Manalyze report for 86380946408c4522d90553305afe07da

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2006-Sep-20 03:34:51
Detected languages	English - United States
CompanyName	Blizzard Entertainment
FileDescription	World of Warcraft
FileVersion	`1, 12, 1, 5875`
InternalName	World of Warcraft
LegalCopyright	Copyright © 2004
OriginalFilename	WoW.exe
ProductName	World of Warcraft
ProductVersion	`Version 1.12`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	Interesting strings found in the binary:	`Contains domain names: .blizzard-europe.com .blizzard.com .blizzcon.com .turtle-wow.org .worldofwarcraft.com .wow-europe.com .wowtaiwan.com Battle.net battle.net blizzard-europe.com blizzard.com blizzcon.com europe.com http://www.w3.org http://www.w3.org/XML/1998/namespace logon.worldofwarcraft.com memtest86.com turtle-wow.org us.logon.worldofwarcraft.com worldofwarcraft.com wow-europe.com wowtaiwan.com www.battle.net www.lua.org www.memtest86.com www.w3.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1`
Suspicious	The PE is possibly packed.	`Unusual section name found: .tdata` `Section .tdata is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`Can access the registry: RegQueryValueExA RegOpenKeyExA RegSetValueExA RegCreateKeyExA RegDeleteKeyA RegQueryInfoKeyA RegDeleteValueA RegFlushKey RegEnumKeyExA RegOpenKeyA RegCloseKey` `Possibly launches other programs: ShellExecuteA` `Uses Windows's Native API: ntohs ntohl` `Can create temporary files: GetTempPathA CreateFileA` `Uses functions commonly found in keyloggers: GetForegroundWindow MapVirtualKeyA GetAsyncKeyState` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetReadFileExA InternetSetOptionA InternetSetStatusCallback InternetConnectA InternetOpenA InternetCrackUrlA InternetCloseHandle` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeA GetVolumeInformationA` `Changes object ACLs: SetSecurityInfo` `Can take screenshots: GetDC BitBlt CreateCompatibleDC`
Malicious	VirusTotal score: 3/72 (Scanned on 2024-11-20 22:13:11)	`Bkav: W32.AIDetectMalware` `TrendMicro: TROJ_RENOS.BHAM` `TrendMicro-HouseCall: TROJ_RENOS.BHAM`

Hashes

MD5	`86380946408c4522d90553305afe07da`
SHA1	`643f1889c358bb80f69595745584b068ee94a904`
SHA256	`35e9ccb98a4dd26c6a1df8cbc675bc5b46030207b7dd5ee98562c65306f48dd2`
SHA3	`05a5ff3d831a10f9b49c67a860133ae8b91f44740b9b09b9104106631d06af8b`
SSDeep	`98304:FVPDmlVkJiK7CIW2SIPCXxS4n94ZQNPL7T:7PsVkJiK7CIcIqhS4nLhT`
Imports Hash	`8ded295f64664d3227658d5b9adea810`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2006-Sep-20 03:34:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x3fe000`
SizeOfInitializedData	`0x507000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001000 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3ff000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x926000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8109c638aaaffc64ddce63b5e2f7faff`
SHA1	`7f1d29d32a61560c47dc7bbebe622f5753514a08`
SHA256	`f1e48f5c31113adcb6a6b456112f58c45086d7f32a8cad4d222967bc9661d6af`
SHA3	`d54413659f475fbcf8b0581a48b0d8db9eb6635fb46f060be9510ae11364e0db`
VirtualSize	`0x3fddac`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3fe000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53411`

.rdata

MD5	`22ac4baac8087f98271d8478cb40be94`
SHA1	`d9dbf99536d613909450d9379954a1411434cd57`
SHA256	`92c1dd576e587eb9e070e0221a26ec25d319686afe493dcd6471e9d2d936a7b7`
SHA3	`3730e6cc8c1a18ba7e1db4c2cdae6fbaaec9cf33bc14133388a57a308bf80061`
VirtualSize	`0x27258`
VirtualAddress	`0x3ff000`
SizeOfRawData	`0x28000`
PointerToRawData	`0x3ff000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.6719`

