Manalyze report for 413f8952b7d0a184574dff0a7ed6e69656fe079fede16873a77c513d7b688354

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Apr-30 11:37:44
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb
FileVersion	`1.2.1.3012`
ProductVersion	`1.0.0.0`
LegalCopyright	Warpfrog
FileDescription	Blade & Sorcery
ProductName	BladeAndSorcery

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to TEA`
Suspicious	The PE is possibly packed.	`Unusual section name found: .bind`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The file contains overlay data.	`440 bytes of data starting at offset 0xd8a48.`
Suspicious	VirusTotal score: 1/70 (Scanned on 2026-04-14 09:08:54)	`Cylance: Unsafe`

Hashes

MD5	`853ddda4b05b763da8dd4f9cc5268f21`
SHA1	`7909e7c89475bbfe9247b05e84742566d5fa8ac5`
SHA256	`413f8952b7d0a184574dff0a7ed6e69656fe079fede16873a77c513d7b688354`
SHA3	`e623babd0dfb2f72d83290ba4f957010f56d5c2bb6656f2790a5298919d23f9d`
SSDeep	`12288:KoCCHzzzzz3U+oD//wW4qKBYDGVTU2wF:JfzzzzzENL/wW7KuD/`
Imports Hash	`5f74a5c747508e2822fdb9b687deaf42`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2024-Apr-30 11:37:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa200`
SizeOfInitializedData	`0x95400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xdf000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4190b7be9f5f4eb52c040a688e61a250`
SHA1	`ee3a1c75987c1b0e5e4ed015cbe0c92530bdad11`
SHA256	`7d92c29b88ce9a3c69a11f70fbc73e302f5d8d66766589406274d31e97ed920b`
SHA3	`0e04178fbb1a5d03ab267f800a38d342bb9f4a2bb6441604af8a9b52ecb4c4c6`
VirtualSize	`0xa140`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39724`

.rdata

MD5	`49a82d2863a52635ec0fc86f923d36dc`
SHA1	`f4e1b2e0f81efcbc6bedd0346f63d57ca705be13`
SHA256	`5a485a2611693e58df41d11e495cbd62fe6725847d15b7d2f00c83719baa2662`
SHA3	`e69dd3dd6f6b382575b7e0405efbe57d3dc8c81aaf405cddc8f9b9d749126ca8`
VirtualSize	`0x8cce`
VirtualAddress	`0xc000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65325`

.data

MD5	`2e9924c581c86e57e2e2b0ac87e1aa45`
SHA1	`a1a176fc5c54e8c996a328e810c15c16cdb5b73d`
SHA256	`90b0d83be28bc06320f7b2ce10f056ecd17badc2e84e2b1533c0454096a1e5a0`
SHA3	`8c3bb6dfd1204e833639461f26a41ad45e7fa68dcdc97aa4908992d272dc2237`
VirtualSize	`0x1ce8`
VirtualAddress	`0x15000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.6801`

.pdata

MD5	`2717431295e555cdae3fb602e2bd957e`
SHA1	`408d09336a1192e50edb78d3e7795fbc547ac381`
SHA256	`d927fd3b2aebd7b714861d2fede4d4929f356363e518385fd3c95e3262524631`
SHA3	`bbf9f4f071095b27e2349d9a28e1c01b5066c00143b8c5f7a393d2267f8178a5`
VirtualSize	`0xc54`
VirtualAddress	`0x17000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.34687`

_RDATA

MD5	`1960efd573f3d23522c840210d59fb7e`
SHA1	`47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2`
SHA256	`ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4`
SHA3	`225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4`
VirtualSize	`0x94`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.08512`

.rsrc

MD5	`f2ac3ef73578a999110849a4a109869d`
SHA1	`6044cadda9f23d5b46e51b4a7ad09c59bccc4f73`
SHA256	`1d7c562a46d4fc47a7631896b90379f9f03d9c2fead4597dae6d9fc48bd9b7c3`
SHA3	`e1dea5aacf4139742935fac6c1723dd22e5b84ca006c1e207b1a037e8d5839c1`
VirtualSize	`0x8a194`
VirtualAddress	`0x19000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.85224`

.reloc

MD5	`687aa942cda2e64adc67a829f1587240`
SHA1	`26058e365b4fef9cae39c529017700cd0ccfedb7`
SHA256	`e5b51406ab27a5065a374454ac72e242a50072d670957430f820af90f479b506`
SHA3	`8a51aae6ca0ea13d9513cba0336e2446957914c5ba6561a337c3afdf42f3c689`
VirtualSize	`0x638`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.79086`

