safe classification.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines.tier1Malicious=0 and engines.malicious=0 across 17 tier-1 engines (Avast, AVG, Avira, BitDefender, DrWeb, Emsisoft, ESET-NOD32, F-Secure, Fortinet, GData, Ikarus, Kaspersky, Microsoft)
behaviour.hasMaliciousSandboxVerdict=false despite sandboxCount=1 and offensiveTechniques=["T1055","T1543.002","T1562.001"]
triggeredHeuristics[0].rule=MalwareTips.Synth.ProcessInjection with evidence referencing Java command line only
prevalence.classification=medium and droppedChildren.rollup.malicious=0 across 9 children
- Zero malicious detections from 17 tier-1 engines
- No malicious sandbox verdict
- No malicious dropped children or contacted hosts
- Unsigned JAR
- Process-injection technique observed in sandbox
Treat as safe for normal use; re-scan if the file is updated or if new detections appear in our antivirus network.
What to do now
This file looks safe based on everything we checked.
This file is safe to use.
Good habit: only download files from the official website or an app store.
Keep your antivirus and Windows updates switched on so you stay protected.
What this file did when executed
This file was detonated in 1 sandbox and its runtime behaviour was observed.
Adversary techniques mapped to the MITRE ATT&CK framework.
- C:\Users\<USER>\AppData\Local\Temp\hsperfdata_<USER>\4180
- C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
- C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c8786.timestamp
- C:\Users\user\AppData\Local\Temp\hsperfdata_user
- C:\Users\user\AppData\Local\Temp\hsperfdata_user\7132
- C:\Users\user\AppData\Local\Temp\hsperfdata_user\5580
- /tmp/hsperfdata_root/3549
Files this sample writes at runtime
This file drops 9 children at runtime. None are currently flagged malicious in our cache.
- 9e337a2a1f113a16b827…d069a4Never scannednever seen before
- 99577f1a667ef5d26863…3cc98bNever scannednever seen before
- 2830389d73420920f0c4…e981e0Never scannednever seen before
- b468bf508c1b034631c5…457d6eNever scannednever seen before
- d87c5f3cdfb5b7c0510e…1ade9eNever scannednever seen before
- 61625fd8b084f70f242d…55abd2Never scannednever seen before
- 50c82f36208ed8040447…2d7843Never scannednever seen before
- 8e8711854186c68e2368…4a3c7cNever scannednever seen before
- 759aafcfa2395ce1b800…2af0f7Never scannednever seen before
YARA & heuristic rule matches
A researcher-curated or high-severity heuristic rule matched this sample. These rules target specific malware families and are near-definitive.
MITRE T1055 (Process Injection) observed — CreateRemoteThread / APC / reflective-DLL injection. The payload is being smuggled into a legitimate process to bypass AV hooks.
Evidence"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\<USER>\Desktop\download.jar"
0 detections across 74 engines
How widely this file has been seen
Moderate prevalence — neither rare nor common. No strong prior applies.
Forensic fingerprint
- File name
- com.qqlabs.minimalistlauncher_1.21.6v224-224_7dpi_24lang_f3e87371a29b2ecbbb04b5d8e321d287_apkmirror.com.apkm
- Size
- 23.65 MB
- MIME type
- (unknown)
- Detected type
- JAR
- SHA-256
- e59dc7e7f388fb8d50ccc91677dc5082d4292ce0cfb0e5b1e6a5dfbc17f7ef43
- MD5
- 454112682bcba935cd21190899636dde
- SHA-1
- 56619f4a773213944390564eb64b825abbc52240
- First seen (VT)
- 6/24/2026, 9:38:48 PM
- Last analysis (VT)
- 6/24/2026, 9:38:48 PM
- First scan (MalwareTips)
- 7/14/2026, 10:33:57 AM
- Last scan (MalwareTips)
- 7/14/2026, 10:33:57 AM
Safety FAQ
Common questions about com.qqlabs.minimalistlauncher_1.21.6v224-224_7dpi_24lang_f3e87371a29b2ecbbb04b5d8e321d287_apkmirror.com.apkm, answered from the scan data above.
- com.qqlabs.minimalistlauncher_1.21.6v224-224_7dpi_24lang_f3e87371a29b2ecbbb04b5d8e321d287_apkmirror.com.apkm appears safe. 74 of 74 antivirus engines report it clean. As a habit, only open files you downloaded from the official source, since attackers sometimes distribute trojanised copies of legitimate software under the same name.
- com.qqlabs.minimalistlauncher_1.21.6v224-224_7dpi_24lang_f3e87371a29b2ecbbb04b5d8e321d287_apkmirror.com.apkm is a file, about 23.6 MB. Our analysis found no threat indicators for it. A file's name can be reused by different files, so we identify it by its cryptographic hash (below).
- None — all 74 antivirus engines we queried report com.qqlabs.minimalistlauncher_1.21.6v224-224_7dpi_24lang_f3e87371a29b2ecbbb04b5d8e321d287_apkmirror.com.apkm as clean. That's reassuring, though brand-new malware can briefly evade detection before vendors add signatures, so we also weigh the file's behaviour and reputation.
- The SHA-256 hash of com.qqlabs.minimalistlauncher_1.21.6v224-224_7dpi_24lang_f3e87371a29b2ecbbb04b5d8e321d287_apkmirror.com.apkm is e59dc7e7f388fb8d50ccc91677dc5082d4292ce0cfb0e5b1e6a5dfbc17f7ef43, and its MD5 is 454112682bcba935cd21190899636dde. This hash is the file's unique fingerprint — two files with the same SHA-256 are identical. Use it to confirm you're looking at exactly this file (not just one with the same name) when comparing against antivirus databases or a download's published checksum.
- Based on this scan, yes — com.qqlabs.minimalistlauncher_1.21.6v224-224_7dpi_24lang_f3e87371a29b2ecbbb04b5d8e321d287_apkmirror.com.apkm shows no threat indicators. The important caveat is source: make sure you downloaded it from the official website or a trusted store, because attackers sometimes distribute malware-laced copies under a legitimate file's name. If your own antivirus flags it while we report it clean, that is most often a false positive, but verify the source before overriding your antivirus.
- This report reflects the scan run on July 14, 2026. Because a file's hash never changes, the identity of com.qqlabs.minimalistlauncher_1.21.6v224-224_7dpi_24lang_f3e87371a29b2ecbbb04b5d8e321d287_apkmirror.com.apkm is fixed — but antivirus coverage improves over time, so a file that looks clean today can pick up detections later (and vice-versa). If you need the latest picture, MalwareTips staff can re-run the analysis from scratch.
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.