.data

MD5	`70888c2da9a2f92624ca7ec5cf04fbe9`
SHA1	`c3863f692be740a5373f6d44744ea32f0ad44021`
SHA256	`39f1fa4842ea5e8a3835d306d1c260c323ba97457df162ae7efa41dd022cc783`
SHA3	`136f65f7713f694f246a9dc37463405397cd347cc319cfbdfd50c6a1465e1227`
VirtualSize	`0x4d3154`
VirtualAddress	`0x427000`
SizeOfRawData	`0x5c000`
PointerToRawData	`0x427000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.88916`

.sxdata

MD5	`9b3121c87a53879ab6b6648e0b9b28b8`
SHA1	`8e301861988d8589a4acbada24d6d256a266a348`
SHA256	`962ed5674c1f57cd510aa76b21b8e0dcb007e5a5c484b2f407a6195392b0e1d3`
SHA3	`6a8bb937cab91d8d9fbd75053c86d03e906ed660b9ffdbad276a03d36de7f912`
VirtualSize	`0x8`
VirtualAddress	`0x8fb000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x483000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_LNK_INFO` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.00656364`

.rsrc

MD5	`b2e206d56329e645d1a4904733fe6ee4`
SHA1	`2f85c31f539fe382c936d48d554f7e0b742bffab`
SHA256	`6ee8d41033612b528e79eee0865f12e43d234cd7c2b6dcb352f2aa83278ea3d6`
SHA3	`3989d1e938a81060cbc30e9ceeac9141c2208e836f3e72550321f23fd0752c9b`
VirtualSize	`0x9038`
VirtualAddress	`0x8fc000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x484000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.63725`

.tdata

MD5	`705133a2bb078f2aa3ac2d40a473a1ee`
SHA1	`fa97ee136c886c0cbc267bb634732bf338dc0433`
SHA256	`173c00ba9dd9a9f89987edec767a196093e29db9bef7153a90f957406024c84c`
SHA3	`afb18fe2ef49ab481900cf54defcf121c886f1a16367efe2528e5f8feeded7d7`
VirtualSize	`0x20000`
VirtualAddress	`0x906000`
SizeOfRawData	`0x20000`
PointerToRawData	`0x48e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0395212`

