Manalyze report for 7aaa1cd6be53a7c5bbd81ba3a5815c496a23dcf13bdde10cd21400fea4032089

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Jun-18 07:26:00
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\player_win_x64.pdb
FileVersion	`5.6.2.10654012`
ProductVersion	`5.6.2.10654012`
Unity Version	5.6.2f1_a2913c821e27

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `Contains references to internet browsers: firefox.exe iexplore.exe` `Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System b3 eb 36 e4 4f 52 ce 11 9f 53 00 20 af 0b a7 70` `Looks for VMWare presence: VMWare` `Accesses the WMI: root\cimv2` Contains domain names: api.uca.cloud.unity3d.com cdp.cloud.unity3d.com cloud.unity3d.com config.uca.cloud.unity3d.com connectiontester.unity3d.com cs.unc.edu curl.haxx.se example.com facilitator.unity3d.com http://msdl.microsoft.com http://msdl.microsoft.com/download/symbols http://unity3d.com http://www.openssl.org http://www.openssl.org/support/faq.html https://api.uca.cloud.unity3d.com https://api.uca.cloud.unity3d.com/v1/events https://cdp.cloud.unity3d.com https://cdp.cloud.unity3d.com/v1/events https://config.uca.cloud.unity3d.com https://curl.haxx.se https://curl.haxx.se/docs/http-cookies.html https://www.microsoft.com https://www.microsoft.com/en-us/search/result.aspx?q masterserver.unity3d.com microsoft.com msdl.microsoft.com normal.xyz openssl.org proxy.unity3d.com tangent.xyz uca.cloud.unity3d.com unity3d.com vertex.xyz www.microsoft.com www.openssl.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: text` `Unusual section name found: data` `Unusual section name found: .trace` `Unusual section name found: .data1`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryExA LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: SHDeleteKeyW RegCloseKey RegOpenKeyExW RegCreateKeyW RegSetValueExA RegQueryValueExA RegDeleteValueA RegQueryValueExW RegSetValueExW RegCreateKeyExW` `Possibly launches other programs: ShellExecuteW` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptImportKey CryptVerifySignatureA CryptDestroyKey CryptReleaseContext CryptDestroyHash CryptGetHashParam CryptHashData CryptCreateHash CryptAcquireContextA` `Can create temporary files: CreateFileW GetTempPathW CreateFileA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: WinHttpGetIEProxyConfigForCurrentUser` Leverages the raw socket API to access the Internet: WSACloseEvent WSAEventSelect WSACreateEvent getsockopt WSACancelAsyncRequest WSAAsyncGetHostByName WSAWaitForMultipleEvents setsockopt ioctlsocket closesocket WSACleanup ntohl htonl ntohs htons WSAResetEvent WSAEnumNetworkEvents WSASetEvent getpeername getprotobyname recv gethostbyname shutdown listen accept WSARecvFrom WSAIoctl getnameinfo getaddrinfo recvfrom sendto send gethostname socket connect bind inet_addr WSAStartup select __WSAFDIsSet inet_ntoa getsockname freeaddrinfo WSASocketA WSASetLastError WSAGetLastError `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeA GetDriveTypeW` `Can use the microphone to record audio: waveInOpen` `Reads the contents of the clipboard: GetClipboardData`
Safe	VirusTotal score: 0/72 (Scanned on 2025-05-13 20:20:53)	`All the AVs think this file is safe.`

Hashes

MD5	`48ed14de18d4964d28ccf5f48214c190`
SHA1	`c9b91551abd98e79ea6233034bf0732c46e7a658`
SHA256	`7aaa1cd6be53a7c5bbd81ba3a5815c496a23dcf13bdde10cd21400fea4032089`
SHA3	`6d169125709952cf0e8d27ea2d1676991bbaf4345b2616d1c04dd02ab8f3afe6`
SSDeep	`393216:c6AnDFnbIE26OQ4H1mCt1RkygBqidv4plG1GLy1XoAC:dCsZAYP`
Imports Hash	`356b3fb9e59a4b326233385d70c506bf`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`12`
TimeDateStamp	2017-Jun-18 07:26:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`10.0`
SizeOfCode	`0x10b4000`
SizeOfInitializedData	`0x5f4800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000A11E14 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x16b0000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`79e33b824581424dbb0bd934e769cc25`
SHA1	`7c9341e6c0639adf9bee3b26ec4ceaa78eb07dbf`
SHA256	`a983814fb92e1e3509ae2704624045c9a32764cc648cd8dc825e28ffee2d7b1c`
SHA3	`91d406cb4913f313464415649a8f1f5d9b16937602b6b0950b7bebdb7498cc67`
VirtualSize	`0x10b3f2c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x10b4000`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50511`

.rdata

MD5	`9a997c18dfc90bdae764a483770867e4`
SHA1	`deb8e2676815aec8bc22c92a91fffee8966e28ae`
SHA256	`ed4db51b8944427f459d925b4f39b1c3dcd1c42007853d08208e67dce70e31f6`
SHA3	`3ae176c21b4d4709b3f9477d0c3c7667f180172f996a276f6da47500b190b10d`
VirtualSize	`0x2d6d64`
VirtualAddress	`0x10b5000`
SizeOfRawData	`0x2d6e00`
PointerToRawData	`0x10b4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.21669`

.data

MD5	`c12c38b7e6f5e38545c0f94ebdc41c06`
SHA1	`96b1706102b65b3a6402e3919f00c51026c5fa37`
SHA256	`07eee49e970336c6537b1a20f6db747c53d53e11ecf2a13c953435bef3606d3e`
SHA3	`680b0a1e8297affb7f62a0b1bf008b013a010218f11af590c304acf95bfdf129`
VirtualSize	`0x181380`
VirtualAddress	`0x138c000`
SizeOfRawData	`0x9b000`
PointerToRawData	`0x138b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.97807`

.pdata

MD5	`9ba16573976a8a2913cfe6fe7f7d986a`
SHA1	`6e13d7df4355bdc219342e8eaa8fd775dd46ef3f`
SHA256	`d4d5f085662050927776c001ed3475786da3ed99d971013771eef5e082f60d1a`
SHA3	`5d8cdccfd97ccc6ce99e7cc2ee8ce2a2d3983f62d2b85468671e384e9d7e3178`
VirtualSize	`0xd95cc`
VirtualAddress	`0x150e000`
SizeOfRawData	`0xd9600`
PointerToRawData	`0x1426400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.81562`

.rodata

MD5	`1548249b6287b5b6505e73f641d969ea`
SHA1	`02eebd8ba6d2883779c2224bcf4cf98c1b8afc87`
SHA256	`c8ef0b8491f4d31f86d43787b70c1ebf31f5b9b4c557dc75f334902a888faa29`
SHA3	`8d06f2139f86fe30639ab619207b83205d0d1c9da17180f6e4f30656af944a2f`
VirtualSize	`0xb50`
VirtualAddress	`0x15e8000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x14ffa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.12211`

text

MD5	`9d23a01090f79ec9d1ed66336d80272e`
SHA1	`5ffb0341290cbee37d9a5e7c12c050bc7a915217`
SHA256	`39bf3b8accf6ff123a52cc8b0e51b63d5cc50597140a97bbb21ff2093a3f4976`
SHA3	`d18e966a371020ddbed5ddc2f7cd2deb71eb5dea149455dc29997e595b5767d0`
VirtualSize	`0x325e`
VirtualAddress	`0x15e9000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x1500600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE`
Entropy	`5.7357`

data

MD5	`e5a31808657b01530d5b32c950010ac3`
SHA1	`e395d893ce95c3c0ed2181db5d7f114a993aca22`
SHA256	`541c9601ebd99dc7998e5096d29a79fa4925c1d373b9942d62a8648496524084`
SHA3	`9edcf64a2169d4d4a2f349e9caf3275a4850e7606d1fc5cf55ad044a9fd21104`
VirtualSize	`0x81b0`
VirtualAddress	`0x15ed000`
SizeOfRawData	`0x8200`
PointerToRawData	`0x1503a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.4876`

.trace

MD5	`1cbf484f876900791af2d6f4dcd3a719`
SHA1	`fe97b691dd95243db2ae4055c374f19110653177`
SHA256	`27c52df6554a23384eab533cbbb23d6ffdd98a7dc7113a0fef728f102c555862`
SHA3	`6d4699575aff6be776a34f2aefe2a1c678566f5817d87953502e02ca4bf98f92`
VirtualSize	`0x9d8`
VirtualAddress	`0x15f6000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x150bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.76134`

.data1

MD5	`f5688adfeaf35cd6be99948b3e39f323`
SHA1	`2f55833ab355e954606909994f39dda329ac124f`
SHA256	`e4c3899536c9b4e013c94c9d414ad6c0902675cabdca901b48355f1cfc5b257c`
SHA3	`250e3c80907146c70bf643680ffe1d340a35f3acc2c6b24760df231480e9ac57`
VirtualSize	`0x40`
VirtualAddress	`0x15f7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x150c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.436447`

_RDATA

MD5	`93e3600fddbd257754805de37c8560f8`
SHA1	`d7d6b83fbf19677ce7bffd115892ecce2bae54b8`
SHA256	`e5353d7e4f0d74b9d174fdebc05b8a75c63d1f3523b190e1385f2ebfa0137d18`
SHA3	`49f7d3d346cf2fbb5ebf934d6720b42805fa08668702ede0ce767840cf79c26f`
VirtualSize	`0x1200`
VirtualAddress	`0x15f8000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x150c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.73306`

.rsrc

MD5	`363b940b8142367b328d6f7208cc0097`
SHA1	`aee5652643867e373b069a324e43ee0b16fa1cc0`
SHA256	`e3601c89d78a6c05654ab96439d831825367433ab521f194b47eed28e855bf21`
SHA3	`0cc7f0c9e6230532b337d397e95312d1dc7877e791ea784ec6c10a41cdf6ed2f`
VirtualSize	`0x8a748`
VirtualAddress	`0x15fa000`
SizeOfRawData	`0x8a800`
PointerToRawData	`0x150da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.14487`

.reloc

MD5	`21f5f0ecf654200fd958b68959ff276f`
SHA1	`bbe9d36c8b56d72be3242c1786521e32c2a520ae`
SHA256	`a66a74ce3985c7e1dd56e56517e5c1a88096a122bc343fc9305b3b9a6218e7fa`
SHA3	`12de3fc0e150faf2a1faa7563130229ba92bd55ab93b6d59d630e7e13068d24a`
VirtualSize	`0x2a684`
VirtualAddress	`0x1685000`
SizeOfRawData	`0x2a800`
PointerToRawData	`0x1598200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.27229`

Imports

HID.DLL	`HidP_GetCaps` `HidD_GetPreparsedData` `HidD_GetProductString` `HidD_GetManufacturerString` `HidD_GetSerialNumberString` `HidD_GetIndexedString` `HidP_MaxDataListLength` `HidD_FreePreparsedData` `HidP_GetData` `HidP_GetButtonCaps` `HidP_GetValueCaps` `HidD_GetHidGuid`
KERNEL32.dll	`GetSystemTimeAsFileTime` `GetModuleHandleA` `GetFullPathNameW` `GetCurrentProcessId` `GetCurrentProcess` `GetCurrentThread` `GetWindowsDirectoryW` `FormatMessageA` `SystemTimeToFileTime` `GetLocalTime` `GetTimeZoneInformation` `LocalFree` `GetModuleFileNameW` `InitializeCriticalSection` `ResetEvent` `GetTickCount` `ReadFile` `SetFilePointerEx` `WriteFile` `SetEndOfFile` `GetFileAttributesExW` `CreateFileW` `SetFileAttributesW` `GetFileAttributesW` `MoveFileExW` `FindClose` `FindNextFileW` `FindFirstFileW` `FindFirstFileExW` `SetFilePointer` `ReplaceFileW` `GetTempFileNameW` `LoadLibraryExW` `CreateEventW` `GlobalUnlock` `GlobalLock` `GlobalAlloc` `RemoveDirectoryW` `SetFileTime` `GetSystemTime` `GetDiskFreeSpaceExA` `lstrcpynA` `lstrcpyA` `lstrcpynW` `GetCommandLineW` `ExpandEnvironmentStringsW` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ResumeThread` `GetThreadContext` `SuspendThread` `RtlCaptureContext` `OutputDebugStringA` `GetEnvironmentVariableA` `GetFileAttributesA` `GetModuleFileNameA` `GetVersionExA` `GetCurrentDirectoryA` `VerifyVersionInfoW` `VerSetConditionMask` `GetVersionExW` `GetSystemPowerStatus` `GlobalMemoryStatusEx` `GetUserDefaultUILanguage` `GetComputerNameW` `GetTempPathW` `LocalAlloc` `SetUnhandledExceptionFilter` `OpenEventW` `DebugBreak` `GetCurrentDirectoryW` `GetOverlappedResult` `CancelIo` `GetFileSize` `FileTimeToDosDateTime` `FileTimeToLocalFileTime` `lstrlenA` `GetFileTime` `VirtualQuery` `GetQueuedCompletionStatus` `SetErrorMode` `DecodePointer` `EncodePointer` `HeapAlloc` `HeapFree` `RtlPcToFileHeader` `RtlUnwindEx` `HeapReAlloc` `InitializeCriticalSectionAndSpinCount` `CreateThread` `DuplicateHandle` `ExitProcess` `SetConsoleCtrlHandler` `ExitThread` `GetCommandLineA` `GetStartupInfoW` `FileTimeToSystemTime` `GetDriveTypeA` `FindFirstFileExA` `GetStdHandle` `GetLocaleInfoW` `UnhandledExceptionFilter` `TerminateProcess` `HeapSetInformation` `GetVersion` `HeapCreate` `FlsGetValue` `FlsSetValue` `FlsFree` `FlsAlloc` `SetHandleCount` `GetFileType` `GetConsoleCP` `GetConsoleMode` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `FlushFileBuffers` `SetStdHandle` `GetStringTypeW` `LCMapStringW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetFullPathNameA` `GetFileInformationByHandle` `PeekNamedPipe` `CreateFileA` `WriteConsoleW` `GetUserDefaultLCID` `GetLocaleInfoA` `EnumSystemLocalesA` `IsValidLocale` `CompareStringW` `SetEnvironmentVariableA` `GetDriveTypeW` `GetProcessHeap` `FlushConsoleInputBuffer` `SwitchToThread` `SetThreadAffinityMask` `GetProcessAffinityMask` `InitializeSListHead` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `InterlockedFlushSList` `OpenEventA` `SetWaitableTimer` `CreateWaitableTimerA` `GetSystemDirectoryA` `SetConsoleMode` `ReadConsoleInputA` `GetTimeFormatA` `GetDateFormatA` `CreateMutexW` `FlushInstructionCache` `CreateSemaphoreW` `SignalObjectAndWait` `GetModuleHandleExA` `LoadLibraryExA` `GetThreadLocale` `VerifyVersionInfoA` `ExpandEnvironmentStringsA` `CreateIoCompletionPort` `SetHandleInformation` `FormatMessageW` `CreateFileMappingA` `MapViewOfFile` `UnmapViewOfFile` `GetCurrentThreadId` `HeapQueryInformation` `SetThreadPriority` `CreateMutexA` `ReleaseMutex` `GetModuleHandleW` `TryEnterCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `RaiseException` `HeapSize` `SleepEx` `SetDllDirectoryW` `CreateDirectoryW` `WaitForSingleObject` `WideCharToMultiByte` `LoadLibraryA` `SetEvent` `IsDebuggerPresent` `ReleaseSemaphore` `WaitForSingleObjectEx` `CreateSemaphoreA` `TlsSetValue` `TlsGetValue` `TlsFree` `TlsAlloc` `GetSystemInfo` `VirtualAlloc` `VirtualFree` `VirtualProtect` `DeleteFileW` `CopyFileW` `GetStartupInfoA` `LoadLibraryW` `GetProcAddress` `FreeLibrary` `CreateEventA` `CloseHandle` `Sleep` `SetLastError` `GetLastError` `MultiByteToWideChar` `QueryPerformanceFrequency` `QueryPerformanceCounter` `GlobalMemoryStatus`
USER32.dll	`GetAsyncKeyState` `ClientToScreen` `RegisterRawInputDevices` `GetMessageTime` `MapVirtualKeyExA` `GetMessagePos` `GetRawInputData` `GetKeyNameTextW` `LoadKeyboardLayoutA` `GetRawInputDeviceInfoW` `GetRawInputDeviceList` `wvsprintfA` `GetWindowLongPtrW` `SetWindowLongPtrW` `PostQuitMessage` `GetMonitorInfoA` `SetFocus` `GetFocus` `ShowCursor` `SetWindowTextW` `GetDlgItem` `IsDlgButtonChecked` `CopyImage` `SetWindowLongPtrA` `KillTimer` `GetMessageA` `PeekMessageA` `SetWindowPos` `SetCursorPos` `ClipCursor` `SystemParametersInfoW` `RegisterDeviceNotificationW` `GetMessageExtraInfo` `PtInRect` `DispatchMessageA` `UnregisterDeviceNotification` `SendMessageTimeoutA` `IsIconic` `wsprintfA` `DestroyIcon` `MonitorFromWindow` `LoadCursorA` `SetCursor` `GetSystemMetrics` `GetDC` `ReleaseDC` `CreateIconIndirect` `IsClipboardFormatAvailable` `GetClipboardData` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `GetCursorPos` `WindowFromPoint` `IsWindowVisible` `GetCaretBlinkTime` `MessageBoxW` `UpdateWindow` `GetKeyState` `LoadImageW` `DialogBoxParamA` `EndDialog` `SetForegroundWindow` `ScreenToClient` `CheckDlgButton` `GetAncestor` `CreateDialogParamW` `PeekMessageW` `ReleaseCapture` `SetCapture` `RegisterClassExW` `DialogBoxParamW` `LoadIconA` `SendDlgItemMessageW` `SetDlgItemTextA` `SetDlgItemTextW` `MessageBoxA` `CopyRect` `OffsetRect` `GetDesktopWindow` `AdjustWindowRectEx` `GetWindowPlacement` `GetWindowRect` `SendMessageA` `UnregisterClassW` `IsDialogMessageW` `DestroyWindow` `GetProcessWindowStation` `GetUserObjectInformationW` `DefWindowProcW` `RegisterClassW` `CreateWindowExW` `EnumDisplayMonitors` `EnumDisplaySettingsA` `EnumDisplayDevicesA` `GetClientRect` `EnableWindow` `SetTimer` `ShowWindow` `GetParent` `ValidateRect` `MsgWaitForMultipleObjects` `DispatchMessageW` `TranslateMessage` `SetWindowLongA` `ChangeDisplaySettingsA` `CreateDialogParamA` `GetWindowLongPtrA` `GetWindowLongA` `GetThreadDesktop` `GetUserObjectInformationA` `EnumWindows` `DestroyCursor` `RegisterWindowMessageA`
VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueA`
ole32.dll	`PropVariantClear` `CoCreateGuid` `CoTaskMemAlloc` `CoTaskMemFree` `CoCreateInstance` `CoUninitialize` `CoSetProxyBlanket` `StringFromGUID2` `CoInitialize`
SHLWAPI.dll	`PathCanonicalizeW` `PathFileExistsW` `SHDeleteKeyW`
ADVAPI32.dll	`RegCloseKey` `RegisterEventSourceW` `ReportEventW` `DeregisterEventSource` `CryptImportKey` `CryptVerifySignatureA` `CryptDestroyKey` `OpenProcessToken` `GetTokenInformation` `GetSidSubAuthority` `GetUserNameA` `RegOpenKeyExW` `RegCreateKeyW` `RegSetValueExA` `RegQueryValueExA` `RegDeleteValueA` `CryptReleaseContext` `CryptDestroyHash` `CryptGetHashParam` `CryptHashData` `CryptCreateHash` `CryptAcquireContextA` `RegQueryValueExW` `RegSetValueExW` `RegCreateKeyExW`
GDI32.dll	`SetPixelFormat` `SwapBuffers` `GetDeviceCaps` `GetObjectA` `DeleteObject` `CreateBitmap` `CreateDIBSection` `ChoosePixelFormat`
SHELL32.dll	`SHFileOperationW` `SHGetFolderPathW` `ShellExecuteW` `CommandLineToArgvW`
OPENGL32.dll	`wglGetCurrentDC` `wglGetCurrentContext` `wglCreateContext` `wglMakeCurrent` `wglDeleteContext` `wglGetProcAddress`
WINMM.dll	`waveOutGetNumDevs` `waveOutGetDevCapsA` `waveOutGetDevCapsW` `timeEndPeriod` `timeBeginPeriod` `timeGetTime` `waveOutClose` `waveOutOpen` `waveOutUnprepareHeader` `waveOutWrite` `waveOutReset` `waveOutGetPosition` `waveInAddBuffer` `waveInPrepareHeader` `waveInUnprepareHeader` `waveInGetDevCapsA` `waveInGetDevCapsW` `waveInStart` `waveInOpen` `waveInClose` `waveInReset` `waveOutPrepareHeader` `waveInGetNumDevs`
WS2_32.dll	`WSACloseEvent` `WSAEventSelect` `WSACreateEvent` `getsockopt` `WSACancelAsyncRequest` `WSAAsyncGetHostByName` `WSAWaitForMultipleEvents` `setsockopt` `ioctlsocket` `closesocket` `WSACleanup` `ntohl` `htonl` `ntohs` `htons` `WSAResetEvent` `WSAEnumNetworkEvents` `WSASetEvent` `getpeername` `getprotobyname` `recv` `gethostbyname` `shutdown` `listen` `accept` `WSARecvFrom` `WSAIoctl` `getnameinfo` `getaddrinfo` `recvfrom` `sendto` `send` `gethostname` `socket` `connect` `bind` `inet_addr` `WSAStartup` `select` `__WSAFDIsSet` `inet_ntoa` `getsockname` `freeaddrinfo` `WSASocketA` `WSASetLastError` `WSAGetLastError`
OLEAUT32.dll	`VariantClear` `SysAllocString` `SysFreeString` `VariantChangeType` `VariantInit`
IMM32.dll	`ImmReleaseContext` `ImmSetOpenStatus` `ImmGetCompositionStringW` `ImmGetConversionStatus` `ImmAssociateContextEx` `ImmAssociateContext` `ImmGetContext` `ImmSetCompositionStringW`
DNSAPI.dll	`DnsQuery_A` `DnsFree`
IPHLPAPI.DLL	`GetIpAddrTable`
WINHTTP.dll	`WinHttpGetIEProxyConfigForCurrentUser`
MFPlat.DLL (delay-loaded)	`MFGetStrideForBitmapInfoHeader` `MFStartup` `MFCreateAsyncResult` `MFCreateMediaType` `MFCreateSourceResolver` `MFCreateAttributes`

Delayed Imports

Attributes	`0x1`
Name	`MFPlat.DLL`
ModuleHandle	`0x14b6de0`
DelayImportAddressTable	`0x1426f60`
DelayImportNameTable	`0x1388868`
BoundDelayImportTable	`0x1388988`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x138c838`

NvOptimusEnablement

Ordinal	`2`
Address	`0x138c834`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.75133`
MD5	`458e8867bce625d0867a93550ea21141`
SHA1	`2ad14766aee4a838832014ce89404cc4fc1be763`
SHA256	`a66b023e33ae21d87fa6b119c8239b739d41054a2d817f88b55c60cf25ab0f23`
SHA3	`afbf9732e7597d4cdd85769d41dcb2d4c5c703ff456aeeaf5be0a37f1218e3ee`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.96185`
MD5	`81f167de361054eb3de0253194a44e11`
SHA1	`18f9bd53cdf08827fb1c99a75b9e0e60749ca859`
SHA256	`6b5783e847b39e217c5ca6174d8cffefa5adbb140a1b96938a60815cd7fdf94c`
SHA3	`ee49902d2424edaca3592f71711405500c3c281b315d0d8d033d2456e5bf8220`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06011`
MD5	`e1d1a890e75e91fe8cd995b8dad873a9`
SHA1	`54f27647e61175e036530ef629c89905940d9421`
SHA256	`8a9778bb0195f03b91805b8b71c59d0dba2069aaacff053be3753368d446c101`
SHA3	`5b3d4d761851a662c7309593974a629b50067eba3e68380274a8ab2e9c50d9b3`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.07023`
MD5	`106e3a0bceffd48c6839f6a8079e548c`
SHA1	`3e4954aaeb95027edd4050056d8a3eac7bf83f1f`
SHA256	`24f6920bc3267fe988126e028ce603d294c67d6f45d8bde012340f5c4d5e63f9`
SHA3	`a8b087ec5d32fcc12c6ed3cc3bcd208c386424678f2d558690764500f85a0854`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12294`
MD5	`adec4fdbd7215654a83259b275747b10`
SHA1	`aea0d4cdfaca4ab779ae18185c183bcd01856478`
SHA256	`9ccaf4c8aa909d07e47653b36b55f0ef26755f022021493faef162966da49bd2`
SHA3	`ae0cb1870f13b7b8c6c764b531a03eef3894c934c847ec71e06b1fb8943caa63`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.13153`
MD5	`3d065b11664d99b23c022b8e4ea79d1b`
SHA1	`34728c50a571ffe6451387b6adc87882fc915cd7`
SHA256	`4c6cd06075513e5cd3fa5c84d0cfd63b757f48eaebd6ff5411891fc1bdb7528b`
SHA3	`31963de17b2c5f37b4e2290fae45a1edb49f202337313e47e2b88e2eeea74a25`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.13658`
MD5	`fbb488a0c64ca360a22af46b445df200`
SHA1	`bc06c0237e0b5028a0783e45ec17ebd1860cd25c`
SHA256	`76a8b07c3da863b35e3326d1daeeaf8a829f7830addf9b8b3286844886aa45fa`
SHA3	`859234bd7ec5a91e82d05e985cc428b57cd53a2242b98115210908e768f8e503`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.13898`
MD5	`02d1389b7a61828a697dabf149a63ee5`
SHA1	`5662ebaac1066d0a68056e5f162d5cb902316def`
SHA256	`e5649887bf428665573ce83048e8a5e75610c2ba9acd413dd8e5903fdee7edec`
SHA3	`2e95e53c1235f139631be557596281735a89135bf4208de2737dae161a459ba1`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.13889`
MD5	`ae424eaefc11f0497ca72daaa8d91f15`
SHA1	`18d2976fb75fd8dd911b740138a28cb3d000410d`
SHA256	`7a64a9762f8216b3943e4e4d47b1f34bf6ff122ad1f48367903497d646571dfc`
SHA3	`c3468c711565d861815887ee858d787d983d80733fd140ca12ce90081390285f`

9 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x124`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99471`
MD5	`b62b6b1e4cd3054ab1b07b033356d108`
SHA1	`c0170ce1c06de46e62508e1d774d64e952cd111a`
SHA256	`6a3c71d7f89e83280ff2aa75c76d49c3239060f8ee53cfc2692e05c4fc9c7eab`
SHA3	`9e885ae1d0f740d603c9ef2ca1a92c8a61ddb587a0f50bee653496e0ac8fe4f6`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98084`
MD5	`2165d3c35627dfb0f24dfa8839b650c1`
SHA1	`5168d394292dd31902f3f8112b22cd604529f378`
SHA256	`7aa854f2b6bf3241c666d0b851ecaea27082934a4b2fa43db752591dfcf9434e`
SHA3	`395d76a75afaab97318d9ea2f3785b5ade74331f689f98e69f22f301be84d67a`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19606`
MD5	`e71ed01bef9a6e44b5a60f28e2d14320`
SHA1	`28a0948d37b93bfd392044a4338968bd3f4de535`
SHA256	`af380b7f1f6bedba49ef3833569a36314f9834b759bfbdc7f5474d65081186c6`
SHA3	`a275daef8cf31a8e4d53a63b80b73137c0c41a126920ed0b63416f8643332d35`

108

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xdc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23439`
MD5	`89647fd8d7ee80b9e9e46db2a1053a29`
SHA1	`10dd88f00a8f56cce48908628abe1215235f624a`
SHA256	`692985cf029eb28098357336ea128b16211fb8fb8ab3e8f90949a952a2514f65`
SHA3	`01c77f889f7bb48a0744fe4f076df03cf74591df831c9d043237c2a7a7426f3e`

109

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09377`
MD5	`839f2e562a1f062fd873414ab28cf1d2`
SHA1	`ed961a5852bd1ac5b55fa8fd70fa8213754abc57`
SHA256	`296b7d861a9ee473d4e8a62f9d7adb025d1fbe8e61206870f426e5c870a98936`
SHA3	`6a4b1fab7319e07585d923be21a3d852ecc1988286973bf8440e25f2a35a3cd0`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36221`
MD5	`986493c75fc8ed19f3816307e850dc0a`
SHA1	`a036a3af819700c0010945026e5f359dbd0d8c8b`
SHA256	`a15970d5d36a1f3930ddb7844df8532d6ed7c7631f4d824b525ef62d489e6391`
SHA3	`b16205a7b5391d0928c54a9908d6e49f5f820bb33b0b0de9be560b8a5f518601`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.6.2.37180
ProductVersion	5.6.2.37180
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	5.6.2.10654012
ProductVersion (#2)	5.6.2.10654012
Unity Version	5.6.2f1_a2913c821e27

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Jun-18 07:26:00
Version	`0.0`
SizeofData	`137`
AddressOfRawData	`0x128f0b8`
PointerToRawData	`0x128e6b8`
Referenced File	C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\player_win_x64.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xabac1e52`
Unmarked objects	`0`
C objects (VS2012 build 50727 / VS2005 build 50727)	`1`
C objects (VS2008 SP1 build 30729)	`28`
173 (VS2010 build 30319)	`1`
Imports (VS2008 SP1 build 30729)	`37`
C++ objects (VS2010 build 30319)	`7`
136 (VS2008 SP1 build 30729)	`1`
135 (VS2008 SP1 build 30729)	`3`
Total imports	`541`
152 (20115)	`6`
ASM objects (VS2010 SP1 build 40219)	`33`
Unmarked objects (#2)	`206`
C objects (VS2010 SP1 build 40219)	`1063`
C++ objects (VS2010 SP1 build 40219)	`1205`
Exports (VS2010 SP1 build 40219)	`1`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

Leave a comment

No comments yet.