× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e04a3791adc041d8b0751a92273457412cc8fe907575e5b33872d3dae92a9463
File name: WoWLauncher.exe
Detection ratio: 0 / 44
Analysis date: 2012-10-28 15:46:00 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Yandex 20121028
AhnLab-V3 20121028
AntiVir 20121028
Antiy-AVL 20121027
Avast 20121028
AVG 20121028
BitDefender 20121028
ByteHero 20121025
CAT-QuickHeal 20121028
ClamAV 20121028
Commtouch 20121028
Comodo 20121028
DrWeb 20121028
Emsisoft 20121028
eSafe 20121017
ESET-NOD32 20121028
F-Prot 20121028
F-Secure 20121028
Fortinet 20121028
GData 20121028
Ikarus 20121028
Jiangmin 20121028
K7AntiVirus 20121027
Kaspersky 20121028
Kingsoft 20121028
McAfee 20121028
McAfee-GW-Edition 20121028
Microsoft 20121028
eScan 20121028
Norman 20121028
nProtect 20121028
Panda 20121028
PCTools 20121028
Rising 20121025
Sophos AV 20121028
SUPERAntiSpyware 20121028
Symantec 20121028
TheHacker 20121025
TotalDefense 20121028
TrendMicro 20121028
TrendMicro-HouseCall 20121028
VBA32 20121026
VIPRE 20121028
ViRobot 20121028
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-28 15:44:27
Entry Point 0x0000CF52
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
Ord(15)
Ord(14)
Ord(17)
Ord(13)
SetBkMode
CreateSolidBrush
GetStockObject
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
ReadFile
SetHandleCount
RemoveDirectoryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetFileAttributesW
RtlUnwind
LoadLibraryA
RaiseException
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
DeleteFileW
GetProcAddress
LeaveCriticalSection
TlsFree
GetProcessHeap
SetStdHandle
SetFileAttributesW
CreateThread
GetModuleFileNameW
GetStringTypeA
SetFilePointer
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
FindFirstFileW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
TerminateProcess
ResumeThread
GetModuleFileNameA
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
CreateProcessW
FindClose
InterlockedDecrement
Sleep
MoveFileW
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
VirtualFree
VirtualAlloc
WriteConsoleW
InterlockedIncrement
SHGetPathFromIDListW
SHBrowseForFolderW
SetFocus
RegisterWindowMessageW
UpdateWindow
PostQuitMessage
DefWindowProcW
GetMessageW
ShowWindow
GetSystemMetrics
MessageBoxW
EnableWindow
TranslateMessage
PostMessageW
GetSysColor
DispatchMessageW
SendMessageW
wsprintfW
LoadImageW
LoadCursorW
LoadIconW
CreateWindowExW
RegisterClassExW
DestroyWindow
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Ord(23)
Ord(16)
Ord(116)
Ord(4)
Ord(115)
Ord(52)
Ord(19)
Ord(9)
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_ICON 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.112.1150

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
52224

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2012

FileVersion
1.2.112.1150

TimeStamp
2012:10:28 15:44:27+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
WoWLauncher

ProductVersion
1.2.112.1150

FileDescription
World of Warcraft Launcher

OSVersion
5.0

OriginalFilename
WoWLauncher.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Recelate Studios

CodeSize
95744

ProductName
World of Warcraft Launcher Application

ProductVersionNumber
1.2.112.1150

EntryPoint
0xcf52

ObjectFileType
Executable application

File identification
MD5 152d6a74060981316a581570f51379d5
SHA1 8bfd70923d941e8bda949fd08197af1718c553aa
SHA256 e04a3791adc041d8b0751a92273457412cc8fe907575e5b33872d3dae92a9463
ssdeep
3072:sKGe5LDYM3JdTBZGuiSh3vp6iwUB+xK8k+5Y7I:NGe5LD93Pdi63vp6iT783d

File size 145.5 KB ( 148992 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-10-28 15:46:00 UTC ( 4 years, 10 months ago )
Last submission 2012-10-28 15:46:00 UTC ( 4 years, 10 months ago )
File names WoWLauncher.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Set keys
Deleted keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications