home

prrdemo.exe

OfficeRecovery LLP

This is a setup program which is used to install the application. The file has been seen being downloaded from www.officerecovery.com.
Publisher:
OfficeRecovery LLP  (signed and verified)

MD5:
f981fa915a1e6d0fd72798e7d447bd96

SHA-1:
621e0871252bbb515331a7948d491c8f4c631c95

SHA-256:
84183a2416da29964d8795071ff31ba4c7088bd18726055a2b494acda3b0fff8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 8:16:27 PM UTC  (today)

File size:
1.7 MB (1,749,504 bytes)

File type:
Executable application (Win16 EXE)

Common path:
C:\users\{user}\downloads\prrdemo.exe

Digital Signature
Signed by:
OfficeRecovery LLP

Authority:
GoDaddy.com, Inc.

Valid from:
2/27/2014 2:06:40 PM

Valid to:
2/27/2015 2:06:40 PM

Subject:
CN=OfficeRecovery LLP, O=OfficeRecovery LLP, L=Edinburgh, C=GB

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B94F59EF33D15

File PE Metadata
OS version:
0.65534

OS bitness:
Win16

Linker version:
254.255

CTPH (ssdeep):
24576:Gq3+ZF65KNEJwyF159Z0pdEbLx3+4/wGvy3JX6yoOcwQGTg+N1ZKv1i:Gq3Okfdjqpd0F3+HDjoOcwQGvQv1i

Entry address:
0x1B0000

Entry point:
D0, CF, 11, E0, A1, B1, 1A, E1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 3E, 00, 03, 00, FE, FF, 09, 00, 06, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 1B, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 10, 00, 00, 02, 00, 00, 00, 02, 00, 00, 00, FE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 7F, 00, 00, 00, 00, 01, 00, 00, 7F, 01, 00, 00, 00, 02, 00, 00, 7F, 02, 00, 00, 00, 03, 00, 00, 7F, 03, 00, 00, 00, 04, 00, 00, 7F, 04, 00, 00, 00, 05, 00, 00, 7F, 05, 00, 00, 00, 06, 00, 00...
 
[+]

Code size:
384 KB (393,225 bytes)

The file prrdemo.exe has been seen being distributed by the following URL.

http://www.officerecovery.com/.../prrdemo.exe

Scan prrdemo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.