Imports

KERNEL32.dll	`CloseHandle` `ResumeThread` `SetThreadAffinityMask` `GetSystemInfo` `GetComputerNameA` `GlobalMemoryStatus` `CreateEventA` `DeleteFileA` `GetTempPathA` `GetThreadPriority` `SetThreadPriority` `ReadFile` `FlushFileBuffers` `SetFilePointer` `GetFileSize` `GetFileTime` `SetFileTime` `SetEndOfFile` `FindClose` `DuplicateHandle` `SuspendThread` `CreateIoCompletionPort` `QueryPerformanceFrequency` `GetQueuedCompletionStatus` `QueryPerformanceCounter` `WaitForSingleObject` `SetEvent` `TerminateThread` `PostQueuedCompletionStatus` `WaitForMultipleObjects` `CreateFileA` `GetSystemDirectoryA` `Beep` `IsBadReadPtr` `GetCurrentProcessId` `CreateThread` `GetProcessHeap` `GetExitCodeProcess` `FindFirstFileA` `GetFileAttributesA` `CreateDirectoryA` `FormatMessageA` `SetUnhandledExceptionFilter` `OutputDebugStringA` `UnmapViewOfFile` `FreeResource` `SizeofResource` `LockResource` `LoadResource` `FindResourceA` `MapViewOfFile` `CreateFileMappingA` `GetDiskFreeSpaceA` `FileTimeToSystemTime` `GetDriveTypeA` `ResetEvent` `CreateSemaphoreA` `ReleaseSemaphore` `CreateMutexA` `OpenMutexA` `ReleaseMutex` `FindNextFileA` `lstrcpynA` `MulDiv` `GetFileInformationByHandle` `PeekNamedPipe` `GetFullPathNameA` `GetCurrentDirectoryA` `SetCurrentDirectoryA` `SetStdHandle` `IsBadCodePtr` `GetWindowsDirectoryA` `FreeLibrary` `InterlockedExchange` `SetEnvironmentVariableA` `CompareStringA` `GetTimeZoneInformation` `GetUserDefaultLCID` `EnumSystemLocalesA` `GetLocaleInfoA` `IsValidLocale` `Sleep` `GetStringTypeA` `LCMapStringA` `InterlockedIncrement` `InterlockedDecrement` `LoadLibraryA` `IsBadWritePtr` `VirtualAlloc` `GetOEMCP` `GetACP` `RaiseException` `SetConsoleCtrlHandler` `FatalAppExitA` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `HeapSize` `HeapAlloc` `HeapReAlloc` `WriteFile` `RtlUnwind` `HeapFree` `VirtualFree` `HeapCreate` `HeapDestroy` `GetVersionExA` `FileTimeToLocalFileTime` `GetLocalTime` `GetTickCount` `CompareFileTime` `GetSystemTime` `SystemTimeToFileTime` `FlushInstructionCache` `VirtualQuery` `GetVolumeInformationA` `GetEnvironmentVariableA` `GetCurrentThread` `GetLastError` `TlsGetValue` `SetLastError` `GetModuleHandleA` `IsProcessorFeaturePresent` `LocalFree` `GlobalUnlock` `GlobalLock` `GlobalFree` `GlobalAlloc` `VirtualProtect` `TlsFree` `TlsAlloc` `TlsSetValue` `GetCurrentThreadId` `DeleteCriticalSection` `GetFileType` `GetStdHandle` `SetHandleCount` `GetEnvironmentStrings` `FreeEnvironmentStringsA` `GetModuleFileNameA` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `ExitProcess` `GetVersion` `GetCommandLineA` `GetStartupInfoA` `InterlockedCompareExchange`
ADVAPI32.dll	`GetUserNameA` `FreeSid` `SetSecurityInfo` `AddAccessAllowedAce` `AddAccessDeniedAce` `InitializeAcl` `GetTokenInformation` `OpenProcessToken` `AllocateAndInitializeSid` `RegQueryValueExA` `RegOpenKeyExA` `RegSetValueExA` `RegCreateKeyExA` `RegDeleteKeyA` `RegQueryInfoKeyA` `RegDeleteValueA` `RegFlushKey` `RegEnumKeyExA` `RegOpenKeyA` `RegCloseKey`
COMCTL32.dll	`ImageList_DragEnter` `ImageList_GetImageCount` `ImageList_Add` `ImageList_Replace` `ImageList_Destroy` `ImageList_Create` `_TrackMouseEvent` `InitCommonControlsEx` `ImageList_DragMove` `ImageList_BeginDrag` `ImageList_DragLeave` `ImageList_EndDrag` `ImageList_DragShowNolock`
USER32.dll	`SetMenu` `CreateDialogIndirectParamA` `SetMenuItemInfoA` `InsertMenuItemA` `GetMenuItemCount` `DeleteMenu` `GetFocus` `GetMenu` `SetTimer` `KillTimer` `IsWindowEnabled` `GetParent` `SetWindowPos` `CreateWindowExA` `IsDialogMessageA` `GetWindow` `IsWindowVisible` `InvalidateRect` `LoadImageA` `GetWindowInfo` `SetWindowTextA` `DestroyAcceleratorTable` `SetClipboardData` `EmptyClipboard` `GetWindowTextA` `GetWindowTextLengthA` `ReleaseDC` `GetDC` `GetSysColorBrush` `GetSysColor` `GetClassLongA` `CloseClipboard` `OpenClipboard` `DrawTextA` `FillRect` `SetScrollInfo` `SetScrollPos` `GetScrollInfo` `LoadCursorA` `SetCursor` `ShowCursor` `DestroyIcon` `SetClassLongA` `CreateAcceleratorTableA` `TrackPopupMenu` `DrawMenuBar` `FrameRect` `DrawIconEx` `InvertRect` `LoadBitmapA` `wsprintfA` `LoadStringA` `IsWindow` `MessageBoxA` `WaitForInputIdle` `MapWindowPoints` `GetSystemMetrics` `MonitorFromRect` `GetMonitorInfoA` `BeginPaint` `EndPaint` `RegisterClassExA` `UnregisterClassA` `ChangeDisplaySettingsExA` `ClipCursor` `EnumDisplaySettingsA` `EnumDisplayDevicesA` `GetKeyState` `MessageBeep` `WindowFromPoint` `SetWindowPlacement` `GetWindowPlacement` `GetForegroundWindow` `BringWindowToTop` `GetMenuItemInfoA` `DestroyMenu` `CreatePopupMenu` `CreateMenu` `TranslateAcceleratorA` `DestroyWindow` `PostMessageA` `ShowWindow` `IsZoomed` `PostQuitMessage` `SetFocus` `SendMessageA` `MoveWindow` `ReleaseCapture` `SetCapture` `MapVirtualKeyA` `DefWindowProcA` `SendInput` `GetAsyncKeyState` `GetClientRect` `GetCursorPos` `ScreenToClient` `SystemParametersInfoA` `ClientToScreen` `SetCursorPos` `IsIconic` `GetWindowRect` `AdjustWindowRectEx` `PeekMessageA` `GetMessageA` `TranslateMessage` `DispatchMessageA` `GetKeyboardLayout` `GetActiveWindow` `SetParent`
SHELL32.dll	`FindExecutableA` `ShellExecuteA`
WSOCK32.dll	`WSACleanup` `bind` `connect` `gethostbyname` `inet_ntoa` `WSAStartup` `recvfrom` `getpeername` `htons` `accept` `getsockname` `listen` `setsockopt` `socket` `WSAGetLastError` `closesocket` `select` `send` `__WSAFDIsSet` `recv` `ioctlsocket` `ntohs` `inet_addr` `ntohl` `gethostname` `getsockopt` `sendto`
OPENGL32.dll	`glGetError` `glLineWidth` `glDrawElements` `glDrawArrays` `glTexSubImage2D` `glTexEnvfv` `glTexEnviv` `glHint` `glMaterialfv` `glMaterialf` `glAlphaFunc` `glFogi` `glFogf` `glFogfv` `glDepthFunc` `glPointSize` `glTexGenfv` `glLightModelfv` `glLightModeli` `glColorMaterial` `glPixelStorei` `glClipPlane` `glLoadMatrixf` `glLoadIdentity` `glPolygonMode` `glLightfv` `glLightf` `glViewport` `glDepthRange` `glScissor` `glColor4fv` `glVertexPointer` `glNormalPointer` `glColorPointer` `glTexCoordPointer` `glDepthMask` `glColorMask` `glTexGeni` `glTexEnvi` `glTexEnvf` `glEnableClientState` `glDisableClientState` `glPolygonOffset` `glMatrixMode` `glBlendFunc` `glCullFace` `glFinish` `wglSwapLayerBuffers` `glClearColor` `glClear` `glGetString` `glTexParameteri` `glEnable` `glBindTexture` `glDeleteTextures` `glDisable` `glTexImage2D` `glGetIntegerv` `glGetFloatv` `glReadPixels` `wglGetCurrentDC` `glGenTextures` `glCopyTexImage2D` `glCopyTexSubImage2D` `wglGetProcAddress` `wglCreateContext` `wglDeleteContext` `wglMakeCurrent` `wglGetCurrentContext`
GDI32.dll	`SetBkMode` `CombineRgn` `CreateRectRgnIndirect` `DescribePixelFormat` `GetPixelFormat` `SetPixelFormat` `SetDeviceGammaRamp` `GetDeviceGammaRamp` `ChoosePixelFormat` `OffsetViewportOrgEx` `SetViewportOrgEx` `SelectClipRgn` `CreateRectRgn` `CreateFontIndirectA` `GetObjectA` `FillRgn` `CreateDIBSection` `DeleteDC` `BitBlt` `CreateCompatibleDC` `SetPixel` `SetTextColor` `SetBkColor` `CreateDIBitmap` `DeleteObject` `SelectObject` `GetTextExtentPoint32A` `GetStockObject` `TextOutA` `GdiFlush` `LineTo` `GetBkColor` `CreateSolidBrush` `SetMapMode` `MoveToEx` `CreatePen`
IMM32.dll	`ImmSetConversionStatus` `ImmAssociateContext` `ImmGetCandidateListA` `ImmNotifyIME` `ImmGetCompositionStringA` `ImmGetContext` `ImmGetConversionStatus` `ImmReleaseContext` `ImmAssociateContextEx`
DivxDecoder.dll	`UnInitializeDivxDecoder` `InitializeDivxDecoder` `SetOutputFormat` `DivxDecode`
WINMM.dll	`joyGetPosEx` `joyGetDevCapsA` `joyGetNumDevs`
fmod.dll	`_FSOUND_GetMaxChannels@0` `_FSOUND_GetMixer@0` `_FSOUND_GetDriverName@4` `_FSOUND_GetDriver@0` `_FSOUND_GetOutput@0` `_FSOUND_GetNumHWChannels@12` `_FSOUND_File_SetCallbacks@20` `_FSOUND_GetError@0` `_FSOUND_SetMemorySystem@20` `_FSOUND_SetMaxHardwareChannels@4` `_FSOUND_SetMinHardwareChannels@4` `_FSOUND_SetHWND@4` `_FSOUND_SetBufferSize@4` `_FSOUND_SetMixer@4` `_FSOUND_GetDriverCaps@8` `_FSOUND_SetDriver@4` `_FSOUND_GetNumDrivers@0` `_FSOUND_SetOutput@4` `_FSOUND_GetVersion@0` `_FSOUND_SetMute@8` `_FSOUND_Close@0` `_FSOUND_StopSound@4` `_FSOUND_Update@0` `_FSOUND_3D_Listener_GetAttributes@32` `_FSOUND_3D_SetAttributes@12` `_FSOUND_Stream_PlayEx@16` `_FSOUND_Stream_SetLoopCount@8` `_FSOUND_IsPlaying@4` `_FSOUND_SetReserved@8` `_FSOUND_Stream_GetLengthMs@4` `_FSOUND_Stream_SetTime@8` `_FSOUND_Reverb_SetChannelProperties@8` `_FSOUND_SetVolume@8` `_FSOUND_SetFrequency@8` `_FSOUND_Sample_SetMinMaxDistance@12` `_FSOUND_Stream_GetSample@4` `_FSOUND_3D_Listener_SetAttributes@32` `_FSOUND_Reverb_SetProperties@4` `_FSOUND_Reverb_GetProperties@4` `_FSOUND_GetCPUUsage@0` `_FSOUND_SetSFXMasterVolume@4` `_FSOUND_SetPaused@8` `_FSOUND_GetOutputRate@0` `_FSOUND_3D_SetDistanceFactor@4` `_FSOUND_3D_SetDopplerFactor@4` `_FSOUND_3D_SetRolloffFactor@4` `_FSOUND_Stream_GetTime@4` `_FSOUND_Stream_Stop@4` `_FSOUND_Stream_Close@4` `_FSOUND_Stream_Open@16` `_FSOUND_Stream_SetEndCallback@12` `_FSOUND_Stream_Play@8` `_FSOUND_Init@12`
WININET.dll	`InternetReadFileExA` `HttpQueryInfoA` `InternetSetOptionA` `InternetSetStatusCallback` `HttpSendRequestA` `HttpOpenRequestA` `InternetConnectA` `InternetOpenA` `InternetCrackUrlA` `InternetCloseHandle`

