Manalyze report for 7c09aaf193c5f9f2540eba85501726a9

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-May-20 09:00:19
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb
FileVersion	`2020.3.10.2719096`
ProductVersion	`2020.3.10.2719096`
Unity Version	2020.3.10f1_297d780c91bc

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.3794% of the executable.`
Safe	VirusTotal score: 0/71 (Scanned on 2025-10-04 05:29:20)	`All the AVs think this file is safe.`

Hashes

MD5	`7c09aaf193c5f9f2540eba85501726a9`
SHA1	`2077d0e5127e3f0a3c80424961d16c4322a4f8ca`
SHA256	`b70ba9a98b073d34a1fe860384fbabbe583387bbe9ca5d92bb092463dde50f06`
SHA3	`02a164aca23bfea6abe2f89bf74835e53617eb65d45bf77487a44845dee660bc`
SSDeep	`6144:SpC62lkCMWQUerGmcOYVWB6iF4PTbUekknciP50sZIzU3upvzKi+ppUZB4ft:S4eCDgGgYVtw4r5kkciP5p30OinvWt`
Imports Hash	`5f74a5c747508e2822fdb9b687deaf42`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2021-May-20 09:00:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa200`
SizeOfInitializedData	`0x96600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa5000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`21b36fdaef4252cfff5d97233a08237d`
SHA1	`9169d9d590945e9449a0650b633fe17015740f97`
SHA256	`1d5305f7e37da4709ba7b7140c745a8bfd40e1645f5a2240a35d36cc4e7ebf6e`
SHA3	`5b3b61078be056f6f0b5fa1bcd81112af0c0030a1af3156f861ac5d670a0b9b6`
VirtualSize	`0xa120`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39577`

.rdata

MD5	`04825b74921f0399b038d996f4d21520`
SHA1	`a7c9bf5f47efe4c8fe39c2115a5c16516878bd7a`
SHA256	`024226f86c4d49ac27d83f2e120aa332e0ad82c55d4a1597f5978e5f627b5500`
SHA3	`ae9d622444796276709742612a381cdfedb22f23ffb2af17d53fd0b6634b9d5f`
VirtualSize	`0x8c5e`
VirtualAddress	`0xc000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65243`

.data

MD5	`a9e79420695e9bc679ca784c3876e94f`
SHA1	`85d68049c56be1369a584c2cef1f26bece917c8f`
SHA256	`a64f2a1dd771a4ddc2a8b9ebecec8d75683a19da0fcb7c92b1ca380ca540a055`
SHA3	`902fec18ac997b92fb99b25384f1c089fc9ae1ab1d849e846fff2b3a4d2bd9fa`
VirtualSize	`0x1cd8`
VirtualAddress	`0x15000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.67624`

.pdata

MD5	`1063600acd63dabfe63d12849686b634`
SHA1	`afb48051e210d322b89b35b107cfdd3c081e6eb0`
SHA256	`e74fd6df00f224c718b9e961e0f5bfb66ad096ee5367bc368a7511504e6753fd`
SHA3	`7c8904447aec520dd5ad9142ee328fc8094c3b055bec0da3997ca87f3c309370`
VirtualSize	`0xc48`
VirtualAddress	`0x17000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.35289`

_RDATA

MD5	`1960efd573f3d23522c840210d59fb7e`
SHA1	`47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2`
SHA256	`ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4`
SHA3	`225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4`
VirtualSize	`0x94`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.08512`

.rsrc

MD5	`8078c75dc7b946990e7a0d41568629e3`
SHA1	`6e24a6ecac383762aef486d8426ec50e3a0cf7b8`
SHA256	`ff6b525824fb65d2bf5760294e9de827db3f7537f8a2ca0bd556b674f4c2dba2`
SHA3	`8e89fb698762336ff369741b7c1230bc5164e6c99c133d408c9195077f25e978`
VirtualSize	`0x8a0d8`
VirtualAddress	`0x19000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.27421`

