Manalyze report for 31c930cef39ae228827d6fca102458f0ac3cd17b7e4bca265957efdeb41c63cd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-May-11 08:38:37
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_Master_il2cpp_x64.pdb
CompanyName	Thunderful Games
FileDescription	Lost in Randomâ¢
FileVersion	`2020.3.9.1084391`
InternalName	Lost in Randomâ¢
LegalCopyright	Â© 2021 Thunderful Development AB
OriginalFilename	Lost in Randomâ¢
ProductName	Lost in Randomâ¢
ProductVersion	`1.0.0.2`
Unity Version	2020.3.9f1_108be757e447

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .ooa` `The PE only has 2 import(s).`
Suspicious	The PE is possibly a dropper.	`Resources amount for 85.1948% of the executable.`
Info	The PE is digitally signed.	`Signer: Thunderful Development AB` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Safe	VirusTotal score: 0/72 (Scanned on 2024-03-29 12:37:24)	`All the AVs think this file is safe.`

Hashes

MD5	`0c8b6e8864b7087abe0cbd39f781b045`
SHA1	`055709d2abc89e79cf855dd720bc031bc766efe2`
SHA256	`31c930cef39ae228827d6fca102458f0ac3cd17b7e4bca265957efdeb41c63cd`
SHA3	`3805d9f81958a037a827e155b320edc6e2526fad30910c5f44ab6aa5e4b15c8c`
SSDeep	`6144:G/snN8cw6xZySfte/8Rttv4vtAv5x//mfyQzDLyaUnjeHOl9+Pv7dxHnrC2A03qQ:GnM9ttv4vtARx//mjDfceHbv7dUAqYV`
Imports Hash	`935fc8007a149e0a0ab0be7ed3cfd816`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2021-May-11 08:38:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa200`
SizeOfInitializedData	`0x95600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000A5000 (Section: .ooa)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa6000`
SizeOfHeaders	`0x400`
Checksum	`0xa8b48`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7723f6f0d33ad84ca3065eb21504a4a0`
SHA1	`7965bda1ae672fd9a03f06672f9c813ae1282986`
SHA256	`01a935f92663f4a3327a5bdedb4c678ea541ebc4afba87c612903a11a7110c06`
SHA3	`0405bca33ac15c170ba7dfd5078f1ef9215a9559e106a1ceea2774f4f0c79c48`
VirtualSize	`0xa120`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.9959`

.rdata

MD5	`177d4e15a3a0c9aea4400369c3f5b201`
SHA1	`24888923140081aee3d0b9943076a0ab6eef4475`
SHA256	`e908846fb5a3aae366d29029708c706dcb27d2060546c87135e2e32839ff34a9`
SHA3	`0e4c21915ca4fe5bf6f5ac8c2096212cfa693e66948418dff60b98febda7f227`
VirtualSize	`0x8c6e`
VirtualAddress	`0xc000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65244`

.data

MD5	`7162f66b2714c95522777620147646bb`
SHA1	`85273900579db97d61b945e399ecaf375c98e9e4`
SHA256	`d61d9e7c5c35da7d90ff7fff5e75dbe73a5b4aed88ce72488d71e2366d759e00`
SHA3	`dd4105f435e99d03c1750d7f574d2c59171997ef6126fbeaff49de7c9e442e01`
VirtualSize	`0x1cd8`
VirtualAddress	`0x15000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.9515`

.pdata

MD5	`789f36f907239c1ceca2f8ec3f79fcb5`
SHA1	`11b2d5522be4b2558a7e492c53b4d86184702c90`
SHA256	`5e2c8dede33e201308d3fabb30b57b487ba34d524537e56449f854c9d6e560e4`
SHA3	`0b06f78c7fe1c1611e2e7abfd4a78a87cf82474f2ac5b4a8daa9c07fbbf85778`
VirtualSize	`0xc48`
VirtualAddress	`0x17000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.36097`

_RDATA

MD5	`1960efd573f3d23522c840210d59fb7e`
SHA1	`47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2`
SHA256	`ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4`
SHA3	`225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4`
VirtualSize	`0x94`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.08512`

.rsrc

MD5	`ac4937d317b5a7abe564c18f9b33576e`
SHA1	`d24dbdbf178bc03a6ba210520cff6205adaba4c0`
SHA256	`95f710711ad4531cbc44c3ce84aef4d0e86ecb2bd339b8b8c608eedf2b1b810d`
SHA3	`bbccd504c4be6efc3133e472debf39085184dbd672d65f73d4e5d08ae0c94463`
VirtualSize	`0x8a278`
VirtualAddress	`0x19000`
SizeOfRawData	`0x8a400`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.64707`

.reloc

MD5	`a9c3cf69888151777a2a472fa85313df`
SHA1	`a5410c074ce059a802887d8ef48a198d601aa9e3`
SHA256	`02d5b365a568a1cfd46be8549a8fee9793a57a8d69c3544d8232330a87a3d7ad`
SHA3	`874351b3eea840f9c0337e4533e9a1b535fab5c0ccdeba911f149a1902c60a44`
VirtualSize	`0x634`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78467`

.ooa

MD5	`d90e30e906d57e662308ed05b1021dae`
SHA1	`6f54890a9c3c2716d7c8c4967712e4f74388693b`
SHA256	`97d4adca8db1b34c3e723012fc5d63be23c968af43cc8aa1cf79a905957624e4`
SHA3	`c78970670ae54785051628a313d4f12431f71f61f4e9be7e088060f5208dda1f`
VirtualSize	`0x712`
VirtualAddress	`0xa5000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`2.72189`

Imports

Core/Activation64.dll	`#100` `#101`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x15004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x15000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.51768`
MD5	`76dc8da4a7833d17b2ec33d010bfff61`
SHA1	`a812c0f536aa60e0c77a0fdf8ccc9d9d142cefd8`
SHA256	`0150c95a0ac3cbfd9086525a55d4932e46382ed324bdc9ed874890ac04508a19`
SHA3	`5a98d0e29fff502fb60aade6dd575ca0f32cf0534a8af2cd4079e393acfd7df6`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.60991`
MD5	`e1d658bd8b9995081d3c53fa55af3688`
SHA1	`d71dce8a44279a62966479bebbaba8108935ce71`
SHA256	`0ce39168717190b313776eaabb8d7becc49f2915e5d1fc4b6c773fd5083ee636`
SHA3	`b224bb36493dfcf7b1c87242de9822ac7335d713bd44d3a5536399f99dafbc92`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.69436`
MD5	`202ee827f3c4833e10c9300618711abc`
SHA1	`74ee7d04487549cbb866e36392b51e59df12e640`
SHA256	`a7e946b3035f250ecde9d204d7167739e532ae0be479c41dace5c574a9686d60`
SHA3	`3113bd61b329d9eb8dea64ef3f0e9b50717fb1eb2661a78dafa55953cb4c52d3`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.74785`
MD5	`688dd985b01aaaae901938fad9f9991f`
SHA1	`800da534b2b547bb2bf8e679ef5ce271c88e9c70`
SHA256	`c22e611a1cb391dd60fcd634a78b6f55da9f55fd23e4e65778fa2f6da0f3b8ea`
SHA3	`106fc445ba37307f76feb39ea7b1f65a79a206754f6193863ce224affb5946c8`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.8392`
MD5	`9d0870a1a7bc1c5ad67f3ae159c72f93`
SHA1	`f2dd7e62b740f672972f0621fad935550b7f893c`
SHA256	`76621b80eeb00d151c53c334145c4e6b0b2c7b68a26f322f21f2a2992bd3d654`
SHA3	`41da9ddddc1019bebcbbe57e2810ab3fcb79f0bfd9eb8c8a174b88fe9450f87f`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84437`
MD5	`578a91228afc9021a1d9ffa70920dc0c`
SHA1	`b23a86ca6325589b49de64f3934422cc54fe53fd`
SHA256	`9b2373cb1954fcd484059ec828fc93fa2f46ef13f93041e44a30cfd3a16e5cf8`
SHA3	`704f437d0502d2026fbbcad9319f2070dabf360185256d9e7df1dcb1a2dbbd43`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.94652`
MD5	`0a3c496a35c93c4100d1ba0915db0811`
SHA1	`d42d04351d143a8aa4d87eec0d3004ac0d04066c`
SHA256	`b1198fea7e903c3e013e66c26a52cf7a91e0f95d1cbe8c5f794c2fa2284a7b79`
SHA3	`85dc5d085219b471ca16f2fa0855858be5b929c119f263c153ef5bc3c1bd2188`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.99571`
MD5	`99e1cfa3da813f7fee0749e20f56e08d`
SHA1	`2aa5721d09765f2ffe75b6724892db947b227dae`
SHA256	`76d88eceeeedf892aedad2fd8145cf85c0a563252009ffd393e1afd88d3191b2`
SHA3	`e8b0b05e699f293a0a0ea75c2b7b071eb70b7aae3dc54f1e104d6f5a1143810d`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.87056`
MD5	`bfad00104af6d94ecc8617e5cd50a8b7`
SHA1	`8f4c3c433486713c78a1eabb68f3ac2aa6074509`
SHA256	`b48f879eed4bd1a887748fdaa377c8b718a328f4cdc5308b701ae14e1c148655`
SHA3	`61e11f2c3561f3195a2535a9b80aab41c31b789200a69bbd0df2d6e5fdd37317`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99711`
Detected Filetype	Icon file
MD5	`d22bd12141457c4f27bb05184acd0e4d`
SHA1	`0611958edd9b69445ec74808642938791fdb57e2`
SHA256	`68bc5446446f1f2d194c576d0d3a28e040bf5345d4db5e3ca926e1ae2f07e154`
SHA3	`3f26aec2de822a1ac3f0765f26d823a04d6bf2d538d00816632021cfab3950d2`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x364`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56486`
MD5	`bcb0f72b1d0281a17a2a8d791e5f4e31`
SHA1	`55436cbc2add4af0eb43d18903c2636e0b32632a`
SHA256	`040ae78c37efbad0f337ec1959ac8a435c3da4f0a2cf41fb5b4adccb172f113b`
SHA3	`7e143721bb280a982ad6ef8de17529a8696cd7061606c4b633b7d485b0aa911d`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2020.3.9.35815
ProductVersion	2020.3.9.35815
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
CompanyName	Thunderful Games
FileDescription	Lost in Randomâ¢
FileVersion (#2)	2020.3.9.1084391
InternalName	Lost in Randomâ¢
LegalCopyright	Â© 2021 Thunderful Development AB
OriginalFilename	Lost in Randomâ¢
ProductName	Lost in Randomâ¢
ProductVersion (#2)	1.0.0.2
Unity Version	2020.3.9f1_108be757e447

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-May-11 08:38:37
Version	`0.0`
SizeofData	`134`
AddressOfRawData	`0x13730`
PointerToRawData	`0x11d30`
Referenced File	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-May-11 08:38:37
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x137b8`
PointerToRawData	`0x11db8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-May-11 08:38:37
Version	`0.0`
SizeofData	`712`
AddressOfRawData	`0x137cc`
PointerToRawData	`0x11dcc`

TLS Callbacks

Load Configuration

Size	`0x130`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015030`

RICH Header

XOR Key	`0x69197163`
Unmarked objects	`0`
C objects (VS2017 v14.15 compiler 26715)	`10`
ASM objects (VS2017 v14.15 compiler 26715)	`5`
C++ objects (VS2017 v14.15 compiler 26715)	`136`
Imports (VS2017 v14.15 compiler 26715)	`2`
C++ objects (VS 2015/2017/2019 runtime 28427)	`37`
C objects (VS 2015/2017/2019 runtime 28427)	`16`
ASM objects (VS 2015/2017/2019 runtime 28427)	`8`
Imports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`3`
Total imports	`85`
C++ objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`2`
Exports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Resource objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Linker (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`

Errors

Leave a comment

No comments yet.