» scan-64.dll
Overview
Analysis
File Details
Programs (2)
Downloads (5)

scan-64.dll

Blizzard Scan

Blizzard Entertainment

This is installed with multiple programs including World of Warcraft. The file has been seen being downloaded from attachment.outlook.office.net and multiple other hosts.

File name:

scan-64.dll

Publisher:

Blizzard Entertainment

Product:

Blizzard Scan

Version:

2, 2, 84, 77

MD5:

d109177df0d330127913ae4bb113f2b2

SHA-1:

9be25da92d881ebd9ebba28b42d14887cbc9233c

SHA-256:

0c471daaaacb30f8a7da8818211743e2dc1c5e0436198549102ee0163ab9f1f6

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/15/2024 10:28:45 PM UTC (today)

File size:

142.8 KB (146,180 bytes)

Product version:

2, 2, 84, 77

Original file name:

Scan.dll

File type:

Dynamic link library (Win64 DLL)

Language:

Language Neutral

Common path:

C:\Program Files\world of warcraft\scan-64.dll

File PE Metadata

Compilation timestamp:

8/21/2014 5:15:10 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:zlpVJKukN0BRRW4BT+SVDoa/7gut1rPlblQslHUncNaSdLjHH:fKhsRlBT+SVDo27fPplKSjn

Entry address:

0x70B8

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 57, ED, FF, FF, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, 2F, 00, 00, CC, CC, CC, B9, 08, 00, 00, 00, E9, 06, 1F, 00, 00, CC, CC, 4C, 8B, DC, 49, 89, 5B, 08, 49, 89, 6B, 18, 49, 89, 73, 20, 49, 89, 53, 10, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 40, 4D, 8B, 79, 08, 4D, 8B, 31, 8B, 41, 04, 49, 8B, 79, 38, 4D, 2B, F7, 4D, 8B, E1... 
[+]

Entropy:

5.3799

Code size:

72 KB (73,728 bytes)

The file scan-64.dll has been discovered within the following programs.

Opera 12.17 by Opera Software ASA

www.opera.com

10% remove it

World of Warcraft by Blizzard Entertainment

World of Warcraft is the fourth released game set in the fantasy Warcraft universe.

us.blizzard.com/support

8% remove it

The file scan-64.dll has been seen being distributed by the following 5 URLs.

https://attachment.outlook.office.net/owa/c_mongeau_91@hotmail.com/service.svc/s/.../jGenzmQY1nUdJ809R7&X-OWA-CANARY=6AMz1hQZLE26K-XWVNT93mASfNBfetMYvyW_O4mn1GrRQbUpo4LijX2eM9VK1h5O_yCBCHUbT30.&token=7eab0069-397d-446f-b98f-635385b747b3&owa=outlook.live.com

http://repo.midgar-online.com/1337/.../Scan-64.dll?q=7776edb9-095a-410d-9a67-9e185d764f98

http://repo.midgar-online.com/1337/.../Scan-64.dll?q=5ca2e4ac-7e7f-4912-938d-a9f900ff6e76

http://repo.midgar-online.com/1337/.../Scan-64.dll?q=855a1065-a78b-4da7-b9b0-0e10c3d05df0

http://repo.midgar-online.com/1337/.../Scan-64.dll?q=d35d915a-8317-42ce-a813-9dcd76ce8845

Scan scan-64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.