Safe
Widely submitted, zero-engine-detection installer signed by Seth Flynn with clean sandbox behaviour.
f747a500d5f320f03e…1e5ed0e7e6The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
Zero detections across tier-1 and tier-2 engines combined with verified signing and medium prevalence strongly indicate a legitimate release. The single heuristic on direct-IP contact is outweighed by the absence of any malicious sandbox verdict or dropped malicious children. Community annotations further corroborate safety.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines: 0 malicious detections out of 74 engines
signing.verified=true, signer='Seth Flynn'
prevalence.classification=medium (3717 unique sources)
communityComments[0].text explicitly states 'Verdict: Clean Score: 0/100'
behaviour.hasMaliciousSandboxVerdict=false and droppedChildren.hasMaliciousChild=false
- Zero engine detections
- Verified digital signature
- Medium prevalence with thousands of submitters
- Clean sandbox and child-file results
Proceed with installation from a trusted source; the evidence supports a clean verdict.
What this file did when executed
This file was detonated in 1 sandbox and its runtime behaviour was observed.
Adversary techniques mapped to the MITRE ATT&CK framework.
- 23.220.200.9
- 185.199.110.153
- 104.18.20.213
- 162.159.36.2
- http://r13.c.lencr.org/67.crl
- https://i18n.prismlauncher.org/index_v2.json
- https://i18n.prismlauncher.org/1d0299385211211fdcd13e3c4151937e9f6e4c9a.class
- C:\Users\<USER>\AppData\Local\Temp\nseEF81.tmp\modern-wizard.bmp
- C:\Users\<USER>\AppData\Local\Temp\nseEF81.tmp\nsDialogs.dll
- C:\Users\<USER>\AppData\Local\Temp\nseEF81.tmp\System.dll
- C:\Users\<USER>\AppData\Local\Temp\nseEF81.tmp\nsExec.dll
- C:\Users\<USER>\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
- C:\Users\<USER>\AppData\Local\Temp\nseEF81.tmp\modern-wizard.bmp
- C:\Users\<USER>\AppData\Local\Temp\nseEF81.tmp\NScurl.dll
- C:\Users\<USER>\AppData\Local\Temp\nseEF81.tmp\nsDialogs.dll
- C:\Users\<USER>\AppData\Local\Temp\nseEF81.tmp\nsExec.dll
- C:\Users\<USER>\AppData\Local\Temp\nseEF81.tmp\System.dll
- cversions.3.m
- Local\SessionImmersiveColorMutex
- QtLockedFile mutex c:/users/bruno/appdata/local/temp/pl47d334e2f1af-lockfile
Files this sample writes at runtime
This file drops 10 children at runtime. None are currently flagged malicious in our cache.
- 2f7cb688a16d23e0ae1d…57513fNever scannednever seen before
- dfb9bec3d3cd007d0e56…329e95Never scannednever seen before
- 6ec07b7234d4cee6bae5…b3456eNever scannednever seen before
- 946d0f28a1ae8bfeeb73…93eea1Never scannednever seen before
- 220587b7473d8698d981…e5574cNever scannednever seen before
- d4628216ccd71009a078…d2366cNever scannednever seen before
- 2ac8b7c19a5189662de3…39f9caNever scannednever seen before
- 44c76290f7a2e45940e8…acbc8dNever scannednever seen before
- f9040715d72532f35a1c…ea5620Never scannednever seen before
- a145665acf1ae5ff753b…16f010Never scannednever seen before
YARA + heuristic rules that fired
One or more medium-severity heuristic rules matched. Not definitive, but the patterns match known malware behaviour.
Sample contacted 4 external IP address(es) and zero domains. Benign software virtually always uses DNS; no-DNS direct-IP C2 is a strong malware indicator because it bypasses reputation systems and dodges domain-based blocklists.
Evidence23.220.200.9 · 185.199.110.153 · 104.18.20.213
0 detections across 74 engines
Section entropy & packers
Section-level entropy and packer detection from the PE header. Nothing suspicious here — entropy is within the normal range for unpacked code.
How often this file shows up in the wild
Moderate prevalence — neither rare nor common. No strong prior applies.
Forensic fingerprint
- File name
- PrismLauncher-Windows-MSVC-Setup-11.0.2.exe
- Size
- 22.85 MB
- MIME type
- (unknown)
- Detected type
- Win32 EXE
- SHA-256
- f747a500d5f320f03e6d586b7b02a2ad9b4e20e9e3c049560653921e5ed0e7e6
- MD5
- c9e517768e6f765d72bce0bfa55d5540
- SHA-1
- 0a578425ed863b4d0b971a90331ea4ae2d3aecac
- PE imphash
- f4639a0b3116c2cfc71144b88a929cfd
- First seen (VT)
- 4/12/2026, 2:27:15 PM
- Last analysis (VT)
- 7/4/2026, 6:26:39 PM
- First scan (MalwareTips)
- 7/5/2026, 4:00:06 AM
- Last scan (MalwareTips)
- 7/5/2026, 4:00:06 AM
- Code signer
- Seth Flynnverified
- Community reputation
- +5trusted
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.