Manalyze report for 520ba00d26d3d747603a3441825e5e3a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Jul-24 19:50:22
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\WindowsPlayer_x64_Master.pdb
FileVersion	`2017.4.31.10259900`
ProductVersion	`2017.4.31.10259900`
Unity Version	2017.4.31f1_9c8dbc3421cb

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.7884% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2025-06-10 04:30:52)	`All the AVs think this file is safe.`

Hashes

MD5	`520ba00d26d3d747603a3441825e5e3a`
SHA1	`6a9de4b62f61c249678e05646bb00d1a5263d3a7`
SHA256	`4788221cc8610d8b1f0075f1a2ae8c8b30aa2c10c28e3fccae7eb9cf97540bf9`
SHA3	`6aa11b9c07f3616a4d275c0f512aeaa26acf435350514f442262392a3de8ae41`
SSDeep	`12288:o+oehRRrkjLRerpLUCwZFLmLDkVqulEBH5be35g87Fta0D8:oiRRIRedICwZtCDkXlEBZbeZHaI8`
Imports Hash	`30fc819c693eeaf8941de56adbfe3dab`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2019-Jul-24 19:50:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9e00`
SizeOfInitializedData	`0x96000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000144C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xa4000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e42ea766c72e9814cb1b476355a674bb`
SHA1	`f210db0de53eee47aa22923d64ad653032603e92`
SHA256	`ed1cca393ae79cc96111b64dae00c9e1d04c8726841444b2d63385092d280fa6`
SHA3	`8c09727dcb6294d4e2224bbb734eeac0867fc87cee90c32ab307b08fed86123a`
VirtualSize	`0x9d10`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36624`

.rdata

MD5	`9bbe7cca8756390c75a9cea1116ceb46`
SHA1	`60d29bb7b6f8b8484a130e1360ab81e289145f5d`
SHA256	`9c4f72b5a82cadb4f159329218d092c946d9ad78f601dfb2a28f98b9ed393e26`
SHA3	`144c096cebf4dbc501d64885eb2654b9f2ed36677004dd0b25b65a808f9c79bc`
VirtualSize	`0x8950`
VirtualAddress	`0xb000`
SizeOfRawData	`0x8a00`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77147`

.data

MD5	`7d07ed58830102f49c5c8e0f9244b566`
SHA1	`0c250f5de8473608ed8da77ed5fd238d47d71092`
SHA256	`8533712ce82c3107e4f6f7e61d75b2ea3872f4e0d44d0a2e1752b023a4ab6894`
SHA3	`64840d1c7ad601f7bf22eddb147aefff61e344f31127820a88e3444b314be044`
VirtualSize	`0x1c10`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.90695`

.pdata

MD5	`44721c87bf41ec6b3917aff40d9c9048`
SHA1	`478e5234b3a21352924df19347dfda2e7550e828`
SHA256	`b4e2ea656e9ce58daaef6c02cde34546e413185fa85f884bb8080a2834e86eea`
SHA3	`4d21d03b3d6ad75858074598251fb94a21b6361d34eac6c38688f53d4ef5e727`
VirtualSize	`0xbe8`
VirtualAddress	`0x16000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77915`

.gfids

MD5	`f9e7e2abcde3ce74bfa109852579dd97`
SHA1	`81aea4a3b26693662a4cd75537e63f660ec7b245`
SHA256	`922d5df582d31ad29dab3b35fa30615ba23e9c0eab091fe11b7cf858b3002658`
SHA3	`b4d34fc5919de51b2dba584d4c9be9462637348f95b841a51fd31483b56f12db`
VirtualSize	`0xa8`
VirtualAddress	`0x17000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.34741`

.rsrc

MD5	`1b80b6297ba632753a8a701767ff3594`
SHA1	`4b19d6e7ddbc010eae37eef771619cdcf1a335b1`
SHA256	`a376ed438d35a82b6071131e698e50ce9697e9666ed1f430f234f4300e835cb0`
SHA3	`8cee1466e0cbbc19b165405cb922cf5719f83ad61df977a320f59c3641c5654d`
VirtualSize	`0x8a0e0`
VirtualAddress	`0x18000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x14400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.29336`

.reloc

MD5	`7bf8c761218fc347c43683f8f57b6ad2`
SHA1	`ec1c03f562f6ae173770d3194fd934c08dfb8386`
SHA256	`6a078833feb268f4bc79651d5c5e517d0c886dc9f595acd945986aab6b1dd26f`
SHA3	`87fad22ecfa30cc64642510bf41ec85ae0f1f95552263c6135fc36cbaa794f28`
VirtualSize	`0x614`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.71974`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetLastError` `GetModuleFileNameW` `RtlUnwindEx` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `GetStdHandle` `WriteFile` `MultiByteToWideChar` `WideCharToMultiByte` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `GetACP` `HeapFree` `HeapAlloc` `CloseHandle` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `LCMapStringW` `SetStdHandle` `GetFileType` `GetStringTypeW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `WriteConsoleW` `CreateFileW` `RaiseException`
ADVAPI32.dll	`SystemFunction036`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x14940`

NvOptimusEnablement

Ordinal	`2`
Address	`0x14944`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.05357`
MD5	`9494f0a07afb7551158a041f97f94d30`
SHA1	`c7ee794c32db5071ed33c555b4d57a49a7494289`
SHA256	`1b64a40f7c5418088ceaeb40599fb4d22ac492002b4d304d6f6af1be4ccffb33`
SHA3	`829f59dac199be3d1e9b9bf7585af15d89bfef270844aaa331e41bdd5022550d`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.22037`
MD5	`9aeb8675ff9d08aa29c74df8e11ba839`
SHA1	`77831f0f6cbe284f5ebe4b0b1bd8ce461445c2c5`
SHA256	`efb8d9d2d06ec41d0d3c4a5e4a21eafbdafbb3b3ebc0d710394b83ac756a57a5`
SHA3	`d31b0253c69365691f93c9ee9e3dbe9194105660d61684e31f6131969da880e8`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28517`
MD5	`a88d64377b43a65a5a0789067394147d`
SHA1	`dc5467a0225632f2f1edee95a81b08a6f4d37f7f`
SHA256	`d1b5828a88e4300e75bdae7746b991cc9a05c867b036823098f85a47f25de341`
SHA3	`f68d273140f26c61d6dadcdd76339ab79a85614ace800039bfc51931aa616d36`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.26043`
MD5	`88f8efafb71b31c43e62b31cad1e0c59`
SHA1	`67f664186dae27f2ef0fab8b78c7e9f690d63a61`
SHA256	`b3a8c189f4d999c6c05c57d964215a59b861fa197f5c067c7aec56a1e98112c7`
SHA3	`5bce30f4b2a591ca30b81652bf9f276b9c8dc3c0c13a2c35e7fad9b69585040e`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.29949`
MD5	`a389945f3913d15b200190fbf0d969a3`
SHA1	`3024b7777a59b11021f470a2ca047c7fa9ab66ef`
SHA256	`f2a8acc02e48c33a1123431bcdbcd2975c09a545a6fd740e4497324d86d17238`
SHA3	`96d5a43e29a4973f8b8c751f2c709caf2cb7758cecbd8c904a3353b1779b04ab`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.29541`
MD5	`268a1ad3d0a5a0d9773fe69b8df73fb6`
SHA1	`e1e27e16e806ae5663f6636fc617e3bc94ab1c49`
SHA256	`92c7049188f57e4d7af022ca28b9c673ef0c251789ebebd8ad82bb113b32370f`
SHA3	`351ffb279149beed064b8f3aeb27f29bb2660e21a9bcc2b8f2c3075466327410`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.29944`
MD5	`4fa738d47b86311e55ebdd80188e40c2`
SHA1	`95bdb7c80cca3909107ada49a02800e997497ff3`
SHA256	`c77872aec2aebe81795a643c716aa3b5e17e0608e835247b1b623bcd0858cd5b`
SHA3	`3d1643143b77f84c3cd9e8194c3b7fefc26e31e5ea726be5ef3b190e8253b79e`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28989`
MD5	`4f3cc11d82b8ee786841683cc5ce9e09`
SHA1	`a60f19d44efe21a5785de7a2ffcaa7387de5cc07`
SHA256	`501304eb8f2b4d4d7ce94eccfcdffea470437bde54123202fd7123743fb874f5`
SHA3	`cd6849d304a87922a7d30048878eec203bbf7c4a252e42df6262448d683bb47a`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.27873`
MD5	`3f3486c162b86eee6f19c7d18c72debe`
SHA1	`a2f702a670d736eabe55c0001cd60721b2a92f24`
SHA256	`16db0eada32c41b419ee530f211c593580b11c979da81479ef264d79bdedf03f`
SHA3	`a343c4f4c98d63f561428175d7b77f6eee759cb7e7e8b28a9d7d9e7aa9ec8720`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39944`
MD5	`e03b955889b4818aeba1ef725c2e822f`
SHA1	`8507121f53e21c33c7cd8c4113a868540c9bfd1a`
SHA256	`cfb7e0666191a34b8224a1196ef6362ca391e09a7dbf796dc16f00d3aa0c639a`
SHA3	`aa68f1a866b6545c84dd5061f26120405061e388f232cda2b5eb7f438bd17c59`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2017.4.31.36284
ProductVersion	2017.4.31.36284
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2017.4.31.10259900
ProductVersion (#2)	2017.4.31.10259900
Unity Version	2017.4.31f1_9c8dbc3421cb

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Jul-24 19:50:22
Version	`0.0`
SizeofData	`147`
AddressOfRawData	`0x1238c`
PointerToRawData	`0x1158c`
Referenced File	C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\WindowsPlayer_x64_Master.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Jul-24 19:50:22
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x12420`
PointerToRawData	`0x11620`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Jul-24 19:50:22
Version	`0.0`
SizeofData	`848`
AddressOfRawData	`0x12434`
PointerToRawData	`0x11634`

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140014018`

RICH Header

XOR Key	`0x11c7e724`
Unmarked objects	`0`
241 (40116)	`4`
243 (40116)	`120`
242 (40116)	`13`
ASM objects (23907)	`7`
C++ objects (23907)	`29`
C objects (23907)	`18`
Imports (VS2015 UPD2 build 23918)	`3`
Imports (VS2008 SP1 build 30729)	`4`
Total imports	`87`
C++ objects (LTCG) (VS2015 UPD2 build 23918)	`2`
Exports (VS2015 UPD2 build 23918)	`1`
Resource objects (VS2015 UPD2 build 23918)	`1`
Linker (VS2015 UPD2 build 23918)	`1`

520ba00d26d3d747603a3441825e5e3a

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.gfids

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors