Manalyze report for 1ba705e13102076c268ca7887e386ce6d064f34a518d18f018893920d6c05f32

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Feb-17 17:48:06
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\WindowsPlayer_x64_Master.pdb
FileVersion	`2017.4.37.7911061`
ProductVersion	`2017.4.37.7911061`
Unity Version	2017.4.37f1_78b69503ebc4

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.7871% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2025-09-01 03:05:51)	`All the AVs think this file is safe.`

Hashes

MD5	`9970a984a745e79c5fc51bcd39a495b5`
SHA1	`36ff225bf093a3b88d56db32e5d94bf960937449`
SHA256	`1ba705e13102076c268ca7887e386ce6d064f34a518d18f018893920d6c05f32`
SHA3	`4508d2b3ee195afcaee4322c86a89f78498a9eafc24f8839c7372a378c4003f1`
SSDeep	`12288:O+ogMvhgo41ztfaTMOHG0hfYNkzec7QipgD:Ojvio41RCgOHlhfYCzec7QipgD`
Imports Hash	`30fc819c693eeaf8941de56adbfe3dab`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2020-Feb-17 17:48:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9e00`
SizeOfInitializedData	`0x96000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000144C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xa4000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e42ea766c72e9814cb1b476355a674bb`
SHA1	`f210db0de53eee47aa22923d64ad653032603e92`
SHA256	`ed1cca393ae79cc96111b64dae00c9e1d04c8726841444b2d63385092d280fa6`
SHA3	`8c09727dcb6294d4e2224bbb734eeac0867fc87cee90c32ab307b08fed86123a`
VirtualSize	`0x9d10`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36624`

.rdata

MD5	`b6dc53919aaf4deb2b725e0e62c06872`
SHA1	`1a4f8a5bfe2b8208147140d8d8386342be4caae7`
SHA256	`fa7906d2b414d38d09a1a7857f95cd91c5b33cd9db70855e1a6268b01cc329fa`
SHA3	`3d84cc95e98ecbb8f0aaf39245e7081a40804f0b17213dda8bb74c247122b4c9`
VirtualSize	`0x8950`
VirtualAddress	`0xb000`
SizeOfRawData	`0x8a00`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77115`

.data

MD5	`7d07ed58830102f49c5c8e0f9244b566`
SHA1	`0c250f5de8473608ed8da77ed5fd238d47d71092`
SHA256	`8533712ce82c3107e4f6f7e61d75b2ea3872f4e0d44d0a2e1752b023a4ab6894`
SHA3	`64840d1c7ad601f7bf22eddb147aefff61e344f31127820a88e3444b314be044`
VirtualSize	`0x1c10`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.90695`

.pdata

MD5	`44721c87bf41ec6b3917aff40d9c9048`
SHA1	`478e5234b3a21352924df19347dfda2e7550e828`
SHA256	`b4e2ea656e9ce58daaef6c02cde34546e413185fa85f884bb8080a2834e86eea`
SHA3	`4d21d03b3d6ad75858074598251fb94a21b6361d34eac6c38688f53d4ef5e727`
VirtualSize	`0xbe8`
VirtualAddress	`0x16000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77915`

.gfids

MD5	`f9e7e2abcde3ce74bfa109852579dd97`
SHA1	`81aea4a3b26693662a4cd75537e63f660ec7b245`
SHA256	`922d5df582d31ad29dab3b35fa30615ba23e9c0eab091fe11b7cf858b3002658`
SHA3	`b4d34fc5919de51b2dba584d4c9be9462637348f95b841a51fd31483b56f12db`
VirtualSize	`0xa8`
VirtualAddress	`0x17000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.34741`

.rsrc

MD5	`4a059aaca0c17f3705512e7250e1016d`
SHA1	`88e931cfbdb85bfe658b6a0c247d0828ad0fda8e`
SHA256	`83baaef73b59a1b09e2dfec71744e7e181c5397f96939e9827071b4f97735f44`
SHA3	`b55856ab632d4d3a6430539b557ea45bbea5b6263604b08fa42033e9ddd1fb95`
VirtualSize	`0x8a0d8`
VirtualAddress	`0x18000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x14400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.42789`

.reloc

MD5	`7bf8c761218fc347c43683f8f57b6ad2`
SHA1	`ec1c03f562f6ae173770d3194fd934c08dfb8386`
SHA256	`6a078833feb268f4bc79651d5c5e517d0c886dc9f595acd945986aab6b1dd26f`
SHA3	`87fad22ecfa30cc64642510bf41ec85ae0f1f95552263c6135fc36cbaa794f28`
VirtualSize	`0x614`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.71974`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetLastError` `GetModuleFileNameW` `RtlUnwindEx` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `GetStdHandle` `WriteFile` `MultiByteToWideChar` `WideCharToMultiByte` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `GetACP` `HeapFree` `HeapAlloc` `CloseHandle` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `LCMapStringW` `SetStdHandle` `GetFileType` `GetStringTypeW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `WriteConsoleW` `CreateFileW` `RaiseException`
ADVAPI32.dll	`SystemFunction036`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x14940`

NvOptimusEnablement

Ordinal	`2`
Address	`0x14944`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.1222`
MD5	`77d1fbcfc1cca3e81d17630dad7b9004`
SHA1	`ee5076d58c1ec61224a31d9da24d720e4b7ca232`
SHA256	`221960ee903f701182e90f79b7cb975ca70f5a1ee8476d3f73b322dfff735804`
SHA3	`96a5462310c9981aec8774f2778d3350bd3f063da19e2b7f652aab1af4306626`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31837`
MD5	`af37d9054db11436c06a432d9e7cf92d`
SHA1	`1926a01b2c9a124e9507108b1906bd35d5446bec`
SHA256	`4bf06e14a11f287b4b822978ba5410e7f085a2b86dea82657eb4f07b78dabc57`
SHA3	`21dfca2c6752e8e73c32a0f1b11a2733d13d9a121e223013849ea23aa63a3f44`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40494`
MD5	`e83cc4e1bfad5bc1ba576ffc2a7de11d`
SHA1	`f0972704ceb34b08bf669c15c8ead104956bc763`
SHA256	`15313c363575714919b56877a4fb186e6d7af14294dc8a258cfbb89935148cca`
SHA3	`0e60e620d2a881cf6480fa8477b22e799c9c74a50a9762701acfd6954d5af77c`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40002`
MD5	`e549899ee4d51685c9f0db2d2d1c6811`
SHA1	`2d17a566f202def159e07892b46ef3a8e668764a`
SHA256	`d0f874a855c823919a0a8f8f27ef194c052d66b7afd304e825527187a7e8e957`
SHA3	`33e4530357309ff74080e03da800e028f66b2ad9f11396077030c4c9118939e0`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.45838`
MD5	`2277dd7c430fc243638b4312ba31cf5f`
SHA1	`1143b8ce11780a1201d0c55fb547e60d4ce5b49c`
SHA256	`7950ef6f193f3885290379fdeae6920016afe58a574ef995ecc97986d270afb0`
SHA3	`1d47b9901c1e0bd85a10b72548d3bab3c79169b7de69f8e307c46ccfe4806568`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.46295`
MD5	`39c1455ca65364e155b8085625def6c2`
SHA1	`090ade07f2d1473f5efe1d707241bbf11e54802f`
SHA256	`151e4bb0756020d1cf80a87314e41802ba17bc068af2c0e981e91544f4e21de6`
SHA3	`daa6f652dc599d98615bdd207723620873ae1704ca91090ea1efe7bcd62db3d2`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.45789`
MD5	`98a51e0a0ca2cf7a365900b53f7610c8`
SHA1	`fd8b57f824aa00fc8be48733365ba5b53d0413b2`
SHA256	`2c858acf765c7483d52298d0aa064a96a40f8a661c3e1d130c7eefd8de2847cc`
SHA3	`f385f49db20bda9d1d58acd67325fd0dd8bcb039a672eaa42f9cc9522a210d23`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.42528`
MD5	`fadca86b783ae108f449bcdbdfa31acf`
SHA1	`0727200c2147ecb3c8debb3765a026b6dbf0b1c8`
SHA256	`345c2a17581fbc900f096c8627155d65fde4ffeaf02afc3eefb089b473b72330`
SHA3	`b53fc368bba001dff4188715fb69af13f85579535fcae6b2ed83ee67ff6790b8`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40427`
MD5	`241287ba84989a682ce35739151c1c92`
SHA1	`b7cc40b1856d3c10a7c72371dcf32659dacb48c6`
SHA256	`98a364ffa1ec6a63ad501dfaceeb8c0f8a865c819560eedee4931a6c99f3f1c0`
SHA3	`fcd6f7c12f8c5b8d9b9391b1769eb98b6d73f004adcd0072d646fadbea7232c2`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41943`
MD5	`0bfc235830f0321188a76b39c4ebc018`
SHA1	`f64318ddb863fc048c5262c59f1566a9af287414`
SHA256	`995679ce08fbf6a8d19d3fb41d41126a0fd935fafc9fcf4c45508c4b932983c6`
SHA3	`16c1e66c0fda32c544b9e10f66e2b3bb090c58f068b62438367c15fc71365d27`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2017.4.37.46741
ProductVersion	2017.4.37.46741
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2017.4.37.7911061
ProductVersion (#2)	2017.4.37.7911061
Unity Version	2017.4.37f1_78b69503ebc4

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Feb-17 17:48:06
Version	`0.0`
SizeofData	`147`
AddressOfRawData	`0x1238c`
PointerToRawData	`0x1158c`
Referenced File	C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\WindowsPlayer_x64_Master.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Feb-17 17:48:06
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x12420`
PointerToRawData	`0x11620`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Feb-17 17:48:06
Version	`0.0`
SizeofData	`848`
AddressOfRawData	`0x12434`
PointerToRawData	`0x11634`

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140014018`

RICH Header

XOR Key	`0x11c7e724`
Unmarked objects	`0`
241 (40116)	`4`
243 (40116)	`120`
242 (40116)	`13`
ASM objects (23907)	`7`
C++ objects (23907)	`29`
C objects (23907)	`18`
Imports (VS2015 UPD2 build 23918)	`3`
Imports (VS2008 SP1 build 30729)	`4`
Total imports	`87`
C++ objects (LTCG) (VS2015 UPD2 build 23918)	`2`
Exports (VS2015 UPD2 build 23918)	`1`
Resource objects (VS2015 UPD2 build 23918)	`1`
Linker (VS2015 UPD2 build 23918)	`1`

Errors

Leave a comment

No comments yet.