home

bw-1161.exe

Blizzard PrePatch Program

Blizzard Entertainment

This is a setup program which is used to install the application. The file has been seen being downloaded from api2.tenlua.vn and multiple other hosts.
Publisher:
Blizzard Entertainment

Product:
Blizzard PrePatch Program

Description:
PrePatch

Version:
2, 62, 0, 0

MD5:
94f88987a7460fe560f21b564d9c2d57

SHA-1:
283435e585ee4383c90cfe15ffe9f42bcc014b30

SHA-256:
eee831960b94f7cbfee902a4130fd92a6aa9187846c9c56c59d9f426dc761981

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 8:00:23 PM UTC  (today)

File size:
24.7 MB (25,929,688 bytes)

Product version:
2, 62, 0, 0

Copyright:
Copyright © 1996-2003

Original file name:
PrePatch.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bw-1161.exe

File PE Metadata
Compilation timestamp:
3/27/2003 2:49:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:axIDMRa6KWyEhhtMxGGE8XHF0CWHoHe2zjMehburmiOw7Gkj/QU7Ibk8d:1kcrQLE6Tke2zjMeSZfdQ

Entry address:
0x1980A

Entry point:
55, 8B, EC, 6A, FF, 68, 10, C1, 41, 00, 68, 68, 99, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 34, A1, 41, 00, 59, 83, 0D, C4, B4, 42, 00, FF, 83, 0D, C8, B4, 42, 00, FF, FF, 15, 38, A1, 41, 00, 8B, 0D, B8, B4, 42, 00, 89, 08, FF, 15, 3C, A1, 41, 00, 8B, 0D, B4, B4, 42, 00, 89, 08, A1, 40, A1, 41, 00, 8B, 00, A3, C0, B4, 42, 00, E8, F0, 03, 00, 00, 39, 1D, 10, 11, 42, 00, 75, 0C, 68, 66, 9C, 41, 00, FF, 15, 44, A1...
 
[+]

Entropy:
7.9992

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
100 KB (102,400 bytes)

The file bw-1161.exe has been seen being distributed by the following 8 URLs.

http://api2.tenlua.vn/filemanager/builddownload/.../?hash=0a28e77ae55e305848326c2d73f5748b3167e8d7a115ed4ce53c9779c6425014622079f8e76d2fb11522fafb0d2e0c53443212dfbaf54e65765cc34ef481d99fc79cf887d54894fff9243006f9108261c709862aaf5819618e1a30ca1f7f3ff7e530fb794c573baec6d4a027592bc53aa46bb40a5808357c&url=0b3da36fa30172185e32386174fd75853636b390ad53eb4dee2a8862c5410f&down=0b3da36fa30172185e32386174fd75853636b390ad53fc56f8369064ca4249102d25&jump_type=download

http://la-bnbox.fr/document/.../BW_1161.exe

http://uk2.strategyinformer.com/v2/download/9004f369/.../BW-1161.exe

http://s10648.chomikuj.pl/File.aspx?e=6em2spUttbBHwLIJaD6KsHPe6aZPlDoBIBMg2bojzaCl1m6rFe6PWYxA6iaBb48JHYQ9p9EBgqYQatHrIdJK869rzVpY29VLlFbERI5810voy7g21TN0Vz7r4YjA15_D--lodBDe3H7QJYOtNElxZvDOvvBgvmmTgBfaJS021sI&pv=2

http://download.fileplanet.com/ftp1/strategy/starcraft/broodwar/.../BW-1161.exe

http://sv66.4share.vn/.../?info=526363610d6365670d636a6a0d6366637f646a67306737676367376737673167347f243b227f63636b666b6b63

http://download016.fshare.vn/dl/.../Path1161.exe

http://download016.fshare.vn/dl/.../Path1161.exe

Scan bw-1161.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.