.reloc

MD5	`a9c3cf69888151777a2a472fa85313df`
SHA1	`a5410c074ce059a802887d8ef48a198d601aa9e3`
SHA256	`02d5b365a568a1cfd46be8549a8fee9793a57a8d69c3544d8232330a87a3d7ad`
SHA3	`874351b3eea840f9c0337e4533e9a1b535fab5c0ccdeba911f149a1902c60a44`
VirtualSize	`0x634`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.78467`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x15004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x15000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24175`
MD5	`2cb18f6bd87a59be2ce92d49f2e8a150`
SHA1	`0b7ff2e1f77910d769e833905caea8f12b0fc287`
SHA256	`94009c1ed8eeb24fdc8b7ca26f81f246689808486384d68f4296a9fe17706efe`
SHA3	`f8ebcc420867f869ea44da88aeb90ca37d4c476d579df1197595ab51548bc5d0`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.25463`
MD5	`69aa86dc7cd6bb3c7acac18c28bb377e`
SHA1	`69937b019b290f350e6a269a8fbb03fde3effb6c`
SHA256	`8afe6c9b5653ef4380d6c87cce90d345354aea88008f9c506267ca27de3d84dd`
SHA3	`4a9d03a5640044bb1ca6cb3d5de75f38d27f6d24c9d0d87bafc2c216045c182d`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28145`
MD5	`eccad90130cca24ea4ea8a0dca55b894`
SHA1	`5e9509c20d9af75abe0a48a3e05351fc7fe4e877`
SHA256	`1bdc4106236976d482299958f3515c94e20092d1ee6fe906895f4cb1ed589872`
SHA3	`1c770ad896a88842e1afa2f472e8dcf6612d873d2d1ac579f73be1241452d60b`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.30795`
MD5	`2a872611152bea5518a46c0ccce5ff7c`
SHA1	`3c428db7ac6ca2188938637de3540de0cb58ad79`
SHA256	`64772b90c8040106f517fed4f3411b5f19ec633ace2249d3231cc6c24ba493ef`
SHA3	`c36b0787de93602e672b9f2dfd55ac735400ccde8f16e4644fb0d5705e2d5310`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34731`
MD5	`c2092a78b7083b3cf410344c79262178`
SHA1	`d57c33a9bf34c6ebb87dd547f03827ac95dbb0c0`
SHA256	`ff22b7fa144bab0b31d97fd3641655803a87ad2f728c0e58ade9b65cc058c848`
SHA3	`a03c05616a455b4cb3b42f09ac7a1371473075a29a11638b06d3b2e8049fe8b0`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.32999`
MD5	`231653b592438a0dcf24cec61015b4cc`
SHA1	`bb939bb0801a5434076b1324364593ab501eed59`
SHA256	`77d8317033fd4a5348ad0820dc6fc37e72d903caf55f14b2278471c542d9f530`
SHA3	`613706f91ad007b0bdba1fd2fdbe3ae57d061b7e056a4823ebbe590fbe89813e`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.39129`
MD5	`40939a92d6e7f6226970a767c482db64`
SHA1	`a5407e2aaacd6f4fd0f9ffa6c199478b1195aea7`
SHA256	`a4456ad4ef6c6f48ef19dd28d41a183c6c83301a233964f4b8987e77d06723ab`
SHA3	`6435674553c0defc1055c562712ac306c90ed573aba3e39f0c042eb206827e66`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34906`
MD5	`256954ca090f1dba9f7e5daf045ed718`
SHA1	`0e510eca9609053882e7f8ed1ec748ce0697c8e0`
SHA256	`9c6c3e2250c274c87dfbb6094405af5a5dba4330e0a5429ac6c4511f6750da8c`
SHA3	`a7f94d9ff5a0d377a773cfb51a666b48999179bada38f3fac75149c997f00a8a`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.17082`
MD5	`8b4999bd8c6c74d84cf089f937039863`
SHA1	`d77fa924c5e6f1546c469ddd559938269b5cd706`
SHA256	`dcae4ecf68c844ca53d199d90b616c18de33c0a6fc30f0cea1f8c26eeb203027`
SHA3	`ea63fef14cdbb38bf3e662bff3a6c60eb26565002ec188cd1063e7b896ba772f`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41267`
MD5	`4e000f4aa70479292dc4715ecaf7fdf7`
SHA1	`cf03f6092742375931c310931d4dcd377fdfed88`
SHA256	`e07bb6f97f434d83e0f9dd25d798009c5d7d7c9ba1e7c2abadb7cf92569b042c`
SHA3	`74585c318c83d35fbb7e60a7c663ced4a4d1f9849fe04c1ae6e59975537b0797`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2020.3.10.32120
ProductVersion	2020.3.10.32120
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2020.3.10.2719096
ProductVersion (#2)	2020.3.10.2719096
Unity Version	2020.3.10f1_297d780c91bc

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-May-20 09:00:19
Version	`0.0`
SizeofData	`132`
AddressOfRawData	`0x13730`
PointerToRawData	`0x11d30`
Referenced File	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-May-20 09:00:19
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x137b4`
PointerToRawData	`0x11db4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-May-20 09:00:19
Version	`0.0`
SizeofData	`712`
AddressOfRawData	`0x137c8`
PointerToRawData	`0x11dc8`

TLS Callbacks

Load Configuration

Size	`0x130`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015030`

RICH Header

XOR Key	`0x69197163`
Unmarked objects	`0`
C objects (VS2017 v14.15 compiler 26715)	`10`
ASM objects (VS2017 v14.15 compiler 26715)	`5`
C++ objects (VS2017 v14.15 compiler 26715)	`136`
Imports (VS2017 v14.15 compiler 26715)	`2`
C++ objects (VS 2015/2017/2019 runtime 28427)	`37`
C objects (VS 2015/2017/2019 runtime 28427)	`16`
ASM objects (VS 2015/2017/2019 runtime 28427)	`8`
Imports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`3`
Total imports	`85`
C++ objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`2`
Exports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Resource objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Linker (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`

7c09aaf193c5f9f2540eba85501726a9

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors