Manalyze report for 5509296563f63c7caef837db1efd73e5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Apr-24 01:30:06
Detected languages	Chinese - PRC Chinese - Taiwan English - United Kingdom English - United States French - France German - Germany Korean - Korea Process Default Language Russian - Russia Spanish - Mexico Spanish - Spain (Traditional sort)
Debug artifacts	D:\BuildServer\WoW\5\work\WoW-code\trunk\WoW\Bin\Wow.pdb
CompanyName	Blizzard Entertainment
FileDescription	World of Warcraft Retail
FileVersion	`4, 0, 0, 11927`
InternalName	World of Warcraft
LegalCopyright	Copyright © 2004
OriginalFilename	WoW.exe
ProductName	World of Warcraft
ProductVersion	`Version 4.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	Interesting strings found in the binary:	Contains domain names: Battle.net blizzard.com cn.kbase.blizzard.com eu.tracker.worldofwarcraft.com europe.com http://cn.kbase.blizzard.com http://cn.kbase.blizzard.com/kb/wow/ http://eu.tracker.worldofwarcraft.com http://support.worldofwarcraft.co.kr http://support.worldofwarcraft.co.kr/kb/ http://support.worldofwarcraft.com http://support.worldofwarcraft.com/kb/ http://support.wow-europe.com http://support.wow-europe.com/kb/ http://support.wowtaiwan.com.tw http://support.wowtaiwan.com.tw/kb/ http://us.tracker.worldofwarcraft.com http://www.blizzard.com http://www.w3.org http://www.w3.org/XML/1998/namespace kbase.blizzard.com logon.worldofwarcraft.com memtest86.com support.worldofwarcraft.com support.wow-europe.com support.wowtaiwan.com tracker.worldofwarcraft.com us.logon.worldofwarcraft.com us.tracker.worldofwarcraft.com worldofwarcraft.com wow-europe.com wowtaiwan.com www.blizzard.com www.lua.org www.memtest86.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .zdata` `Section .zdata is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegOpenKeyA RegCreateKeyExA RegSetValueExA RegFlushKey RegQueryValueExA RegOpenKeyExA RegCloseKey RegEnumKeyA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Uses Microsoft's cryptographic API: CryptAcquireContextA CryptGenRandom CryptReleaseContext` `Can create temporary files: CreateFileA GetTempPathA` `Uses functions commonly found in keyloggers: MapVirtualKeyA GetForegroundWindow CallNextHookEx GetAsyncKeyState` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetSetOptionA InternetConnectA InternetReadFileExA InternetOpenA InternetSetCookieA InternetCloseHandle InternetSetStatusCallback InternetSetStatusCallbackA InternetCrackUrlA` `Leverages the raw socket API to access the Internet: #15 #12 #108 #103 #6 #9 #21 #3 #111 #16 #5 #19 #23 #7 #10 #1 #4 #52 #11 #13 #2 #8 #115 #116 WSACloseEvent WSACreateEvent WSAEnumNetworkEvents WSAEventSelect #18 #151 #20 #17` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeA` `Changes object ACLs: SetSecurityInfo` `Can take screenshots: GetDC BitBlt CreateCompatibleDC` `Can use the microphone to record audio: waveInOpen`
Info	The PE is digitally signed.	`Signer: Blizzard Entertainment` `Issuer: Thawte Code Signing CA`
Safe	VirusTotal score: 0/42 (Scanned on 2010-08-25 00:23:28)	`All the AVs think this file is safe.`

Hashes

MD5	`5509296563f63c7caef837db1efd73e5`
SHA1	`27d61010d201d81c6c2bba7bc872c099255d9bd7`
SHA256	`11c68a0ad4c6dd61fe1c569d0bdfcf18b23eccb3e3aeecef8ae35db253444a85`
SHA3	`0602b77eb8e3558b0e34be4dbe961a4b518dafc04cafeea14cc5257d2700e3ad`
SSDeep	`98304:JFkYtfVD4pnNryT5wSXLDEWrojsurba1r/ZnizKRZyw:Hun5s5weroZe1rlZt`
Imports Hash	`102aff418c14a7db5f624d4639d70710`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2010-Apr-24 01:30:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x5ee000`
SizeOfInitializedData	`0x1b0400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001270 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5ef000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x9fb000`
SizeOfHeaders	`0x400`
Checksum	`0x7a09f5`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x16e360`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2bb2aa92c557fc5610e6ac63dbd8eb1e`
SHA1	`7550ee96eee59faf1af5152f4cc8c0b72f2f5407`
SHA256	`dd4fc88a31bbd8b5ff349a1a38cbc00da650adcf7c8ebf5e1cbfc5d2e40fb608`
SHA3	`efbc3a587529019cd35f839d9f53f78a894bf285052d764b9675c1652a3a918c`
VirtualSize	`0x5edf87`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5ee000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.69957`

.rdata

MD5	`542513092b5e45b59242b1ecdd73b5d7`
SHA1	`51a899fdac697029759c5a6445882acc04abeb74`
SHA256	`2bc573ba06f44f84f75e16c81dfe535129a44afe3e3f7e4f7f590d34ede7940d`
SHA3	`4b8f3f0b8ec2a5e0c946a90e52f82547b0a761de1cad72c4b423e520421f83b9`
VirtualSize	`0x9e740`
VirtualAddress	`0x5ef000`
SizeOfRawData	`0x9e800`
PointerToRawData	`0x5ee400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.05776`

.data

MD5	`44c50263bb59cea58497f7434e3cf791`
SHA1	`3008d8e5660dd8d182d6ca7b90e3ca7e8b9ff032`
SHA256	`ba1f4fc631bdecdaefee3df023f86f7509322878cfae9c8886b79892b2d27ad8`
SHA3	`77f8c83a30190d294b18f8f4611393e60b0b36198d528e0bbaadfe0bfdbaebac`
VirtualSize	`0x2e5e28`
VirtualAddress	`0x68e000`
SizeOfRawData	`0x8cc00`
PointerToRawData	`0x68cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.26834`

.zdata

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x1000`
VirtualAddress	`0x974000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x719800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x19`
VirtualAddress	`0x975000`
SizeOfRawData	`0x200`
PointerToRawData	`0x71a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`ea1985b435594111b311efa948e70063`
SHA1	`ba96451622b02c9fa4bad5c02aee8a018b9146d9`
SHA256	`c631a78ae2b3d5f7c48092ac6cbf4ef879a2b21bae752c5839354219fdcdf1f0`
SHA3	`dc11a2e3d60b5a0772f5f7ee8431961583b80c01dacd530562a2bcbf9605b4eb`
VirtualSize	`0x29bd4`
VirtualAddress	`0x976000`
SizeOfRawData	`0x29c00`
PointerToRawData	`0x71aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.22904`

.reloc

MD5	`8444df6c07229c801121bb6835571265`
SHA1	`df9e7fe6c4e9acbd7afa9926bcf1e8a4ef55e337`
SHA256	`10aace2a0a6037faaad5295a0e384b465c82cc70a88f638e18c50c07745fb26b`
SHA3	`a0f41218c9920305394642717c79bf92383c7cfb3ec7f4bfc815ebd4b8f9ed9a`
VirtualSize	`0x5a1f8`
VirtualAddress	`0x9a0000`
SizeOfRawData	`0x5a200`
PointerToRawData	`0x744600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.21143`

Imports

KERNEL32.dll	`GetConsoleMode` `GetConsoleCP` `SetFilePointer` `MulDiv` `OpenFile` `OpenFileMappingA` `CreateFileMappingA` `MapViewOfFile` `UnmapViewOfFile` `GetSystemDirectoryA` `DeviceIoControl` `GetLocaleInfoA` `GetDateFormatA` `GetTimeFormatA` `GetStringTypeA` `LCMapStringA` `HeapReAlloc` `VirtualAlloc` `HeapAlloc` `InitializeCriticalSectionAndSpinCount` `LoadLibraryA` `InterlockedExchange` `FreeLibrary` `EnterCriticalSection` `GetTimeZoneInformation` `RaiseException` `HeapSize` `VirtualQuery` `RtlUnwind` `GetOEMCP` `GetACP` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetTickCount` `QueryPerformanceCounter` `HeapFree` `VirtualFree` `HeapCreate` `GetCurrentThread` `InterlockedDecrement` `GetCurrentThreadId` `SetLastError` `InterlockedIncrement` `TlsFree` `TlsSetValue` `TlsAlloc` `TlsGetValue` `DeleteCriticalSection` `GetFileType` `SetHandleCount` `GetLastError` `GetEnvironmentStrings` `FreeEnvironmentStringsA` `SetStdHandle` `WriteConsoleA` `GetConsoleOutputCP` `CreateFileA` `CloseHandle` `FlushFileBuffers` `CompareStringA` `SetEnvironmentVariableA` `LeaveCriticalSection` `GetModuleFileNameA` `GetStdHandle` `GetDriveTypeA` `ExitThread` `GetFullPathNameA` `OpenThread` `SuspendThread` `GetThreadContext` `Thread32First` `Thread32Next` `lstrcpynA` `IsBadReadPtr` `ReleaseMutex` `CreateMutexA` `SetProcessAffinityMask` `OutputDebugStringA` `GetVersion` `GetExitCodeProcess` `GetProcessHeap` `WaitForMultipleObjectsEx` `WriteFileEx` `ReadFileEx` `CancelIo` `IsBadWritePtr` `LocalFree` `GetQueuedCompletionStatus` `CreateIoCompletionPort` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalUnlock` `VirtualProtect` `FlushInstructionCache` `GetLocalTime` `FormatMessageA` `GetWindowsDirectoryA` `GetCommandLineW` `GetPriorityClass` `SetPriorityClass` `GetProcessAffinityMask` `GlobalMemoryStatusEx` `WriteFile` `ExitProcess` `SetFileTime` `SetFileAttributesA` `SetEndOfFile` `RemoveDirectoryA` `CreateDirectoryA` `GetShortPathNameA` `GetDiskFreeSpaceExA` `Sleep` `GetModuleHandleA` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `GetStartupInfoA` `GetCommandLineA` `CreateEventA` `SetEvent` `ResetEvent` `WaitForMultipleObjects` `GetOverlappedResult` `ReadDirectoryChangesW` `GetVersionExA` `WaitForSingleObject` `InitializeCriticalSection` `CreateSemaphoreA` `ReleaseSemaphore` `GlobalMemoryStatus` `ResumeThread` `TerminateThread` `SetThreadPriority` `GetThreadPriority` `SignalObjectAndWait` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `SystemTimeToFileTime` `GetSystemInfo` `QueryPerformanceFrequency` `GetDiskFreeSpaceA` `CreateThread` `GetFileAttributesExA` `GetFileSize` `SetCurrentDirectoryA` `GetCurrentDirectoryA` `GetFileAttributesA` `MoveFileA` `DeleteFileA` `OpenEventA` `GetComputerNameA` `GetTempPathA` `SetThreadAffinityMask` `CreateToolhelp32Snapshot` `WaitForSingleObjectEx` `CreateProcessA` `DuplicateHandle` `ReadFile` `FindClose` `FindNextFileA` `FindFirstFileA`
DivxDecoder.dll	`UnInitializeDivxDecoder` `DivxDecode` `SetOutputFormat` `InitializeDivxDecoder`
OPENGL32.dll	`glGetFloatv` `glGetIntegerv` `glGetError` `glDisable` `glDeleteTextures` `glTexImage2D` `glBindTexture` `glGenTextures` `glEnable` `glTexParameteri` `glReadPixels` `wglGetProcAddress` `wglDeleteContext` `wglMakeCurrent` `wglCreateContext` `wglGetCurrentContext` `glTexEnviv` `glColorMask` `glDepthMask` `glDepthRange` `glViewport` `glPolygonMode` `glClipPlane` `glCopyTexSubImage2D` `glCopyTexImage2D` `wglGetCurrentDC` `glTexSubImage2D` `glPixelStorei` `glCullFace` `glBlendFunc` `glMatrixMode` `glPolygonOffset` `glDisableClientState` `glHint` `glTexGeni` `glTexEnvi` `glTexEnvf` `glTexEnvfv` `glGetString` `glScissor` `glTexCoordPointer` `glColorPointer` `glNormalPointer` `glVertexPointer` `glLightf` `glLightfv` `glLightModelfv` `glMaterialfv` `glColor4fv` `glLoadMatrixf` `glLoadIdentity` `glFogf` `glFogi` `glColorMaterial` `glLightModeli` `glTexGenfv` `glPointSize` `glFrontFace` `glDepthFunc` `glFogfv` `glAlphaFunc` `glMaterialf` `glClear` `glClearColor` `wglSwapLayerBuffers` `glFinish` `glDrawArrays` `glDrawElements` `glLineWidth` `glEnableClientState`
d3d9.dll	`D3DPERF_SetOptions`
IMM32.dll	`ImmGetContext` `ImmGetCandidateListA` `ImmNotifyIME` `ImmAssociateContextEx` `ImmSetConversionStatus` `ImmAssociateContext` `ImmGetCompositionStringA` `ImmGetConversionStatus` `ImmReleaseContext`
WININET.dll	`HttpQueryInfoA` `InternetSetOptionA` `InternetConnectA` `InternetReadFileExA` `InternetOpenA` `HttpOpenRequestA` `InternetSetCookieA` `HttpSendRequestA` `InternetCloseHandle` `InternetSetStatusCallback` `InternetSetStatusCallbackA` `InternetCrackUrlA`
WS2_32.dll	`#15` `#12` `#108` `#103` `#6` `#9` `#21` `#3` `#111` `#16` `#5` `#19` `#23` `#7` `#10` `#1` `#4` `#52` `#11` `#13` `#2` `#8` `#115` `#116` `WSACloseEvent` `WSACreateEvent` `WSAEnumNetworkEvents` `WSAEventSelect` `#18` `#151` `#20` `#17`
DINPUT8.dll	`DirectInput8Create`
SETUPAPI.dll	`SetupDiEnumDeviceInterfaces` `SetupDiDestroyDeviceInfoList` `SetupDiEnumDeviceInfo` `SetupDiGetClassDevsA` `SetupDiGetDeviceInterfaceDetailA` `SetupDiGetDeviceRegistryPropertyA`
HID.DLL	`HidD_SetFeature` `HidD_GetPreparsedData` `HidD_GetAttributes` `HidP_GetCaps` `HidD_GetProductString` `HidD_GetSerialNumberString` `HidD_FreePreparsedData` `HidD_GetHidGuid`
USER32.dll	`SystemParametersInfoA` `UnhookWindowsHookEx` `SendInput` `SetCapture` `ReleaseCapture` `MoveWindow` `SendMessageA` `GetWindowPlacement` `SetFocus` `PostQuitMessage` `IsZoomed` `DispatchMessageA` `TranslateMessage` `MapVirtualKeyA` `PeekMessageA` `IsIconic` `PostMessageA` `GetParent` `IsWindowVisible` `CloseClipboard` `OpenClipboard` `GetForegroundWindow` `MessageBeep` `GetKeyState` `FillRect` `SetWindowsHookExA` `IsDialogMessageA` `TranslateAcceleratorA` `GetKeyboardLayout` `SetClipboardData` `EmptyClipboard` `LoadStringA` `MessageBoxA` `IsWindow` `wsprintfA` `SetCursor` `GetCursorPos` `ScreenToClient` `GetClientRect` `LoadImageA` `LoadCursorA` `MapWindowPoints` `BeginPaint` `EndPaint` `AdjustWindowRectEx` `GetSystemMetrics` `ShowWindow` `ChangeDisplaySettingsExA` `SetWindowPos` `GetWindowRect` `ClipCursor` `DefWindowProcA` `RegisterClassExA` `CreateWindowExA` `GetDC` `ReleaseDC` `DestroyWindow` `UnregisterClassA` `EnumDisplaySettingsA` `EnumDisplayDevicesA` `MonitorFromPoint` `GetMonitorInfoA` `MsgWaitForMultipleObjects` `WaitForInputIdle` `SetTimer` `KillTimer` `GetActiveWindow` `CallNextHookEx` `GetAsyncKeyState` `ClientToScreen` `VkKeyScanA` `GetDesktopWindow` `CharLowerBuffA` `LoadBitmapA` `DrawTextExA` `InvertRect` `GetMessageA`
GDI32.dll	`DescribePixelFormat` `SetPixelFormat` `SetDeviceGammaRamp` `GetPixelFormat` `DeleteObject` `SetBkColor` `SetTextColor` `SetBkMode` `GetDeviceGammaRamp` `DeleteDC` `StretchBlt` `BitBlt` `CreateCompatibleDC` `OffsetViewportOrgEx` `SetViewportOrgEx` `SelectClipRgn` `CreateRectRgn` `Rectangle` `CreateFontIndirectA` `GetObjectA` `SetMapMode` `GdiFlush` `CreateDIBSection` `ChoosePixelFormat` `TranslateCharsetInfo` `GetStockObject` `CreateBitmap` `CreateSolidBrush` `SelectObject`
ADVAPI32.dll	`RegOpenKeyA` `RegCreateKeyExA` `RegSetValueExA` `RegFlushKey` `RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey` `CryptAcquireContextA` `CryptGenRandom` `CryptReleaseContext` `GetUserNameA` `AllocateAndInitializeSid` `OpenProcessToken` `GetTokenInformation` `InitializeAcl` `AddAccessDeniedAce` `AddAccessAllowedAce` `SetSecurityInfo` `FreeSid` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `RegEnumKeyA`
SHELL32.dll	`FindExecutableA` `ShellExecuteA`
WINMM.dll	`waveOutOpen` `waveOutUnprepareHeader` `waveOutWrite` `waveOutReset` `waveOutClose` `waveInAddBuffer` `waveInPrepareHeader` `waveInUnprepareHeader` `waveInGetDevCapsA` `waveInStart` `waveInOpen` `waveInClose` `waveInReset` `waveOutPrepareHeader` `waveOutGetDevCapsA` `timeKillEvent` `timeSetEvent` `mciSendCommandA` `timeGetTime` `waveOutGetNumDevs` `waveInGetNumDevs` `waveOutGetPosition`
VERSION.dll	`VerQueryValueA` `GetFileVersionInfoSizeA` `GetFileVersionInfoA`
MSACM32.dll	`acmStreamConvert` `acmStreamOpen` `acmFormatSuggest` `acmStreamUnprepareHeader` `acmStreamPrepareHeader` `acmStreamSize`
ole32.dll	`PropVariantClear` `CoCreateInstance` `CoTaskMemFree` `CoUninitialize` `CLSIDFromString` `CoInitialize`

Delayed Imports

BLIZZARDCOMPONENT

Type	`BLIZZARDCOMPONENT`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.67079`
MD5	`0879d881eca060200e35d10f881d8cc2`
SHA1	`77837435b980b160492f532aaca5c319bc495987`
SHA256	`ddc620adcb95a12b5f13bb5b3e2390641f7181091609122b3ef7f2f55000c60b`
SHA3	`96beb0862763b9384aaa4da0a5ffed2747bfb414127db49a79d85a0a25d3dd04`

__GDF_THUMBNAIL

Type	`DATA`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x17a7a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99465`
Detected Filetype	PNG graphic file
MD5	`53dca17aeb54867383968892853de5a8`
SHA1	`237415f7f5848a32588ffcba7a0a48a644a34f07`
SHA256	`a9f11546df62db0be474e0e3cd226842fee6c02c625634b5c4388a4935e00a84`
SHA3	`bf61dbeddcad370b0a19886342728c4d5548ba1c04a68dcc417ad570b280c094`

__GDF_XML

Type	`DATA`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0xc7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56985`
MD5	`80078a4fb274748dc01616f713c6e191`
SHA1	`c352e4a72c8e9bef959b33098bc10665c9e96f38`
SHA256	`aa6eb140341435833a3835707e5b559dc972cbbe83b873c9a1803594dff0ff42`
SHA3	`138cae1af1c808729311bc16a85efcc61614d1a0e11cdff45dbde785dbfd322e`

__GDF_XML (#2)

Type	`DATA`
Language	Chinese - Taiwan
Codepage	Latin 1 / Western European
Size	`0xc34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.60574`
MD5	`d211bc815f4bf260afe3b7d00cb9dfab`
SHA1	`ebc125b9867f6cafea9f085df99816796b07f1a8`
SHA256	`21b0d87bd1d12d7b67c1c12e703f4e55e276b23d702e9b39380c27bb0ea9dc00`
SHA3	`db868d6d48bb2e5179f228f8bed933d1f8867767535fa6805fd8d8a67b61210a`

__GDF_XML (#3)

Type	`DATA`
Language	German - Germany
Codepage	Latin 1 / Western European
Size	`0xc7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5696`
MD5	`ff1c3b702bed2b1b452c41000a2a0538`
SHA1	`44a4ce2ccbe4715f06c02062a6854b3ebe28c8e2`
SHA256	`39f255355779bdae56439ba1ca7a943d057594a00a7c8683325d5f743491bae6`
SHA3	`cf70d4900f14d29ac3d26699bded507a256b0eea2f016254751aea75dade7762`

__GDF_XML (#4)

Type	`DATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xc7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56985`
MD5	`80078a4fb274748dc01616f713c6e191`
SHA1	`c352e4a72c8e9bef959b33098bc10665c9e96f38`
SHA256	`aa6eb140341435833a3835707e5b559dc972cbbe83b873c9a1803594dff0ff42`
SHA3	`138cae1af1c808729311bc16a85efcc61614d1a0e11cdff45dbde785dbfd322e`

__GDF_XML (#5)

Type	`DATA`
Language	Spanish - Spain (Traditional sort)
Codepage	Latin 1 / Western European
Size	`0xc7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5696`
MD5	`ff1c3b702bed2b1b452c41000a2a0538`
SHA1	`44a4ce2ccbe4715f06c02062a6854b3ebe28c8e2`
SHA256	`39f255355779bdae56439ba1ca7a943d057594a00a7c8683325d5f743491bae6`
SHA3	`cf70d4900f14d29ac3d26699bded507a256b0eea2f016254751aea75dade7762`

__GDF_XML (#6)

Type	`DATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0xc7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5696`
MD5	`ff1c3b702bed2b1b452c41000a2a0538`
SHA1	`44a4ce2ccbe4715f06c02062a6854b3ebe28c8e2`
SHA256	`39f255355779bdae56439ba1ca7a943d057594a00a7c8683325d5f743491bae6`
SHA3	`cf70d4900f14d29ac3d26699bded507a256b0eea2f016254751aea75dade7762`

__GDF_XML (#7)

Type	`DATA`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0xc50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.65932`
MD5	`5fcfcbe3f44da65ec73957b7fd6f9e0f`
SHA1	`10b782c225dc802ddcc69ff5032373b840a58b53`
SHA256	`831d6b393a1906f16dc744a6bf432323ba8c5459e8df70ce94d4d526fe43ce7b`
SHA3	`a1b1d62a83e100dfd21c0b257f184898f0ab39634f45501ed9869dbc1480a347`

__GDF_XML (#8)

Type	`DATA`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0xc7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56927`
MD5	`b8cd011929929e287f8bb16cae23c496`
SHA1	`d04386a89ef961a596547923b755ab8ada4209ea`
SHA256	`469fdfa949352832e9c2864c323e221af115298e6c1bef9c382492f49f7c7554`
SHA3	`78d409ad3c4e24e601846d079ef20539722de4bee54053437e8749201f05787e`

__GDF_XML (#9)

Type	`DATA`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xc34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.59966`
MD5	`14220de1fe453cf2b9772da5175f37db`
SHA1	`407a7077cce2bde82b89eecafd1009336c534406`
SHA256	`06383eac6f56492bf64245c9d94e86ba5b8592981e9de7a0c8c556baffb46ee8`
SHA3	`563fbf8f8f53a58388e613ac0b00d44afc8d96031315cfc972101df487272bf3`

__GDF_XML (#10)

Type	`DATA`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xc7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5696`
MD5	`ff1c3b702bed2b1b452c41000a2a0538`
SHA1	`44a4ce2ccbe4715f06c02062a6854b3ebe28c8e2`
SHA256	`39f255355779bdae56439ba1ca7a943d057594a00a7c8683325d5f743491bae6`
SHA3	`cf70d4900f14d29ac3d26699bded507a256b0eea2f016254751aea75dade7762`

__GDF_XML (#11)

Type	`DATA`
Language	Spanish - Mexico
Codepage	Latin 1 / Western European
Size	`0xc7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56948`
MD5	`cfa83af62390f7f5129cce0c577fe88f`
SHA1	`2c7da27e228984eb90e583bafe41ec6ff0e10ec7`
SHA256	`bc11b3f75337349c9c2b7a11acf62f387972e6f22e0e7527e1d5e9cfc5ebf83b`
SHA3	`9b679397009b537b092557b05e3097ac3dc0fe2a31958e043f7ba188284bf99e`

5

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.19899`
MD5	`d51dfff106e9ae8d61f7b580edf3bc4c`
SHA1	`45131270056ca00745da80f0d619b325b706d085`
SHA256	`e3a06cf5ec8012ebe75b1a5195fd31bb063e614a8b8915f6d268af72dae98d1e`
SHA3	`8e890e4e5e753bba07c85349be27241064d4a65f7be96ba4d5c4ebb5e1a93fca`

119

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.41918`
MD5	`c546ca9dcf0b1f286038da3fb7547ef0`
SHA1	`f98fdb46fd7c54a0b147d7fa2f4d2c84fd782622`
SHA256	`68d6bdb54e0cf249adb8003763cb8240b8b914308ac34c2734a8d7b9fdb56bf2`
SHA3	`da9fe8480884ad132b37423329e94c0834c03dab61ae0be06cec74031496a5e2`
Preview

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.17327`
MD5	`35fa884204e68768e61ac88d64080ebd`
SHA1	`86f31902040aabb41ffc998b901dbf4a78952d31`
SHA256	`9040a46bf5cc3d97575076f5bdcd36a00bfaed7670af7760b925d1913b4225bc`
SHA3	`4ab38d82dcf642c590d98747f5f3ee8f6f18f342b9067342c7c34f2279c37f8c`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.17327`
MD5	`35fa884204e68768e61ac88d64080ebd`
SHA1	`86f31902040aabb41ffc998b901dbf4a78952d31`
SHA256	`9040a46bf5cc3d97575076f5bdcd36a00bfaed7670af7760b925d1913b4225bc`
SHA3	`4ab38d82dcf642c590d98747f5f3ee8f6f18f342b9067342c7c34f2279c37f8c`

2

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40819`
MD5	`4d51a04111274fcd389a7cd114fc9764`
SHA1	`34cfd4ad80bcff6742ba38f5b7c58db2ba049b49`
SHA256	`da2de5ad3c30553f228d85d77d0b2e3c8eee8f16e1e23236a87315daac37ebcb`
SHA3	`eb8474b7e6f5ea21df24cb02372934ec3296eebaf64bbb6f9684a17c30fc3d9d`

2 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40819`
MD5	`4d51a04111274fcd389a7cd114fc9764`
SHA1	`34cfd4ad80bcff6742ba38f5b7c58db2ba049b49`
SHA256	`da2de5ad3c30553f228d85d77d0b2e3c8eee8f16e1e23236a87315daac37ebcb`
SHA3	`eb8474b7e6f5ea21df24cb02372934ec3296eebaf64bbb6f9684a17c30fc3d9d`

3

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40407`
MD5	`cb34e47b22ceb9d474c035a7c092f406`
SHA1	`72f488d1d0fc56a3a866c9929791f37ca20275c5`
SHA256	`6df718bf07b4ae46bf4626f98e2560e4c69a8304e4c72d08117ce45c48204fb6`
SHA3	`e02c7f8db66f3ea1ab0da2c3bd38681e5df22d7820ed5e7e34bd2d997356fa19`

3 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40407`
MD5	`cb34e47b22ceb9d474c035a7c092f406`
SHA1	`72f488d1d0fc56a3a866c9929791f37ca20275c5`
SHA256	`6df718bf07b4ae46bf4626f98e2560e4c69a8304e4c72d08117ce45c48204fb6`
SHA3	`e02c7f8db66f3ea1ab0da2c3bd38681e5df22d7820ed5e7e34bd2d997356fa19`

4

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.35288`
MD5	`bd49fd8939915fd12293b1e6a25a4462`
SHA1	`4d186703dbd0a7024bcbf5dbe12d99ef54e0ff4c`
SHA256	`a2ad75218e69b0472b08fc8b1b64e3d4435c457560567d04c240bcece32c9bca`
SHA3	`fc84256490eede21ee52f784a459a92c0aca6fcd4a853b4b29d0d99be98fb9dc`

4 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.35288`
MD5	`bd49fd8939915fd12293b1e6a25a4462`
SHA1	`4d186703dbd0a7024bcbf5dbe12d99ef54e0ff4c`
SHA256	`a2ad75218e69b0472b08fc8b1b64e3d4435c457560567d04c240bcece32c9bca`
SHA3	`fc84256490eede21ee52f784a459a92c0aca6fcd4a853b4b29d0d99be98fb9dc`

BLIZZARDCURSOR.CUR

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`0893f6ba80d82936ebe7a8216546cd9a`
SHA1	`0754cbdf56c53de9ed7fbd47859d20b788c6f056`
SHA256	`a0adcedb82b57089f64e2857f97cefd6cf25f4d27eefc6648bda83fd5fef66bb`
SHA3	`ce6148ade08ef9b829f83cb13b4c650d9d4a7012bfd1ab697a7870a05f4104f8`
Preview

BLIZZARDICON.ICO

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62308`
Detected Filetype	Icon file
MD5	`5c84b5099ac46312565be1aa2e21eff0`
SHA1	`25f00759b0e6641f9b423e6a52556c2e4e2796c3`
SHA256	`816cc8c77a0adb35a7432b2bac047e9834bfd21b0ef96c612e5f8bc4f0986620`
SHA3	`17e6deff600599725f4cf3c95b7472cf6ca993cdc40907ae04b6209f5619547f`

101

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62308`
Detected Filetype	Icon file
MD5	`5c84b5099ac46312565be1aa2e21eff0`
SHA1	`25f00759b0e6641f9b423e6a52556c2e4e2796c3`
SHA256	`816cc8c77a0adb35a7432b2bac047e9834bfd21b0ef96c612e5f8bc4f0986620`
SHA3	`17e6deff600599725f4cf3c95b7472cf6ca993cdc40907ae04b6209f5619547f`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x38c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35575`
MD5	`439f56cf58d68164233c73715c160805`
SHA1	`e0b98aa1f6c09c33c7d9560f278ce77529adb0b2`
SHA256	`d0511b37352bd12fbf2af71f8362017cee7b7e5d7bf7239487ef49b4a87a99bc`
SHA3	`fa5961543bdb34ec7454b167afc0a4293508493f57acc92391952491841739db`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

BLIZZARDKEY

Type	`UNKNOWN`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77358`
MD5	`7101acff6ca51d124c11e27fa27c5baf`
SHA1	`77740ce72d20e29f7c2089312b266bcc1e831402`
SHA256	`59d13e8e08b95be3413fab49d724cb913bad527134638bafcad0c0aa35837be9`
SHA3	`2941ca4a67e2291900dffb5d3e7a1519fac63779cb146c08c6f29c13ec7a33b1`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.0.0.11927
ProductVersion	4.0.0.0
FileFlags	`VS_FF_PRERELEASE`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Blizzard Entertainment
FileDescription	World of Warcraft Retail
FileVersion (#2)	4, 0, 0, 11927
InternalName	World of Warcraft
LegalCopyright	Copyright © 2004
OriginalFilename	WoW.exe
ProductName	World of Warcraft
ProductVersion (#2)	Version 4.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2010-Apr-24 01:30:06
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x6868d8`
PointerToRawData	`0x685cd8`
Referenced File	D:\BuildServer\WoW\5\work\WoW-code\trunk\WoW\Bin\Wow.pdb

TLS Callbacks

StartAddressOfRawData	`0xd75000`
EndAddressOfRawData	`0xd75018`
AddressOfIndex	`0xcd8460`
AddressOfCallbacks	`0x9f0664`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

XOR Key	`0x8eda6b03`
Unmarked objects	`0`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`2`
Unmarked objects (#2)	`18`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Imports (VS2003 (.NET) build 4035)	`2`
C objects (VS2003 (.NET) build 4035)	`1`
ASM objects (VS2003 (.NET) build 3077)	`1`
Imports (VS2012 build 50727 / VS2005 build 50727)	`33`
Total imports	`558`
126 (VS2012 build 50727 / VS2005 build 50727)	`34`
C objects (VS2012 build 50727 / VS2005 build 50727)	`57`
ASM objects (VS2008 SP1 build 30729)	`70`
C objects (VS2008 SP1 build 30729)	`300`
C++ objects (VS2008 SP1 build 30729)	`1145`
Linker (VS2008 build 21022)	`1`
151	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

5509296563f63c7caef837db1efd73e5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.zdata

.tls

.rsrc

.reloc

Imports

Delayed Imports

BLIZZARDCOMPONENT

__GDF_THUMBNAIL

__GDF_XML

__GDF_XML (#2)

__GDF_XML (#3)

__GDF_XML (#4)

__GDF_XML (#5)

__GDF_XML (#6)

__GDF_XML (#7)

__GDF_XML (#8)

__GDF_XML (#9)

__GDF_XML (#10)

__GDF_XML (#11)

5

119

1

1 (#2)

2

2 (#2)

3

3 (#2)

4

4 (#2)

BLIZZARDCURSOR.CUR

BLIZZARDICON.ICO

101

1 (#3)

1 (#4)

BLIZZARDKEY

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors