4ecf50309709f19a04bca14320cc64a6

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2019-Aug-18 00:46:47
CompanyName Arctium WoW Client Launcher
FileDescription Arctium WoW Client Launcher
FileVersion 1.0.0.0
InternalName Arctium WoW Client Launcher.exe
LegalCopyright
OriginalFilename Arctium WoW Client Launcher.exe
ProductName Arctium WoW Client Launcher
ProductVersion 1.0.0
Assembly Version 1.0.0.0

Plugin Output

Suspicious The PE is possibly packed. The PE only has 0 import(s).
Suspicious VirusTotal score: 2/69 (Scanned on 2019-09-13 04:47:06) APEX: Malicious
CrowdStrike: win/malicious_confidence_80% (W)

Hashes

MD5 4ecf50309709f19a04bca14320cc64a6
SHA1 71dd10c86f9b96550855b74274e79609757e8097
SHA256 f4e5700cbbb007c5ff1eaa613172ca8c7700a729324d15bcd63446ced0e01934
SHA3 0a10a9389f6040cc968580b52752faeed2230c426c6f81226237b101c360f859
SSDeep 49152:LOI89vBGr3Vcr5ho+ohmMxqLGejNTL/eDy677z5rUKgCyUOEddbiwklXymP5r0L:LVNI5h5oPtejNnGx75OEYXvJ0LRLa
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 2
TimeDateStamp 2019-Aug-18 00:46:47
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 11.0
SizeOfCode 0x2f6000
SizeOfInitializedData 0x27e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000000000 (Section: ?)
BaseOfCode 0x2000
ImageBase 0x140000000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x320000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x400000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x2000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 b65ea5131c238e4cfc266f88a80580f4
SHA1 8f40f6c15b79a3043733fef6071b8af3d1f1db79
SHA256 a016282237f728f763d46f2849cd10e537ba898ca9f2fca8885429b4c8d0e203
SHA3 ea074e8dcab7a2c58e6410840f71dfc07926a53e5135cd69aac0c3dbab88aa80
VirtualSize 0x2f5e2c
VirtualAddress 0x2000
SizeOfRawData 0x2f6000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.99972

.rsrc

MD5 e1b38ce2e81a9c3d7a1145374514e91d
SHA1 d5b82e618a630a4522722d39e2b02a0cfb3eb3c2
SHA256 22343604d34246c99dd6a5c4a354d55a4731aa85ee3b200e0284116eebb544a6
SHA3 3ccd7ffbfe001098136d7b59a8b8fbd90d54b94a02ec7a2babefbd1fef1b2916
VirtualSize 0x27c10
VirtualAddress 0x2f8000
SizeOfRawData 0x27e00
PointerToRawData 0x2f6200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.87395

Imports

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xef25
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.98883
Detected Filetype PNG graphic file
MD5 87975fd8f80216e3fe71d3571c6e6ab6
SHA1 2c81bdc2ae3a28d0b8ea171a0fce4733e2fa8e3f
SHA256 4145a01cbe13754670a518a56e1b28e034c04e71a6264b357978737a9984e7f2
SHA3 994397fdfc88d7395695595bbc9bbea55fcca189d7161a213abfc93522947975

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.77727
MD5 cb0ff73970fc3a48aa7046b4e344619e
SHA1 437e9bb3aaa00ac0693840fe1df18f086e78aeb4
SHA256 646395e6e8507d19eca84f6fd2383627f3b730d4f46a65c33ff32eebd91074a7
SHA3 7f3ed104d415ef75880b6218940053bb88e9016704e80c797d8bda101f0b2109

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.06567
MD5 c838fef7038e474001e6db73826dd450
SHA1 08bd384beae97c7d8b76a76821f2cea84df8c477
SHA256 d9f9c5a08a29e00145bcb1f6e12e6fcfa9c23098581a4fe398540fd1e64b3de9
SHA3 f88bed68ebfe6a8e27a2f7b930235977094796805cec3810a0d5d8136afb885d

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.30225
MD5 cae14f600365eb413e61d0ba5dd2d4b7
SHA1 33ead27b2f8a4b5171dfd00037ccb6cd286f22fc
SHA256 8c7cef7ff6fc7280c9aaa069b93328a6245e0e4debc8c60117a7645ecc7ab6d1
SHA3 be355646cd41629ee357828701c4da966963e7fe76b2ffcf92a46b41664354bf

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.4528
MD5 8a3173a78a91c312deef001449d6233c
SHA1 c90abc8359267e8ac7cb0536af9c0023930ed25e
SHA256 9ab04bd0be804f5283164e5977147b081ffe943eeaaebce283b72d01cf4c4262
SHA3 b7a88c8e9192f7caa5deafa44315e3ef6f0cb2456c313ed7b7ceb38fb62ffc66

6

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.82844
MD5 69e8c784f25f39d7da1cd4f258a200a2
SHA1 0df6341e8b1723a00bc95595c1428c88563d464d
SHA256 ce0f456ec13e5f2903ed0f27d275f0aecb0c1fde28839afba490a505463aab25
SHA3 7d37586b7636f693d532f4df821b6a6f55d28ebb500a4d19f06d508429aa2dd3

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.77685
Detected Filetype Icon file
MD5 d72c62e10eb3b611a053db381158e17b
SHA1 0fa37b55e48bf3cebece0bbc220015998fee7c7a
SHA256 123af48f967c1456e2a87bd8fd22c43148dc559f7026a144661d2d9f3b7b0efd
SHA3 9f5798a510312995cb7f5c25f197badc02a4e59bf88c4a9059cb0c502b693079

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x374
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.3016
MD5 bb7090f7c00bb1a2f9d556d119bdc814
SHA1 97492f0129923b35e837e51ab2abfa5099c63810
SHA256 bd31c4b2a900b91ad7085838fa1ff49a0633811ac672d5bc1e05cad7958022e2
SHA3 188451ed466a5cc2ea79f13877c9a65217cf455cc5aaf62c5b80c248f067041c

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName Arctium WoW Client Launcher
FileDescription Arctium WoW Client Launcher
FileVersion (#2) 1.0.0.0
InternalName Arctium WoW Client Launcher.exe
LegalCopyright
OriginalFilename Arctium WoW Client Launcher.exe
ProductName Arctium WoW Client Launcher
ProductVersion (#2) 1.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->