.bind

MD5	`0eba4efceb42c78f99ff05052aecf617`
SHA1	`cd7ea9dd46c9180674f3c071e1c4878add6d7947`
SHA256	`d31342c8731408044561d0b55621d3f174b6f1cbaf151cf2d9e224460b14634f`
SHA3	`2882e328567618a267f77b2d4f25bfee149271b84c8ef004c2227caf4df4a11d`
VirtualSize	`0x39048`
VirtualAddress	`0xa5000`
SizeOfRawData	`0x39048`
PointerToRawData	`0x9fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.95947`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x15004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x15000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60786`
MD5	`428e1bbbe357e908b9700d8b7e9e075f`
SHA1	`4a6cbb824a1f91253a3a96293033b5edc8fbee08`
SHA256	`6880a4a6c0f12649cffbe52258c05872864372b35a153ab992c3cc044077bef7`
SHA3	`a955e7690ba5e8fb63f688f64b7fd6e916e6dc70b8617e2274948e8dc09dd1e5`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72761`
MD5	`32646ebce3a6f51e313b117ae0678600`
SHA1	`7de87d9d12518132bb1aede45cc2001260b4a184`
SHA256	`4bca0fb0f29909c61e4a3c1051632442959618181bdbbe7b1353d775c879da9a`
SHA3	`a15e9909731be6af0e5856491baf9628b6ecce4e23578a719e5a39a7ca0c511d`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93976`
MD5	`9333ff0358b04715854d5999ce5f9688`
SHA1	`45210f4b111399d22fa02f49c44df2ba891ef6e7`
SHA256	`2c12f31ca860bdbc8fa9cf5baf8d49428e2592fcb4b220e8ff25649edebb240b`
SHA3	`ad5726adc0735084451838d9d342d7537ebfe42d21ce457235e044d92c572181`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1467`
MD5	`777935e45e25695bdd38505c2ecdaa63`
SHA1	`386baeeddbf843c656926d238ab31b498ac4d722`
SHA256	`d370efee49a5f2504ef612f03bc071548aedb09e730aa3a924714f2ef5ccb27f`
SHA3	`fa43fe2f4ee482cfadb595c9d4ff1764644fcbb8c516016d718f5f6d09d4cd69`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52197`
MD5	`ad15e530f6bd18be30dc5e27dcb64326`
SHA1	`8377fd7fe7b55d78d39544a53c98ca501ea3a0a4`
SHA256	`fc17a3de88ea1b25d34a1b8c072e3c16ba0a87094c809a23e9cc52b1c73772e8`
SHA3	`836c6b4f07cc03eb1eed47ede74ef9df639a3cbf2f426939f9d69a84e548de83`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.79925`
MD5	`0441402bd2a7e4faa0ada5ab75b01c2e`
SHA1	`a133d232cfef28207f30fa744948e569eb2a2653`
SHA256	`e4cb0464b189d2bebe9eea8ae90e2de472cbc508f555e3b82beb3d61a3d01f9a`
SHA3	`cdc0ba2a9ce7f3552f85fd33b6d45d3752b7a661ff0036d140cbbfd5617aca95`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.20717`
MD5	`10a3a51e57f2cbd869db90d910bf1540`
SHA1	`c2394b5cf7d2975499ac707354bdf8686dc2d685`
SHA256	`c46575944417776fc194f113ef1880794c0fd76c0c44e7e0f008f543455a02fd`
SHA3	`c54488aa67349ad5ab8ea32a6507f9fa786e24ea37a9782c731e0f04ed480a82`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.62254`
MD5	`5aea38a40950d580c9b1e313ea590e72`
SHA1	`4df63349a99e9595a17c007eee6140164b6e8672`
SHA256	`53824b16e874ecf9b36e1e948502f57351afce0ee031cf61596154a709cb1ffa`
SHA3	`efc8585c7686f02fb46a1d2d4d1aafdfd0c4f20dcadc2a763e46fbee05c8e28f`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95168`
MD5	`51b145bff2a77b390428a348bb5adc5b`
SHA1	`55880d63d75d2a9b694fc2fdb2f56e3233817a3c`
SHA256	`96529e9698526fc9377877cc670c0adaa66bc19aff480df501462d291034a233`
SHA3	`ea2cb0fef8449287ed6cea5031d9018990aacd2fce3d439e288af9b473f8cc3e`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x214`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27911`
MD5	`833ec61df0af2ae2b7b5d3e9ae2aeca3`
SHA1	`047c2276923bb0406f335c26e120e10dfdcaa6d3`
SHA256	`f26d43aed55e4b50192e549620a9021398941a169024386ad12e444fe46a3704`
SHA3	`7a9e3b7c9f2d3c585cf2bc72fb17cb1410e0c9092c0c8bd6239c451f2c5df1c8`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.1.3012
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	1.2.1.3012
ProductVersion (#2)	1.0.0.0
LegalCopyright	Warpfrog
FileDescription	Blade & Sorcery
ProductName	BladeAndSorcery

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Apr-30 11:37:44
Version	`0.0`
SizeofData	`141`
AddressOfRawData	`0x13780`
PointerToRawData	`0x11d80`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Apr-30 11:37:44
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x13810`
PointerToRawData	`0x11e10`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Apr-30 11:37:44
Version	`0.0`
SizeofData	`712`
AddressOfRawData	`0x13824`
PointerToRawData	`0x11e24`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015030`

RICH Header

Errors

Leave a comment

No comments yet.