Delayed Imports

10

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.19899`
MD5	`d51dfff106e9ae8d61f7b580edf3bc4c`
SHA1	`45131270056ca00745da80f0d619b325b706d085`
SHA256	`e3a06cf5ec8012ebe75b1a5195fd31bb063e614a8b8915f6d268af72dae98d1e`
SHA3	`8e890e4e5e753bba07c85349be27241064d4a65f7be96ba4d5c4ebb5e1a93fca`

119

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x26c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.41918`
MD5	`c546ca9dcf0b1f286038da3fb7547ef0`
SHA1	`f98fdb46fd7c54a0b147d7fa2f4d2c84fd782622`
SHA256	`68d6bdb54e0cf249adb8003763cb8240b8b914308ac34c2734a8d7b9fdb56bf2`
SHA3	`da9fe8480884ad132b37423329e94c0834c03dab61ae0be06cec74031496a5e2`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57689`
MD5	`ef78f8bd5b13166c27b2c93be15234ad`
SHA1	`d424c6b20b239ebd4ffe25377857ac36ca9d76ce`
SHA256	`fae267d497f28c670a97c91bd09358c78b3c03944436e39586fd406cf7b3ed84`
SHA3	`f13ca79c85e6a721d1dcbbd7cd1164619191dd825b2cbd641274573234aac784`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.36089`
MD5	`4307bf43a6edaa83089842769ec51c90`
SHA1	`d1eb5da6d6d854d50ddccfaa90e6265f0dd745a1`
SHA256	`c9b889f82622b924d503c4c917c28fff3c233e90bd4712df14c870fc71da0760`
SHA3	`1bce99313bbf1326de9ebdfed08fe6c7bb94a7e31be5b2d93c522fe08ca2ba1a`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.41575`
MD5	`fd696458a7aa1320bc5f2a05da7cab5f`
SHA1	`3fc4b2a229d631c07e3c4e654c9836a8483a6774`
SHA256	`62a895b132c3e714d3d29b63d1db25ff7d6e6fe9d86888df6b0e7584155b1409`
SHA3	`553afd08a3c852136a7edf98a28619c1773bf360633c26a010505aa58ad3a308`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34418`
MD5	`64f78d02fed9387c200212abb713fd92`
SHA1	`489a7a8baf25287bfe0fb9c9683c028e9a41d56a`
SHA256	`e9e7e1b4cba902e0f9f000713f3e565625ebaa6d005d282de4ba2297e46507a8`
SHA3	`98f75d8ee743a7ea2a779ce44d88ce46b73574019b154048f4072817aa6eed82`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.26521`
MD5	`080a171233e82f51d8897cd7ecf9dd94`
SHA1	`3376a4ea6304c36fc237e0a75017d8a399b9317b`
SHA256	`64ba981f4248179493a4cb8b93e736f9876911b8c51dc2d1f13848aa11946521`
SHA3	`b2b2f303b8ce224503c6d10591f741a9bfed8cf64c95680b980d6d5e5a7b678b`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.14473`
MD5	`7efded190e65a19c4881cb436fc32a9e`
SHA1	`f7af8159a8a4869997d30cbd977287c5320abfaa`
SHA256	`182169b40f3e69d29814d2ca505457c1e8e2a82e8ec08a873daaceb8466d84dc`
SHA3	`6eb3da092015d3b7fcf78f4e3e0e66aa149cd3844828bde5c22d3d4bba583872`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.05157`
MD5	`26954d708749f29e419753d258a73948`
SHA1	`fac758e0f0c8c76dc68d2f41e679cd3910e7d2aa`
SHA256	`b6523638bd7f53b839ea8e656f327a64f98e0a516985da805b3c443d11ad8df5`
SHA3	`4941c94d7b01924374743fd7d83579c78044f5cb27f4b8971945ce03975ddbb2`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.01832`
MD5	`51957489bea0dc15772683e0505e835a`
SHA1	`dd0f53f8bf60f5f4fb12529388f4ebd3509e820e`
SHA256	`7783899550a3afbc7b0fb48c500b619dda3081e0873e3784159fbab2354a0a90`
SHA3	`5a5d3023940af71912036ad3c9b1054487b45af6d53ab1358e8d64342be6339f`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.99145`
MD5	`0b0bca9616ae669ed9802925d7891047`
SHA1	`8420a31716684af1034e75dbdb352035128b12de`
SHA256	`8b1c33e52dcd2cb9fc174cab3fdb980fc6e9b0d7f3e03a874e12c28957ea9a31`
SHA3	`b17e2d31250e8c6512461c616b253120440f59e0ec001fdd1e2d793bc8c17da1`

BLIZZARDCURSOR.CUR

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`e6a3323fcb21bc5b90ee077f41a24061`
SHA1	`91e468b891f8306afeb6ac33bc31d67efb2cbe9d`
SHA256	`a92f60b25322592e7ddd13d88e4006c097666f4d87c8cb0c21ffdccd53b31d78`
SHA3	`ffc4266780334ccca3790e5f703fab0a138d252e16d1ad1145c1929f51d31d38`
Preview

BLIZZARDICON.ICO

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8565`
Detected Filetype	Icon file
MD5	`d26a5609e66b36951f5763fc37112f6e`
SHA1	`c3f9a3464970480b43df36899545a796d2b5f1cf`
SHA256	`3c1f57ea69e14667486f18d17476471a38485238636a4219b50ebcdbf8ff1f21`
SHA3	`2db2e6f535defc5dfe7f53689b59ebda465840e08c73019ac28fdb5a1994a89b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x380`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38234`
MD5	`f2ee81a192dbd152e5219ec3e3314cda`
SHA1	`d1ad5bc1bd8be86d78bd20858480be10f7a524dc`
SHA256	`b9b7b75d5562f193ac5cee4c21240011b4ac56ef40ffcad025b042d3c77b350f`
SHA3	`8ba4f6c4203fd7ace9948772d5d0f0d86c6d8791d56f58a43156cc47e3edc44f`

BLIZZARDKEY

Type	`UNKNOWN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77358`
MD5	`7101acff6ca51d124c11e27fa27c5baf`
SHA1	`77740ce72d20e29f7c2089312b266bcc1e831402`
SHA256	`59d13e8e08b95be3413fab49d724cb913bad527134638bafcad0c0aa35837be9`
SHA3	`2941ca4a67e2291900dffb5d3e7a1519fac63779cb146c08c6f29c13ec7a33b1`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.12.1.5875
ProductVersion	1.12.0.0
FileFlags	`VS_FF_PRERELEASE`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Blizzard Entertainment
FileDescription	World of Warcraft
FileVersion (#2)	1, 12, 1, 5875
InternalName	World of Warcraft
LegalCopyright	Copyright © 2004
OriginalFilename	WoW.exe
ProductName	World of Warcraft
ProductVersion (#2)	Version 1.12

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x589b3c6e`
Unmarked objects	`0`
48 (9044)	`61`
C objects (VS2003 (.NET) build 3077)	`1`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`4`
C++ objects (VS2003 (.NET) build 4035)	`24`
18 (8444)	`6`
Total imports	`503`
Imports (9210)	`23`
39 (9162)	`43`
C objects (9178)	`45`
C++ objects (8047)	`7`
C objects (8047)	`177`
14 (7299)	`46`
49 (9044)	`611`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[!] Error: Could not read PDB file information of invalid magic number.