× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de7a215e0f11e3bb9ed6013cd6abde5cb7423a06d07be4d8a90485272b57db33
File name: WoWLauncher.exe
Detection ratio: 1 / 44
Analysis date: 2012-10-24 17:10:33 UTC ( 5 years, 1 month ago )
Antivirus Result Update
CAT-QuickHeal (Suspicious) - DNAScan 20121023
Yandex 20121023
AhnLab-V3 20121024
AntiVir 20121024
Antiy-AVL 20121024
Avast 20121024
AVG 20121024
BitDefender 20121024
ByteHero 20121019
ClamAV 20121024
Commtouch 20121024
Comodo 20121024
DrWeb 20121024
Emsisoft 20121024
eSafe 20121017
ESET-NOD32 20121024
F-Prot 20121024
F-Secure 20121024
Fortinet 20121024
GData 20121024
Ikarus 20121024
Jiangmin 20121024
K7AntiVirus 20121024
Kaspersky 20121024
Kingsoft 20121008
McAfee 20121024
McAfee-GW-Edition 20121024
Microsoft 20121024
eScan 20121024
Norman 20121024
nProtect 20121024
Panda 20121024
PCTools 20121022
Rising 20121024
Sophos AV 20121024
SUPERAntiSpyware 20121024
Symantec 20121024
TheHacker 20121024
TotalDefense 20121024
TrendMicro 20121024
TrendMicro-HouseCall 20121024
VBA32 20121023
VIPRE 20121024
ViRobot 20121024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-24 17:09:16
Entry Point 0x00028470
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
Ord(15)
Ord(14)
Ord(17)
Ord(13)
SetBkMode
CreateSolidBrush
GetStockObject
SetTextColor
GetLastError
HeapFree
GetSystemTimeAsFileTime
lstrlenA
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
GetFileAttributesW
GetCurrentProcess
WideCharToMultiByte
LoadLibraryExW
MultiByteToWideChar
DeleteFileW
GetProcAddress
GetProcessHeap
GetTickCount64
RemoveDirectoryW
RaiseException
CreateThread
GetModuleFileNameW
FindNextFileW
CloseHandle
IsProcessorFeaturePresent
FindFirstFileW
DecodePointer
GetModuleHandleW
TerminateProcess
ResumeThread
CreateFileW
VirtualQuery
CreateProcessW
FindClose
MoveFileW
HeapAlloc
GetCurrentThreadId
?_Xout_of_range@std@@YAXPBD@Z
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
??1_Lockit@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
??0_Lockit@std@@QAE@H@Z
?_Syserror_map@std@@YAPBDH@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPBDH@Z
strncmp
_purecall
_lock
sscanf
??1type_info@@UAE@XZ
__crtTerminateProcess
memset
fclose
strcat
wcscat
__getmainargs
isdigit
_controlfp_s
_CRT_RTC_INITW
wcsrchr
wcscpy_s
_invoke_watson
_CrtDbgReportW
fread
_onexit
_fmode
strncpy
_cexit
_wcsdup
isalnum
??2@YAPAXI@Z
strlen
fseek
_amsg_exit
memcpy
wcslen
wcscmp
ftell
strcpy
exit
sprintf
_commode
_CrtSetCheckCount
_strdup
__setusermatherr
_initterm_e
wcsncpy
??_V@YAXPAX@Z
_acmdln
_CxxThrowException
_ismbblead
tolower
?terminate@@YAXXZ
_unlock
_crt_debugger_hook
rewind
??3@YAXPAX@Z
free
_msize
_configthreadlocale
_except_handler4_common
atoi
__dllonexit
__CxxFrameHandler3
wcstoul
_wfopen
_exit
_XcptFilter
__crtUnhandledException
_swprintf
__crtGetShowWindowMode
memmove
mbstowcs
wcstombs
_wmakepath_s
_invalid_parameter
swscanf
wcscpy
_vswprintf_c_l
_calloc_dbg
__crtSetUnhandledExceptionFilter
wcsstr
fwrite
_wsplitpath_s
_initterm
strcmp
_wchmod
__set_app_type
SHGetPathFromIDListW
SHBrowseForFolderW
SetFocus
RegisterWindowMessageW
UpdateWindow
PostQuitMessage
DefWindowProcW
GetMessageW
ShowWindow
GetSystemMetrics
MessageBoxW
EnableWindow
TranslateMessage
PostMessageW
GetSysColor
DispatchMessageW
SendMessageW
wsprintfW
LoadImageW
LoadCursorW
LoadIconW
CreateWindowExW
RegisterClassExW
DestroyWindow
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Ord(23)
Ord(16)
Ord(116)
Ord(4)
Ord(115)
Ord(52)
Ord(19)
Ord(9)
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_ICON 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.112.1150

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
68096

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2012

FileVersion
1.2.112.1150

TimeStamp
2012:10:24 18:09:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WoWLauncher

ProductVersion
1.2.112.1150

FileDescription
World of Warcraft Launcher

OSVersion
6.0

OriginalFilename
WoWLauncher.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Recelate Studios

CodeSize
193024

ProductName
World of Warcraft Launcher Application

ProductVersionNumber
1.2.112.1150

EntryPoint
0x28470

ObjectFileType
Executable application

File identification
MD5 96432070fe51ef8c0144708d5a996e36
SHA1 c8aa759e7daae039d3cd8f4dc33b5bd457191f7f
SHA256 de7a215e0f11e3bb9ed6013cd6abde5cb7423a06d07be4d8a90485272b57db33
ssdeep
3072:AR7TPOX8PZQgiXlmuZf2TQ+oIwWvXdqgeSb+kMIJilrrt+5CgpZk:AdPC8RQg2+oIwipH3MLN+5a

File size 255.0 KB ( 261120 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-10-24 17:10:33 UTC ( 5 years, 1 month ago )
Last submission 2012-10-24 17:10:33 UTC ( 5 years, 1 month ago )
File names WoWLauncher.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!