Safe
Unsigned Opera GX installer; 16 tier-1 engines silent; no malicious behaviour detected; consistent with legitimate software.
f20c5bb658df9daa39…81a810ca44The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The sample exhibits a clean profile across all major detection vectors. Tier-1 engines (Kaspersky, BitDefender, ESET-NOD32, Fortinet, Avast, AVG, Avira, DrWeb, Emsisoft, F-Secure, GData, Ikarus) all report undetected or silent, with zero malicious consensus. The filename 'OperaGXSetup (1).exe' aligns with Opera GX's legitimate installer naming convention, and the installer hint in filename analysis supports this classification. Although unsigned and newly submitted (rare_new), this is typical for fresh legitimate software that has not yet accumulated reputation data. PE analysis shows normal entropy distribution across sections without indicators of packing or obfuscation. No external intelligence sources (CIRCL, MalwareBazaar, YARAify) flagged the sample, and no malicious runtime behaviour was recorded.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
tier1Malicious=0; 16 tier-1 engines (Kaspersky, BitDefender, ESET-NOD32, Fortinet, Avast, AVG, Avira, DrWeb, Emsisoft, F-Secure, GData, Ikarus) all undetected or silent
Unsigned but filename 'OperaGXSetup (1).exe' matches legitimate Opera GX browser installer; hasInstallerHint=true
rare_new classification (1 submission, 0 days old) is expected for fresh legitimate software; no reputation yet but no malicious signals
PE entropy 7.999939 with highEntropyCode=false and likelyPacked=false; section entropy normal (.text=6.61, .rdata=4.61) — consistent with legitimate compiled code
No sandbox verdicts, no dropped children, no malicious host contact, no external intel hits (CIRCL, MalwareBazaar, YARAify all negative)
- 16 tier-1 antivirus engines (Kaspersky, BitDefender, ESET-NOD32, Fortinet, Avast, AVG, Avira, DrWeb, Emsisoft, F-Secure, GData, Ikarus) all undetected
- Filename matches legitimate Opera GX installer pattern
- PE entropy and section analysis consistent with legitimate compiled code
- No malicious sandbox verdicts, dropped children, or host contact
- No external intelligence hits (CIRCL, MalwareBazaar, YARAify negative)
This file is consistent with a legitimate Opera GX browser installer. If obtained from Opera's official website or a trusted distribution channel, it is safe to install. Verify the source if downloaded from an untrusted location.
0 detections across 75 engines
Section entropy & packers
Section-level entropy and packer detection from the PE header. Nothing suspicious here — entropy is within the normal range for unpacked code.
How often this file shows up in the wild
Barely seen in the wild and first surfaced recently. This is the footprint of targeted malware the AV industry hasn't signatured yet — extra scrutiny is warranted.
Forensic fingerprint
- File name
- OperaGXSetup (1).exe
- Size
- 3.94 MB
- MIME type
- application/x-msdownload
- Detected type
- Win32 EXE
- SHA-256
- f20c5bb658df9daa39eb094e131db6f7ec4d6a479843d7a81879c781a810ca44
- MD5
- c4d3700661dfbd812fcffa7ad59c9c81
- SHA-1
- 8166396aaea4d8f3b7c54048ea3516c7bac639eb
- PE imphash
- e59d00b0d90522ee1a983f13d4ff7e50
- First seen (VT)
- 6/11/2026, 10:46:53 AM
- Last analysis (VT)
- 6/11/2026, 10:46:53 AM
- First scan (MalwareTips)
- 6/11/2026, 10:48:06 AM
- Last scan (MalwareTips)
- 6/11/2026, 10:48:06 AM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.