Just a quick analysis of a WoW infostealer (md5: D214BD51E47DFD3DEA97B5A2ED28CBF5 / ThreatExpert). The program is a simple dropper, there are no antidebug tricks nor it uses complex obfuscation techniques, it just extracts the DLL (md5: 7DEFE341246BB1DE68A7AFB233FB8CAF) that contains the core of the virus. The dll itself is sprayed on multiple (scrambled) resources inside the dropper: [...]