» 440c32c0-69e3-a46a-473a-2d6c26f8c424_1d1c1c8a07ce906
Overview
Analysis
File Details
Downloads (7)

440c32c0-69e3-a46a-473a-2d6c26f8c424_1d1c1c8a07ce906

Blizzard PrePatch Program

Blizzard Entertainment, Inc.

File name:

Publisher:

Blizzard Entertainment (signed by Blizzard Entertainment, Inc.)

Product:

Blizzard PrePatch Program

Description:

PrePatch

Version:

2, 70, 0, 0

MD5:

8f8e78966fbfdc67438262464baa1516

SHA-1:

c2a6f177a08ad1d7890424b1fa03e0a6151c0674

SHA-256:

5ee5b6f09c338324db14ea3ec03a4b8a9b36e4eea249bb12f1fb592558d6434d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 5:31:52 AM UTC (today)

File size:

6 MB (6,343,200 bytes)

Product version:

2, 70, 0, 0

Original file name:

PrePatch.exe

Language:

English (United States)

Common path:

C:\ProgramData\microsoft\windows defender\scans\filesstash\440c32c0-69e3-a46a-473a-2d6c26f8c424_1d1c1c8a07ce906

Digital Signature

Signed by:

Blizzard Entertainment, Inc.

Authority:

DigiCert Inc

Valid from:

11/13/2015 7:00:00 PM

Valid to:

1/18/2018 7:00:00 AM

Subject:

CN="Blizzard Entertainment, Inc.", O="Blizzard Entertainment, Inc.", L=Irvine, S=California, C=US

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

07D9006D6B075E81FC7987596B6B5E56

File PE Metadata

Compilation timestamp:

9/9/2003 6:28:10 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:KIIhOB5XRujlfAv67n/GC8X88D0JGmqe6qiYlIjl60XGaSZkArLBQ494U0zM1xtc:/OOhuj1Pn/9Veqnl4MjaOxD9gCxtc

Entry address:

0x31F0

Entry point:

E8, 0B, 84, 00, 00, E8, 86, 84, 01, 00, E9, E1, 83, 00, 00, 90, E9, 0B, 00, 00, 00, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, A1, B4, C2, 41, 00, A3, 74, 36, 42, 00, C3, 90, 90, 90, 90, 90, E9, 0B, 00, 00, 00, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, A1, B8, C2, 41, 00, A3, 80, 52, 42, 00, C3, 90, 90, 90, 90, 90, 51, A1, 98, 56, 42, 00, 85, C0, 75, 24, E8, 91, 86, 00, 00, E8, 6C, 16, 00, 00, A1, 98, 56, 42, 00, 85, C0, 75, 11, 6A, FF, BA, 18, 02, 42, 00, B9, 7D, 00, 10, 85, E8, 32, 01, 00, 00, 53, 8B... 
[+]

Entropy:

7.9929 (probably packed)

Code size:

108 KB (110,592 bytes)

The file 440c32c0-69e3-a46a-473a-2d6c26f8c424_1d1c1c8a07ce906 has been seen being distributed by the following 7 URLs.

https://out.reddit.com/t3_4n0gm2?url=http://ftp.blizzard.com/pub/diablo2exp/patches/.../LODPatch_114d.exe&token=AQAAzD0OWAr6buSwqpLZkWDileOLFHOM088jfuRS8c6FeMJ95AI3&app_name=reddit.com

https://out.reddit.com/t3_4n0gm2?url=http://ftp.blizzard.com/pub/diablo2exp/patches/.../LODPatch_114d.exe&token=AQAATxShWB3as_jXRxLQ3Tmu1TmCWyPb_yzP8nimjvdi1uMp-zMf&app_name=reddit.com

https://out.reddit.com/t3_4n0gm2?url=http://ftp.blizzard.com/pub/diablo2exp/patches/.../LODPatch_114d.exe&token=AQAACUCmWLcL9WcadaOVwEzAJiY6rqFbXzPMOerHvmHLScVXRrOj&app_name=reddit.com

http://www.moddb.com/downloads/mirror/110829/114/94d909f93bb18780f6729d5bda327ffe/?referer=http://www.moddb.com/games/.../downloads

https://out.reddit.com/t3_4n0gm2?url=http://ftp.blizzard.com/pub/diablo2exp/patches/.../LODPatch_114d.exe&token=AQAAuXrMVzUDqLAuK3SXoV-5Xah-1NhN4b_-dtx5lzx2C86OCGj3

http://www.moddb.com/downloads/mirror/110829/115/c69211316bf907136f0d6993c3b36e56/?referer=http://www.moddb.com/games/.../downloads

http://ftp.blizzard.com/pub/diablo2exp/patches/.../LODPatch_114d.exe

Scan 440c32c0-69e3-a46a-473a-2d6c26f8c424_1d1c1c8a07ce906 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.