Manalyze report for 669dd82813120a4168c462483ba2650aebbc9bceec92c9fd621335e60ee2882d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jan-16 11:06:55
Detected languages	English - United States
Debug artifacts	D:\unity_wbqi\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_Master_il2cpp_x64.pdb
FileVersion	`2020.3.26.2024282`
ProductVersion	`2020.3.26.2024282`
Unity Version	2020.3.26f1_1ee35aa072
CompanyName	Netease
ProductName	Sword of Justice
LegalCopyright	Â©2007-2024 NetEase, Inc.All Rights Reserved
FileDescription	Sword of Justice

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 84.9806% of the executable.`
Info	The PE is digitally signed.	`Signer: NetEase (Hangzhou) Network Co.` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`93a6bae70556156af4f74b5a9b14bc8d`
SHA1	`224c9bb35e302c4f89846a4d8aab3ac8aff329cb`
SHA256	`669dd82813120a4168c462483ba2650aebbc9bceec92c9fd621335e60ee2882d`
SHA3	`50be81c84c09b1bd25a117d60d35cab304612c5120eab7326fecd6e38e0c3895`
SSDeep	`6144:u/aLmf4yZiNQY5SSHWTQLeS+BnCBi7JvgXsa1NH/2VM8uFjWLtQTuAJagyMobdum:uRgyqMDvnKijWNfv8u+WBGE3VevNww`
Imports Hash	`29bfdce8e1ea00cae84681fa907ddee7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Jan-16 11:06:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa200`
SizeOfInitializedData	`0x96800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa5000`
SizeOfHeaders	`0x400`
Checksum	`0xa9d49`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`50203200f560c4b4840cfa87e4a6c22e`
SHA1	`973d7e1b664e56f89257799b0205c6688beab5ad`
SHA256	`81c1f8df8adea4a092c6d6e4a8e2df388daf25c770ed874d837d94ab7720e711`
SHA3	`16d1098ab8043c1154940e92745386e4656c6859c554fb1fde0c48ecd1f7a143`
VirtualSize	`0xa150`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39332`

.rdata

MD5	`9b4c6a81a758d2fe73b1a04ff3aeb5f5`
SHA1	`257006303a2cc03d438a628e45f887773226fa15`
SHA256	`80584ca8bfefae2444967b2e32c1ee1022a9b72dac32040f1cb3853dd824a38a`
SHA3	`8483aff608c75c1f8258ea490c59701acd48d251fd3c064b63a98d6434ed1506`
VirtualSize	`0x8c74`
VirtualAddress	`0xc000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65264`

.data

MD5	`be55152cc2958ef6f1af6853367ae5b0`
SHA1	`42bbf7ed8aaf924b44626f14a80280082036bf95`
SHA256	`a0a4d0f033eff3224ffaa07cb959874de49c4f9e6944831069b579378a48da72`
SHA3	`604db52cfefcd9c6af88bd70cb6ea313c8f6954dd6886b68f0f85a1ab48589bf`
VirtualSize	`0x1cd8`
VirtualAddress	`0x15000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.67586`

.pdata

MD5	`c0f07aeffba9d8d3878b2062b759ac36`
SHA1	`229636f41d70f93a61c78011632da394ecb0dd10`
SHA256	`d0c9ae0d0ca9f9b10d8986dca30515b8f60eaa3b12dc532d0b10faf5ef2e39fa`
SHA3	`498cd146b37a21b02b20bd22feffa17138c0da90313077035b861efbd8559d20`
VirtualSize	`0xc48`
VirtualAddress	`0x17000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.34463`

_RDATA

MD5	`1960efd573f3d23522c840210d59fb7e`
SHA1	`47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2`
SHA256	`ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4`
SHA3	`225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4`
VirtualSize	`0x94`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.08512`

.rsrc

MD5	`06745039d30ec7e8edf7526f2b899e2b`
SHA1	`520a10e7ef47bd1854b70bad6ade9aa630fe7552`
SHA256	`89e436b13b99791e6a7a61b09ed1f0ada76eed2150b08293db3b698b4fb3fc09`
SHA3	`4e4451ee50cdd04ce08a0eac861830e67fce94da21f014ae534c82995dfe661b`
VirtualSize	`0x8a280`
VirtualAddress	`0x19000`
SizeOfRawData	`0x8a400`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.28553`

.reloc

MD5	`a44300d31663ae001ac44b9a94cdac83`
SHA1	`b0726d27a844ed967a732b2d4b4ccfe6da6e21fc`
SHA256	`528198578c16a2707b9f843724812f5f68a5cb6acfe8e58cabf5b2e44412f8ac`
SHA3	`138eb400636e49769785dedb1afc40721b39aa4ac4feedf3a22504f75e346ce8`
VirtualSize	`0x63c`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.78856`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x15004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x15000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28043`
MD5	`93fa8c629ee6c4937758db88d99eff84`
SHA1	`f8f93f1bbbf6f794c7f1a51a616303efa37da3e0`
SHA256	`59764210dececa2a4c1031c01902cb8cf8b1fb4821df41350bae0167768d837c`
SHA3	`25c9017437ddce15a8add1b66d5f7070090894f1d633dc63b34de448bb9c717d`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28328`
MD5	`4d7b775c72321f78503d23898bca8dd8`
SHA1	`a9b7a373e9ccb9eefd127bd118612d1b10b4fde9`
SHA256	`8ea5bd50decba8ac1660f666c77af1a12d1fd1cd244e9626b989eaeab7855d23`
SHA3	`6487222c911ea901a0a2121830cbe937fd8a178424a09a454614dc5cae06016c`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28003`
MD5	`16b3ac153f73fd27ab0b55fb6163dd6e`
SHA1	`b54a4cfb341a05d3c8a175d7cd5b876480b22818`
SHA256	`f4b55c9dbe5c4ceb86682994dcb60d220b7f671ea2a13613535463c29932b20a`
SHA3	`bdee5cf83fc664eb1e9f7976fa42acc102a9caf84d9522dffc0f50c1c5a17348`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.27694`
MD5	`ed7fa387b32f99c8d32ebffa32db3540`
SHA1	`3c31fa8cb434b57538df38eba872319539920cf1`
SHA256	`a0aaeeb212afd95eb77b7fc2d2359435a58b6aa2aab5d11ba9a34f6a1280e754`
SHA3	`3db71ffabc26bfffebcf69d00d2242520f326d8fc0d13a16b521af77d1a10782`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.26691`
MD5	`5c80909950a7ed52053b5da382f4f394`
SHA1	`898baf44e3b8100fd3039118a1ed454eafc526a4`
SHA256	`db3957f8560d9c95287b520616b6e08455ddc5caaebc6f1744d42022ce630fc4`
SHA3	`c819009c083728cf37d91fa540b41ccf592d4a9301d23fd69fc0caea76056880`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.21309`
MD5	`7b06e7e6d9f81ad0f25d55c7223ed576`
SHA1	`7e39cf784f836a4434f44b7dd687a9560f4d472d`
SHA256	`7acdb371adec93f1d8652d2f7bfc6c245f2426a55233b819c6bb6546216c7466`
SHA3	`b16c0668bc0ddd6527317cac65eba847d52074be7a21f2806fc7630f65e8c250`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.21473`
MD5	`8c3cdc4c6b7b50e956eadba14c7a86b8`
SHA1	`5d408bc019083efec0f63297794f9926f608863a`
SHA256	`c91516aa3da8ec8acdcf6eefff147edd7bc4e090e864a211beae5806aa82d023`
SHA3	`a652fa2a7a95765f0ecc368cda805ce8e97174fcf86686ac3a7563599bb29c95`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12434`
MD5	`ad753e7a2faa1aff8da0d978496489db`
SHA1	`efab0847dad929b372258cd9a8dd58a00fa2d5c6`
SHA256	`8b851546fd4e564473c2105bb919932e0bf360f8d8b0149a56e3db1927c500e6`
SHA3	`e8b76c7d78d764447733a0cf1d77a28d64464bd4ebfbe0aec993fa422bcffdd8`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.93944`
MD5	`b6c6121f689485f274ea6ce2e842eeab`
SHA1	`c7745b789ef617a30d2676d971fb3579dac226cb`
SHA256	`3b939d6edb2aae8432a1c184eef270fe12273b1e14c10b141e7d59009daf5eb5`
SHA3	`a7ca6eacdda194dd0b96c9c703b69806dae793d26203b1653f1b761571de4a9e`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52116`
MD5	`e8a29ab2b4c447616657631b9a2d2b9c`
SHA1	`503e72b8000d41e9f7e21861a2195feb2da9e87c`
SHA256	`316027761c042e42c1974195c3c4ea073533594d491b93f40ee5c1746c60bd1f`
SHA3	`8bc33e6573063f706dc97a835cf9e5dd68bb8f64d52deb662f99151b9c52ad7f`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2020.3.26.58202
ProductVersion	2020.3.26.58202
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2020.3.26.2024282
ProductVersion (#2)	2020.3.26.2024282
Unity Version	2020.3.26f1_1ee35aa072
CompanyName	Netease
ProductName	Sword of Justice
LegalCopyright	Â©2007-2024 NetEase, Inc.All Rights Reserved
FileDescription	Sword of Justice

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jan-16 11:06:55
Version	`0.0`
SizeofData	`122`
AddressOfRawData	`0x13740`
PointerToRawData	`0x11d40`
Referenced File	D:\unity_wbqi\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jan-16 11:06:55
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x137bc`
PointerToRawData	`0x11dbc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jan-16 11:06:55
Version	`0.0`
SizeofData	`712`
AddressOfRawData	`0x137d0`
PointerToRawData	`0x11dd0`

TLS Callbacks

Load Configuration

Size	`0x130`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015030`

RICH Header

XOR Key	`0x8b14fc6e`
Unmarked objects	`0`
C objects (27412)	`11`
ASM objects (27412)	`5`
C++ objects (27412)	`138`
Imports (27412)	`2`
C++ objects (VS 2015/2017/2019 runtime 28427)	`37`
C objects (VS 2015/2017/2019 runtime 28427)	`16`
ASM objects (VS 2015/2017/2019 runtime 28427)	`8`
Imports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`3`
Total imports	`85`
C++ objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`2`
Exports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Resource objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Linker (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`

Errors

Leave a comment

No comments yet.