Manalyze report for 39c1a797deba0d78b04278fd1f9ecc7b53324399a972fd3db979179e0b03f4c5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2020-Jul-29 14:53:46
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\UnityPlayer\Win64_nondev_i_r\UnityPlayer_Win64_il2cpp_x64.pdb
FileVersion	`2019.4.7.15307441`
ProductVersion	`2019.4.7.15307441`
Unity Version	2019.4.7f1_e992b1a16e65

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System b3 eb 36 e4 4f 52 ce 11 9f 53 00 20 af 0b a7 70` `Looks for VMWare presence: VMWare` `Accesses the WMI: root\cimv2` Contains domain names: cs.unc.edu curl.haxx.se example.com http://msdl.microsoft.com http://msdl.microsoft.com/download/symbols http://www.openssl.org http://www.openssl.org/support/faq.html https://curl.haxx.se https://curl.haxx.se/docs/http-cookies.html https://www.microsoft.com https://www.microsoft.com/en-ca/p/hevc-video-extensions-from-device-manufacturer/9n4wgh0z6vhq https://www.microsoft.com/en-us/p/hevc-video-extensions/9nmzlz57r3t7 https://www.microsoft.com/en-us/search/result.aspx?q microsoft.com msdl.microsoft.com openssl.org www.microsoft.com www.openssl.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread CreateToolhelp32Snapshot` `Can access the registry: SHDeleteKeyW RegSetValueExA RegQueryValueExA RegDeleteValueA RegCreateKeyW RegSetValueExW RegQueryValueExW RegOpenKeyExW RegCreateKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Windows's Native API: ntohs ntohl` `Uses Microsoft's cryptographic API: CryptImportKey CryptDestroyKey CryptDestroyHash CryptHashData CryptCreateHash CryptGenRandom CryptReleaseContext CryptAcquireContextA CryptGetHashParam CryptEncrypt` `Can create temporary files: GetTempPathW CreateFileA CreateFileW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: WinHttpGetIEProxyConfigForCurrentUser` Leverages the raw socket API to access the Internet: WSASocketA WSAGetLastError WSASetLastError send select recv ntohs listen inet_addr htons getsockname ioctlsocket connect closesocket bind accept recvfrom sendto setsockopt shutdown socket gethostname WSAStartup WSACleanup getsockopt WSASendDisconnect gethostbyaddr WSACancelAsyncRequest WSAAsyncGetHostByName WSASetEvent WSAResetEvent __WSAFDIsSet WSAIoctl getaddrinfo WSAEventSelect WSAEnumNetworkEvents WSAWaitForMultipleEvents WSASocketW WSACreateEvent WSACloseEvent WSARecvFrom htonl freeaddrinfo getnameinfo ntohl getpeername gethostbyname getprotobyname `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: ReadProcessMemory` `Can use the microphone to record audio: waveInOpen` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertAddEncodedCertificateToStore CertOpenStore`
Info	The PE is digitally signed.	`Signer: Facepunch Studios Ltd` `Issuer: Go Daddy Secure Certificate Authority - G2`
Suspicious	VirusTotal score: 1/48 (Scanned on 2026-04-19 05:32:08)	`MaxSecure: Spy.W32.Stealer.pef_237171`

Hashes

MD5	`3a198495931ccfaaa4b8d15374eb5f35`
SHA1	`6c960d62df611d5a814ae64e69e7a35cbfebbff0`
SHA256	`39c1a797deba0d78b04278fd1f9ecc7b53324399a972fd3db979179e0b03f4c5`
SHA3	`0b3a572aa7542d3fc01f4f6f4ba875d4cdec3f3cda054db99dbf3ca13c15be5b`
SSDeep	`393216:KCZW0q4Eld2402XurGkAf88uF0OFO0i4aDH:KtiCgFn+4I`
Imports Hash	`6391db36d4dec09fddfbea131bf948ea`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x168`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2020-Jul-29 14:53:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x141f400`
SizeOfInitializedData	`0x573800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000013B7D68 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1998000`
SizeOfHeaders	`0x400`
Checksum	`0x18b910c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`05c70af9c4cfc60f12e21447fa1ed0da`
SHA1	`31cc99781a6c4fa17484a7ceed9472d907dc150b`
SHA256	`e7b92e9f526bba822e92dea4047d89d53cd131fe7039472ec4d8588d7c044c87`
SHA3	`fe3fc88c54b955aba02f230f48a6d70d7e37b5b23ac63556aee7eb1b2f2835f1`
VirtualSize	`0x141f390`
VirtualAddress	`0x1000`
SizeOfRawData	`0x141f400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51387`

