Manalyze report for 286ea2ff960a853983482ba3e713d2366b1a1fe23c4fb47a09c10ad94b195900

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Jan-06 17:36:27
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\WindowsPlayer_x64_Master.pdb
FileVersion	`2017.2.1.1950996`
ProductVersion	`2017.2.1.1950996`
Unity Version	2017.2.1p2_1dc514532f08

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.7865% of the executable.`
Safe	VirusTotal score: 0/71 (Scanned on 2025-09-04 14:52:06)	`All the AVs think this file is safe.`

Hashes

MD5	`933eea360cdc6ef2ae4d865859bf94cd`
SHA1	`c1ceecf78bdd5e0e01e7734b486f96cff87ebc35`
SHA256	`286ea2ff960a853983482ba3e713d2366b1a1fe23c4fb47a09c10ad94b195900`
SHA3	`88683bd3eed984f5b39eededccd43c070ba06111c2ea691c302204064f81af48`
SSDeep	`6144:x9fYunoPZpZ+1MPY3SWgmwiQRGwcbpYklTc/0wdv/J:g+obo1GIpOGwcK//0wdv/J`
Imports Hash	`30fc819c693eeaf8941de56adbfe3dab`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2018-Jan-06 17:36:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9e00`
SizeOfInitializedData	`0x96000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000144C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xa4000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e42ea766c72e9814cb1b476355a674bb`
SHA1	`f210db0de53eee47aa22923d64ad653032603e92`
SHA256	`ed1cca393ae79cc96111b64dae00c9e1d04c8726841444b2d63385092d280fa6`
SHA3	`8c09727dcb6294d4e2224bbb734eeac0867fc87cee90c32ab307b08fed86123a`
VirtualSize	`0x9d10`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36624`

.rdata

MD5	`d608483fd1769f8c12317911532eb05b`
SHA1	`deafb28c4fbd9602c3267add95134d54202a9f35`
SHA256	`ace3c0ce7d6484f78881e98ac85a396301db6d8b7c36f2c06a649c09d31111d7`
SHA3	`5cf882ae9f7995b51279ec0490c961edd913ab88fb77ee9b3f86233eef05b19f`
VirtualSize	`0x8950`
VirtualAddress	`0xb000`
SizeOfRawData	`0x8a00`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77098`

.data

MD5	`7d07ed58830102f49c5c8e0f9244b566`
SHA1	`0c250f5de8473608ed8da77ed5fd238d47d71092`
SHA256	`8533712ce82c3107e4f6f7e61d75b2ea3872f4e0d44d0a2e1752b023a4ab6894`
SHA3	`64840d1c7ad601f7bf22eddb147aefff61e344f31127820a88e3444b314be044`
VirtualSize	`0x1c10`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.90695`

.pdata

MD5	`44721c87bf41ec6b3917aff40d9c9048`
SHA1	`478e5234b3a21352924df19347dfda2e7550e828`
SHA256	`b4e2ea656e9ce58daaef6c02cde34546e413185fa85f884bb8080a2834e86eea`
SHA3	`4d21d03b3d6ad75858074598251fb94a21b6361d34eac6c38688f53d4ef5e727`
VirtualSize	`0xbe8`
VirtualAddress	`0x16000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77915`

.gfids

MD5	`f9e7e2abcde3ce74bfa109852579dd97`
SHA1	`81aea4a3b26693662a4cd75537e63f660ec7b245`
SHA256	`922d5df582d31ad29dab3b35fa30615ba23e9c0eab091fe11b7cf858b3002658`
SHA3	`b4d34fc5919de51b2dba584d4c9be9462637348f95b841a51fd31483b56f12db`
VirtualSize	`0xa8`
VirtualAddress	`0x17000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.34741`

.rsrc

MD5	`35ef8f5a924f9472b2274213ad726bdd`
SHA1	`a11f7e8fca363494631a5c0118687f50f92e10c1`
SHA256	`e360fad1d9cee9725c489898da7c1a98903b3bb2954ed886def8ea3d7bff4392`
SHA3	`024592faec3c7527745903002f4772c3c2dffed690815ca56c7d2831485a7200`
VirtualSize	`0x8a0d8`
VirtualAddress	`0x18000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x14400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.1326`

.reloc

MD5	`7bf8c761218fc347c43683f8f57b6ad2`
SHA1	`ec1c03f562f6ae173770d3194fd934c08dfb8386`
SHA256	`6a078833feb268f4bc79651d5c5e517d0c886dc9f595acd945986aab6b1dd26f`
SHA3	`87fad22ecfa30cc64642510bf41ec85ae0f1f95552263c6135fc36cbaa794f28`
VirtualSize	`0x614`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.71974`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetLastError` `GetModuleFileNameW` `RtlUnwindEx` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `GetStdHandle` `WriteFile` `MultiByteToWideChar` `WideCharToMultiByte` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `GetACP` `HeapFree` `HeapAlloc` `CloseHandle` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `LCMapStringW` `SetStdHandle` `GetFileType` `GetStringTypeW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `WriteConsoleW` `CreateFileW` `RaiseException`
ADVAPI32.dll	`SystemFunction036`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x14940`

