» WoW.exe
Overview
Analysis
File Details
Downloads (3)

WoW.exe

World of Warcraft

Blizzard Entertainment

This is a setup program which is used to install the application. The file has been seen being downloaded from freecache21-free.uloz.to and multiple other hosts.

File name:

WoW.exe

Publisher:

Blizzard Entertainment

Product:

World of Warcraft

Description:

World of Warcraft Retail

Version:

4, 3, 4, 15595

MD5:

336bad9d88cf811ace9f143248461a4b

SHA-1:

796da3b0846e5a2459aa8becf68666c51d0e405e

SHA-256:

d0d642f206a7ef20babdf6bf03bd746e2f08495c82b68b80e5cd03817e0cdebf

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/25/2024 9:57:01 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAutoB

1.3.0.4959

Qihoo 360 Security

HEUR/Malware.QVM19.Gen

1.0.0.1015

File size:

10 MB (10,469,888 bytes)

Product version:

Version 4.3

Original file name:

WoW.exe

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

4/11/2012 2:54:18 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:V279y8bg0p7cI0GhHx7TfotSHAM0g4DeXIcRTKLXv48RrIF3wcVbowZO7fJtiW:90p7c/0R7TgtSVIcAXfM3wcVboweXi

Entry address:

0x1190

Entry point:

E9, 6B, AE, CD, 00, E9, A6, D3, 00, 00, CC, CC, CC, CC, CC, CC, 56, 57, 8B, F9, 33, F6, 39, 77, 20, 76, 2B, EB, 03, 8D, 49, 00, 8B, 0C, B7, 8B, 01, 8B, 50, 04, FF, D2, 8B, 04, B7, 85, C0, 74, 0F, 6A, 00, 6A, FF, 68, 04, 74, B8, 00, 50, E8, 50, 1A, 0B, 00, 46, 3B, 77, 20, 72, DA, 5F, 5E, C3, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 51, 56, 6A, 0D, 8B, F0, 68, A8, 74, B8, 00, 56, C6, 45, FF, 01, C6, 45, FE, 00, E8, 4E, D3, 00, 00, 83, C4, 0C, 85, C0, 75, 03, 83, C6, 0D, 80, 3E, 7E, 74, 1D, 6A, 01, 56, E8, DD... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

7.5 MB (7,880,704 bytes)

The file WoW.exe has been seen being distributed by the following 3 URLs.

http://freecache21-free.uloz.to/Ps;Hs;fid=35916222;cid=538444699;rid=1560983818;up=0;uip=93.99.167.51;tm=1420925628;ut=f;aff=uloz.to;did=uloz-to;He;ch=98250b7aeb9ea58fb498702132107e16;Pe/.../wow.exe

http://dla.uloz.to/Ps;Hs;fid=35916222;cid=538444699;rid=1560983818;up=0;uip=93.99.167.51;tm=1420925628;ut=f;aff=uloz.to;did=uloz-to;He;ch=98250b7aeb9ea58fb498702132107e16;Pe/.../wow.exe

http://freecache5-free.uloz.to/Ps;Hs;fid=35916222;cid=1884284122;rid=1403893313;up=0;uip=193.165.46.2;tm=1415711950;ut=f;aff=uloz.to;did=uloz-to;He;ch=08dc2f58264a1beab0dc4ef19b0b65b3;Pe/.../wow.exe

Scan WoW.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.