.rdata

MD5	`f98856c50eb479a8a2738447a3ff3286`
SHA1	`85cbadb7f3a8975342e49fea93f1a6b6ab8bc15f`
SHA256	`db6f8364b872095b1e4e24880351e1c56baf8cd3a64745c214bc8e0d1fe6f06a`
SHA3	`d537a5eec1985905c32beb60f6913765d6f3c68151059f782464bbf83cb36b62`
VirtualSize	`0x3349b8`
VirtualAddress	`0x1421000`
SizeOfRawData	`0x334a00`
PointerToRawData	`0x141f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.22198`

.data

MD5	`e3116d85f5f959af22383a1e2dab3ce7`
SHA1	`737c07dbb0b78f8915cfbe73996116524d55da46`
SHA256	`04f4b0e3f9a489a921f77961fad873c2e03d8e149bc0a30b2b595648d14567e0`
SHA3	`28944e0fd9222b6cf77b618d61a828a03d757949014794b15e0a5a5f54e7ff2f`
VirtualSize	`0x1202fc`
VirtualAddress	`0x1756000`
SizeOfRawData	`0x3ea00`
PointerToRawData	`0x1754200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.65914`

.pdata

MD5	`9225b9fd53e588c21f56b0a9756d704b`
SHA1	`07696a8fd86af1a3b6e88ca82990cdf83db0411b`
SHA256	`faf9b0c37f28905d0d7e55859b642c3635ba08f24db334bf87cabfb0d0604c5e`
SHA3	`88807248f07ff06412df369092ff06dc1a0e78834428c11fd1be29a37bc6985d`
VirtualSize	`0xfc1e0`
VirtualAddress	`0x1877000`
SizeOfRawData	`0xfc200`
PointerToRawData	`0x1792c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.82813`

.rodata

MD5	`f0bf253a478300bf5750bcd2e43dd6f2`
SHA1	`c89298562bd4d369f0625261090a15b166881e43`
SHA256	`ab086f37a1b7aa6ec65bff425f57377822841b801b201dee7002a8a9dbb0dcba`
SHA3	`8faafd56b7ed6a3d35a82b5ffac5f9329c9336edf879c9866c94c2b6f0d78c70`
VirtualSize	`0xb80`
VirtualAddress	`0x1974000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x188ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.14798`

_RDATA

MD5	`87448f07d5806b3b2b70077a0c760e7b`
SHA1	`750687b6c73c9c94a9a8e37d75ea257dcdcc417c`
SHA256	`0f6017325e66ab8652b8c83e0916502a16fefae7471a9c5deb39b2df82f22ff7`
SHA3	`f791c2a10e118b48f017765bde5ea988fd6e5822a80bcf3c8fe77f7d1ecc5da0`
VirtualSize	`0xad30`
VirtualAddress	`0x1975000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x188fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.89049`

.rsrc

MD5	`d7b53354cd729128173202ea636bda46`
SHA1	`db213ae14e84d7478926a5d74c7406992f5952e7`
SHA256	`846dd39f18f9e79563a7d8a9ab6a8ecf2acc5a83aa092a23d72b4b4936ae2e38`
SHA3	`68f37d0ce3d82e3770d8f277f140912c20c2ffe13801ef7c91bf4bffa7ae3c3c`
VirtualSize	`0x890`
VirtualAddress	`0x1980000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x189a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.93811`

.reloc

MD5	`3a31510607f4a27f68b8f569665d739c`
SHA1	`d37338a38bb38fdd73e653c229e4268b0f08a580`
SHA256	`77ce3645fef165f8bf57eebb8384d6d0247ec0f9d2d2a36a97fa3c1ee246989f`
SHA3	`458350b9bb356d220d7953a75f0d6c1104c2c2b576018addc98dd54ac9cb87c2`
VirtualSize	`0x16388`
VirtualAddress	`0x1981000`
SizeOfRawData	`0x16400`
PointerToRawData	`0x189b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.48087`

Imports

KERNEL32.dll	`SetFilePointer` `SetFilePointerEx` `SetFileTime` `GetCurrentThreadId` `OpenThread` `SuspendThread` `ResumeThread` `LocalFree` `FormatMessageW` `CopyFileW` `MoveFileExW` `ReplaceFileW` `SystemTimeToFileTime` `Thread32First` `Thread32Next` `CreateMutexA` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `GetEnvironmentVariableA` `GetCurrentDirectoryA` `GetCurrentDirectoryW` `GetFileAttributesA` `DebugBreak` `SetUnhandledExceptionFilter` `SetLastError` `GetErrorMode` `TerminateProcess` `CreateThread` `GetThreadContext` `ReadProcessMemory` `GetModuleFileNameA` `LocalAlloc` `GetOverlappedResult` `CancelIo` `ResetEvent` `GetTickCount` `GetStartupInfoA` `SetConsoleCtrlHandler` `GetSystemInfo` `SetDllDirectoryW` `SleepEx` `RaiseException` `GetThreadTimes` `SwitchToThread` `SetThreadPriority` `GetThreadPriority` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `FormatMessageA` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetWindowsDirectoryW` `CreateIoCompletionPort` `GetQueuedCompletionStatus` `AttachConsole` `InitializeCriticalSectionAndSpinCount` `TryEnterCriticalSection` `ReleaseSemaphore` `GetLocalTime` `GetTimeZoneInformation` `IsDebuggerPresent` `CreateSemaphoreExW` `TlsAlloc` `TlsFree` `GetNativeSystemInfo` `VirtualQuery` `GetFileSize` `GetSystemPowerStatus` `GetComputerNameW` `LoadLibraryW` `GetModuleHandleW` `GetModuleFileNameW` `VirtualFree` `VirtualProtect` `VirtualAlloc` `GetProcessId` `CreateProcessW` `GetExitCodeProcess` `WaitForMultipleObjects` `CreateEventW` `WriteConsoleW` `SetEnvironmentVariableW` `GetTempFileNameW` `GetEnvironmentStringsW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `SetEndOfFile` `SetConsoleMode` `SetStdHandle` `GetProcessHeap` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `HeapAlloc` `HeapFree` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `PeekNamedPipe` `GetFileInformationByHandle` `GetDriveTypeW` `ReadConsoleW` `GetConsoleMode` `GetConsoleCP` `HeapQueryInformation` `HeapSize` `HeapReAlloc` `GetModuleHandleExW` `ExitProcess` `RtlPcToFileHeader` `RtlUnwindEx` `UnregisterWaitEx` `QueryDepthSList` `GetVersionExW` `FreeLibraryAndExitThread` `UnregisterWait` `RegisterWaitForSingleObject` `GetProcessAffinityMask` `GetNumaHighestNodeNumber` `DeleteTimerQueueTimer` `ChangeTimerQueueTimer` `CreateTimerQueueTimer` `GetLogicalProcessorInformation` `SignalObjectAndWait` `CreateTimerQueue` `GetStartupInfoW` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `GetCPInfo` `GetStringTypeW` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `DecodePointer` `EncodePointer` `DuplicateHandle` `VerifyVersionInfoA` `ExpandEnvironmentStringsA` `InitializeCriticalSectionEx` `GetTickCount64` `GlobalMemoryStatus` `GetFileType` `ExitThread` `InterlockedFlushSList` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `InitializeSListHead` `CreateWaitableTimerA` `SetWaitableTimer` `OpenEventA` `ReadConsoleInputW` `FlushConsoleInputBuffer` `SetThreadAffinityMask` `GetStdHandle` `CreatePipe` `SetHandleInformation` `OutputDebugStringA` `GetTempPathW` `WriteFile` `FlushFileBuffers` `CreateFileA` `GetFullPathNameW` `GetFileAttributesExW` `GetFileAttributesW` `GetDiskFreeSpaceExW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `FindClose` `DeleteFileW` `CreateFileW` `CreateDirectoryW` `ExpandEnvironmentStringsW` `GetSystemTimeAsFileTime` `GetSystemTime` `GlobalLock` `SetFileAttributesW` `RemoveDirectoryW` `GetCommandLineW` `GetLogicalProcessorInformationEx` `GetSystemDirectoryA` `ReadFile` `RtlUnwind` `GlobalUnlock` `GlobalAlloc` `CreateToolhelp32Snapshot` `GetUserDefaultLocaleName` `FreeEnvironmentStringsW` `GlobalMemoryStatusEx` `SetErrorMode` `LoadLibraryExW` `GetCurrentThread` `GetCurrentProcess` `GetLastError` `GetModuleHandleA` `MultiByteToWideChar` `WaitForSingleObject` `Sleep` `CreateEventA` `WaitForSingleObjectEx` `VerifyVersionInfoW` `CloseHandle` `CreateEventExW` `WaitForMultipleObjectsEx` `SetEvent` `VerSetConditionMask` `WideCharToMultiByte` `LoadLibraryA` `GetProcAddress` `FreeLibrary` `GetCurrentProcessId` `TlsSetValue` `TlsGetValue`
USER32.dll	`EnumDisplaySettingsA` `GetCaretBlinkTime` `DestroyWindow` `CreateWindowExW` `ShowWindow` `UpdateWindow` `GetDesktopWindow` `EnumDisplayDevicesA` `MonitorFromWindow` `ReleaseDC` `PeekMessageA` `MsgWaitForMultipleObjects` `AllowSetForegroundWindow` `GetUserObjectInformationW` `GetProcessWindowStation` `MessageBoxW` `TrackMouseEvent` `OpenClipboard` `CloseClipboard` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `IsClipboardFormatAvailable` `GetSystemMetrics` `EnumDisplaySettingsW` `SetWindowLongA` `AdjustWindowRectEx` `GetWindowPlacement` `EnumDisplayMonitors` `GetMonitorInfoW` `GetMonitorInfoA` `MonitorFromRect` `SetWindowLongPtrW` `GetDC` `SetCursor` `LoadCursorA` `DestroyCursor` `DestroyIcon` `CreateIconIndirect` `DefWindowProcW` `SetWindowPos` `GetClientRect` `GetWindowRect` `ScreenToClient` `GetWindowLongA` `SetWindowLongPtrA` `GetParent` `GetThreadDesktop` `GetUserObjectInformationA` `RegisterWindowMessageA` `SendMessageTimeoutA` `IsIconic` `SetForegroundWindow` `EnumWindows` `UnregisterClassW` `RegisterClassExW` `DialogBoxParamW` `EndDialog` `SetDlgItemTextA` `SetDlgItemTextW` `SendDlgItemMessageW` `MessageBoxA` `CopyRect` `OffsetRect` `LoadIconA` `GetKeyboardLayoutNameW` `TranslateMessage` `DispatchMessageA` `GetMessagePos` `GetMessageTime` `GetMessageExtraInfo` `RegisterDeviceNotificationW` `UnregisterDeviceNotification` `GetDoubleClickTime` `IsWindowVisible` `GetKeyState` `GetAsyncKeyState` `GetKeyNameTextW` `GetWindowLongPtrW` `ClipCursor` `SetCapture` `SetWindowTextW` `ValidateRect` `DragDetect` `KillTimer` `SetTimer` `GetFocus` `GetActiveWindow` `SetFocus` `RegisterClassW` `PostQuitMessage` `SendMessageW` `GetMessageA` `GetRawInputDeviceList` `RegisterRawInputDevices` `GetRawInputDeviceInfoW` `GetRawInputData` `SystemParametersInfoW` `PtInRect` `ClientToScreen` `GetCursorPos` `SetCursorPos` `ReleaseCapture` `ShowCursor`
VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA`
ole32.dll	`CoCreateFreeThreadedMarshaler` `CoInitialize` `CoUninitialize` `PropVariantCopy` `PropVariantClear` `CoTaskMemAlloc` `CoCreateGuid` `StringFromGUID2` `CoCreateInstance` `CoSetProxyBlanket` `CoTaskMemFree`
SHLWAPI.dll	`PathCanonicalizeW` `PathFileExistsW` `SHDeleteKeyW`
SETUPAPI.dll	`SetupDiGetClassDevsA` `SetupDiGetDeviceInterfaceDetailW` `SetupDiEnumDeviceInterfaces` `SetupDiDestroyDeviceInfoList` `SetupDiEnumDeviceInfo`
ADVAPI32.dll	`CryptImportKey` `CryptDestroyKey` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `CryptDestroyHash` `CryptHashData` `CryptCreateHash` `CryptGenRandom` `CryptReleaseContext` `CryptAcquireContextA` `RegSetValueExA` `RegQueryValueExA` `RegDeleteValueA` `RegCreateKeyW` `GetUserNameA` `GetTokenInformation` `GetSidSubAuthority` `OpenProcessToken` `RegSetValueExW` `RegQueryValueExW` `RegOpenKeyExW` `RegCreateKeyExW` `RegCloseKey` `CryptGetHashParam` `CryptEncrypt`
GDI32.dll	`DeleteObject` `CreateDIBSection` `ChoosePixelFormat` `SetPixelFormat` `GetDeviceCaps` `CreateBitmap` `SwapBuffers`
SHELL32.dll	`SHGetFolderPathW` `CommandLineToArgvW` `SHFileOperationW` `ShellExecuteW`
OPENGL32.dll	`wglCreateContext` `wglDeleteContext` `wglGetCurrentContext` `wglMakeCurrent` `wglGetProcAddress` `wglGetCurrentDC`
WINMM.dll	`waveOutGetPosition` `waveOutReset` `waveOutWrite` `waveOutUnprepareHeader` `waveOutPrepareHeader` `waveInGetNumDevs` `waveOutOpen` `waveOutGetDevCapsW` `waveOutGetDevCapsA` `waveOutGetNumDevs` `timeGetTime` `timeBeginPeriod` `waveInGetDevCapsA` `waveInOpen` `waveInGetDevCapsW` `waveInClose` `waveInPrepareHeader` `waveInUnprepareHeader` `waveInAddBuffer` `waveInReset` `waveInStart` `waveOutClose` `timeEndPeriod`
OLEAUT32.dll	`VariantChangeType` `VariantClear` `VariantInit` `SysAllocString` `SysFreeString`
IMM32.dll	`ImmSetCompositionStringW` `ImmGetCompositionStringW` `ImmAssociateContextEx` `ImmAssociateContext` `ImmReleaseContext` `ImmGetConversionStatus` `ImmSetOpenStatus` `ImmGetContext`
WINHTTP.dll	`WinHttpGetIEProxyConfigForCurrentUser`
bcrypt.dll	`BCryptGenRandom`
HID.DLL	`HidP_SetUsageValue` `HidP_SetUsages` `HidP_GetData` `HidP_MaxDataListLength` `HidP_GetValueCaps` `HidP_GetButtonCaps` `HidP_GetCaps` `HidD_GetHidGuid` `HidD_GetPreparsedData` `HidD_FreePreparsedData` `HidD_GetProductString` `HidD_GetManufacturerString` `HidD_GetSerialNumberString` `HidD_GetAttributes`
CRYPT32.dll	`CertCloseStore` `CertFreeCertificateContext` `CertAddEncodedCertificateToStore` `CertGetCertificateChain` `CertOpenStore` `CertVerifyCertificateChainPolicy` `CertFreeCertificateChain`
WS2_32.dll	`WSASocketA` `WSAGetLastError` `WSASetLastError` `send` `select` `recv` `ntohs` `listen` `inet_addr` `htons` `getsockname` `ioctlsocket` `connect` `closesocket` `bind` `accept` `recvfrom` `sendto` `setsockopt` `shutdown` `socket` `gethostname` `WSAStartup` `WSACleanup` `getsockopt` `WSASendDisconnect` `gethostbyaddr` `WSACancelAsyncRequest` `WSAAsyncGetHostByName` `WSASetEvent` `WSAResetEvent` `__WSAFDIsSet` `WSAIoctl` `getaddrinfo` `WSAEventSelect` `WSAEnumNetworkEvents` `WSAWaitForMultipleEvents` `WSASocketW` `WSACreateEvent` `WSACloseEvent` `WSARecvFrom` `htonl` `freeaddrinfo` `getnameinfo` `ntohl` `getpeername` `gethostbyname` `getprotobyname`

Delayed Imports

UnityMain

Ordinal	`1`
Address	`0x5463b0`

9

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x124`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99471`
MD5	`b62b6b1e4cd3054ab1b07b033356d108`
SHA1	`c0170ce1c06de46e62508e1d774d64e952cd111a`
SHA256	`6a3c71d7f89e83280ff2aa75c76d49c3239060f8ee53cfc2692e05c4fc9c7eab`
SHA3	`9e885ae1d0f740d603c9ef2ca1a92c8a61ddb587a0f50bee653496e0ac8fe4f6`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98084`
MD5	`2165d3c35627dfb0f24dfa8839b650c1`
SHA1	`5168d394292dd31902f3f8112b22cd604529f378`
SHA256	`7aa854f2b6bf3241c666d0b851ecaea27082934a4b2fa43db752591dfcf9434e`
SHA3	`395d76a75afaab97318d9ea2f3785b5ade74331f689f98e69f22f301be84d67a`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19606`
MD5	`e71ed01bef9a6e44b5a60f28e2d14320`
SHA1	`28a0948d37b93bfd392044a4338968bd3f4de535`
SHA256	`af380b7f1f6bedba49ef3833569a36314f9834b759bfbdc7f5474d65081186c6`
SHA3	`a275daef8cf31a8e4d53a63b80b73137c0c41a126920ed0b63416f8643332d35`

108

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xdc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23439`
MD5	`89647fd8d7ee80b9e9e46db2a1053a29`
SHA1	`10dd88f00a8f56cce48908628abe1215235f624a`
SHA256	`692985cf029eb28098357336ea128b16211fb8fb8ab3e8f90949a952a2514f65`
SHA3	`01c77f889f7bb48a0744fe4f076df03cf74591df831c9d043237c2a7a7426f3e`

109

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09377`
MD5	`839f2e562a1f062fd873414ab28cf1d2`
SHA1	`ed961a5852bd1ac5b55fa8fd70fa8213754abc57`
SHA256	`296b7d861a9ee473d4e8a62f9d7adb025d1fbe8e61206870f426e5c870a98936`
SHA3	`6a4b1fab7319e07585d923be21a3d852ecc1988286973bf8440e25f2a35a3cd0`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41375`
MD5	`05c50fd334f07f003ba1ff9cf2b7722f`
SHA1	`f5d76f310f61b79635ca00a6ea5a8a4c832adc74`
SHA256	`28217a501e5f9241f7eb6c7ac8e7d713e0b13e8fa86a439cc7a50b85cec47a70`
SHA3	`ae8d2b75cb656d32fdcf3946f179accf43ebffaa2b159d60424e7246d20ed030`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2019.4.7.37553
ProductVersion	2019.4.7.37553
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2019.4.7.15307441
ProductVersion (#2)	2019.4.7.15307441
Unity Version	2019.4.7f1_e992b1a16e65

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Jul-29 14:53:46
Version	`0.0`
SizeofData	`122`
AddressOfRawData	`0x164ceec`
PointerToRawData	`0x164b6ec`
Referenced File	C:\buildslave\unity\build\artifacts\UnityPlayer\Win64_nondev_i_r\UnityPlayer_Win64_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Jul-29 14:53:46
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x164cf68`
PointerToRawData	`0x164b768`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Jul-29 14:53:46
Version	`0.0`
SizeofData	`972`
AddressOfRawData	`0x164cf7c`
PointerToRawData	`0x164b77c`

TLS Callbacks

StartAddressOfRawData	`0x18164d368`
EndAddressOfRawData	`0x18164d37c`
AddressOfIndex	`0x1818743b8`
AddressOfCallbacks	`0x181427f68`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18178c7c8`

RICH Header

XOR Key	`0x6f2be95`
Unmarked objects	`0`
ASM objects (VS2015/2017 runtime 25711)	`36`
ASM objects (VS 2015/2017 runtime 26706)	`31`
C objects (VS 2015/2017 runtime 26706)	`37`
C objects (VS2012 build 50727 / VS2005 build 50727)	`1`
C++ objects (VS2015 UPD3 build 24210)	`111`
C objects (VS2008 SP1 build 30729)	`9`
C objects (VS2015 UPD2 build 23918)	`542`
C++ objects (VS2015 UPD2 build 23918)	`123`
Imports (VS2008 SP1 build 30729)	`2`
173 (VS2010 build 30319)	`1`
C++ objects (VS2015 build 23026)	`9`
C++ objects (VS2015/2017 runtime 25711)	`219`
C objects (CVTCIL) (VS2015/2017 runtime 25711)	`2`
C objects (VS2015/2017 runtime 25711)	`62`
Imports (VS2015/2017 runtime 25711)	`39`
Total imports	`550`
199 (41118)	`7`
C++ objects (VS 2015/2017 runtime 26706)	`120`
C objects (VS 2015/2017 runtime 27012)	`265`
Unmarked objects (#2)	`59`
C++ objects (VS 2015/2017 runtime 27012)	`778`
Exports (VS 2015/2017 runtime 27012)	`1`
Resource objects (VS 2015/2017 runtime 27012)	`1`
Linker (VS 2015/2017 runtime 27012)	`1`

Errors

Leave a comment

No comments yet.