NvOptimusEnablement

Ordinal	`2`
Address	`0x14944`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.83275`
MD5	`b03918cbe7e4a29745787e92fc572ac4`
SHA1	`dddc50d1089ad089563b050eb641813959d506a0`
SHA256	`8ea2ea4b85f5dbf2c4ac432aeb8c99962109b03aa2a32470f19712da3da9d844`
SHA3	`e39338127891b5de006b67536caf7d57a5766a6e677fde51dd4fda4754dbf892`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.89592`
MD5	`554addacf0f0bf5a8cf27cac1ae941a9`
SHA1	`0f0d097abd575228a0e6c375c365006d2eab5a8c`
SHA256	`d8c39470215af6b08bc0c7a261b0469d0786768003f9c0049e85e6a0673320ad`
SHA3	`46386310529e32a378838c56f9e23ff86bf1928b4030066250a6e572928e84bf`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85019`
MD5	`b2c9cc6d1a1889aa40228c4b6a192a6b`
SHA1	`3db4533cb7d10d1cb79e042b8a44e50825c1c0a0`
SHA256	`3c7c67e647a79e475202c8e0209634364dfd36176c6d169bbee39fb956fd3623`
SHA3	`b3391fc20def7f42a0d26a2de7db0ef9eb8aad3e209af23f6051a50958c5fa48`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.64113`
MD5	`34e4d227143c870c8d51502ba81dc6b9`
SHA1	`303092627009c4c2b4ef9beffe799b5558181807`
SHA256	`68c56efbb05d61b96a832d65165e768f66ed471b250057eb8f2869004e91dadb`
SHA3	`278a9f0d1f07f0c06cf46c0c41aecd64f3a1d98a6704f31606c04bdaee54cbdb`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.53917`
MD5	`88bb6631fc2ea36425d5a1f961bb6cfc`
SHA1	`15517920b7cd9abeace6d8b3d4dee0d54e9360a5`
SHA256	`10c0cdaa6cabc745eaaa1f8ba3de21d1cf1fd27116f67d2a22b404c4fac0fd2b`
SHA3	`ca64506c2f6add2736c5578f2a3ab4e9e13199a89372e69602bf632ac4dbb5b6`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35`
MD5	`0f85ca2012bde29fcf53289e1fce6429`
SHA1	`5b33525a098d37a53b62b25dbfffb494768583c9`
SHA256	`6e0386f22c6767ee8209cbb0fc1f38ad69b3209a9a6d8e7bd95d22097918134e`
SHA3	`6830b77d8f34a8993e406e0dd09091dda1a91e1c469fd681b91feaabcc80f311`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22166`
MD5	`3e54bc1f92161e78b863030bcfc851e1`
SHA1	`762e7abafbe023457fad8341174a65edc382adbb`
SHA256	`af1ace8afc2fff3a51aa55a3b09c9a13864e660df1b5ca08ad017af056c1c028`
SHA3	`7f4be715bb31985d5393eefe0f16cc790c7ae0758f66c32d5e96e7dfde694c96`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07145`
MD5	`17fd96e703a90c4c99466a08ae56c14a`
SHA1	`138c636f64298ade03022c3d826b193557c7b699`
SHA256	`548919e7c8eb4c1e8d80f01c8c7f1499c1464c4466788dbbc40b6fd57120f6b4`
SHA3	`afd889b997727c7571f2c97c7b3e31f5e1787d80a9e53392640af1c2478f6924`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.97971`
MD5	`cb67b6fb3d317bbbb2c3ce282bfd282a`
SHA1	`a38d41c06ac466431256091d1d631953c9d4e259`
SHA256	`383229ba7121293efb49bdcdf7c55f793bf0dead8fb40b860ad4cd3e76c1e2b9`
SHA3	`af77a146175e5499db55d81a6755d964b2c2d7843350aa26394589143a7fc9f8`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40892`
MD5	`1d28a775f4eefcaa8fa3b82e73c59efe`
SHA1	`9c1b06a91a61d4d73157dd588b965ef100b33630`
SHA256	`29cdab09d40f91444618c634436d80f78bc702eb495ae3d2a9e6204cdb6ba443`
SHA3	`4d1d7fd4e26d85c37cd76b6ab2ad8ca1650321039b088ba3b6cb4043d1c01723`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2017.2.1.50452
ProductVersion	2017.2.1.50452
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2017.2.1.1950996
ProductVersion (#2)	2017.2.1.1950996
Unity Version	2017.2.1p2_1dc514532f08

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Jan-06 17:36:27
Version	`0.0`
SizeofData	`147`
AddressOfRawData	`0x1238c`
PointerToRawData	`0x1158c`
Referenced File	C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\WindowsPlayer_x64_Master.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2018-Jan-06 17:36:27
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x12420`
PointerToRawData	`0x11620`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2018-Jan-06 17:36:27
Version	`0.0`
SizeofData	`848`
AddressOfRawData	`0x12434`
PointerToRawData	`0x11634`

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140014018`

RICH Header

XOR Key	`0x11c7e724`
Unmarked objects	`0`
241 (40116)	`4`
243 (40116)	`120`
242 (40116)	`13`
ASM objects (23907)	`7`
C++ objects (23907)	`29`
C objects (23907)	`18`
Imports (VS2015 UPD2 build 23918)	`3`
Imports (VS2008 SP1 build 30729)	`4`
Total imports	`87`
C++ objects (LTCG) (VS2015 UPD2 build 23918)	`2`
Exports (VS2015 UPD2 build 23918)	`1`
Resource objects (VS2015 UPD2 build 23918)	`1`
Linker (VS2015 UPD2 build 23918)	`1`

Errors

Leave a comment

No comments yet.