Manalyze report for b4e7a05306db297a5a3f25e902793a55c9477d7c086f1c8f12f89b17add17a1b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Apr-05 19:25:16
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb
FileVersion	`2018.3.12.9108835`
ProductVersion	`2018.3.12.9108835`
Unity Version	2018.3.12f1_8afd630d1f5b

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.7871% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2024-01-31 20:22:43)	`All the AVs think this file is safe.`

Hashes

MD5	`f90a04c65199ff5ba6c0657887c73460`
SHA1	`6b346142d9765c7ee8b1be64ca4f615dd9edb74b`
SHA256	`b4e7a05306db297a5a3f25e902793a55c9477d7c086f1c8f12f89b17add17a1b`
SHA3	`e84cec47649890121d5ddbc8198934c72986c80c74dbf5774a2ad1d07fa2b48b`
SSDeep	`3072:NWqCiih9ID7kNwsL1QwM4aft3wIVpxtjl:NBCic2D7kN3QpFAOf`
Imports Hash	`2903938ebca26120e91d0905dbfde587`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2019-Apr-05 19:25:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0x95c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001268 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa3000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e3959a3353a0c73333174f549d388e74`
SHA1	`ddd6e2efb0cca809074dfd5597e3c51a0b74fc6d`
SHA256	`40308324ce0101e9106893e9c2aa57981cbb7d275d154727ad8e54657eff05cd`
SHA3	`3bc5704bfa603c12d782251d650603bfe76d880487157a0efbb3c52ddd367f21`
VirtualSize	`0x9e80`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37547`

.rdata

MD5	`86bf841fe89779847f02c3090a519467`
SHA1	`4efa39039d849b4d9a7365d921d7e527611f805f`
SHA256	`cb6e92b60b789c6c5f488d8679c776082eb992f755a666599fb3fc3e2d4eb3c9`
SHA3	`9c8d66c136680b42c64566a85ccef974d78d8f4d672ce5e8af7d1e53d0a76638`
VirtualSize	`0x87ce`
VirtualAddress	`0xb000`
SizeOfRawData	`0x8800`
PointerToRawData	`0xa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.75473`

.data

MD5	`e5723f0a96548881b4089bde74a34fc6`
SHA1	`1cc548e1b83bbe5f362a98ca6da244de6dade3bc`
SHA256	`ecf3f7a52f8a031db5c7ce8d9d8e05965b7fbde8e543ba56ea1662fdcd093dd7`
SHA3	`ea9bf9671edf6c6262b017ec3e6f18e282e6e1b832a5a96fc43b0d53d5a18c97`
VirtualSize	`0x1bb8`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.81096`

.pdata

MD5	`e66db456ae04138dcb237c5291e8eee0`
SHA1	`cf319e03da59e0027dbc745063b4877b4751f613`
SHA256	`a430de6014c7ac4e917ef44bfb3056041eaa1826bfc3fd9b5ae49854754fae8f`
SHA3	`f88e3bb467530326a62ce7d52572c594e43178feffb8a762d40420b094a4a5e2`
VirtualSize	`0xc30`
VirtualAddress	`0x16000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x13600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.31128`

.rsrc

MD5	`8dba5792a41e6b1fb815e3fbe171c5f6`
SHA1	`9d333c4fefbea1f090930860e166b211bb6752e6`
SHA256	`0003ae38f7b0c826c0d2168743d9bcf26d6d4a6d845259defe928c5ed42b57ff`
SHA3	`a3a976ea8661cb9c8face0c6130a33442358e4839ed1207b93d98b5c7f957e13`
VirtualSize	`0x8a0d8`
VirtualAddress	`0x17000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x14400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.91626`

.reloc

MD5	`e3aac30c773e88c2700a0e0f950592be`
SHA1	`2bf91fe5fe83ccb77977059ad2d6dbfefb19c443`
SHA256	`ced816cb4e98622677b5ca96407ddb8fddd97a04969717422058fd431560654a`
SHA3	`1e658d88e531b0977ab24a26bba64dd18e03ef3c7db199c804c3a262c9ffb89e`
VirtualSize	`0x614`
VirtualAddress	`0xa2000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.74269`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`TerminateProcess` `CloseHandle` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CreateFileW` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `WriteConsoleW` `GetModuleHandleExW` `HeapFree` `HeapAlloc` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x14004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x14000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25666`
MD5	`21961a0178475e13906d7120ce5f045e`
SHA1	`1dac6ddd7f19fd92467471504988f50fc3f90813`
SHA256	`63f7f2aef44cd9456ae5750be6a06db383dcc9df0b224e3ffba5e853d77bdde6`
SHA3	`1fa87547c070a13b754e6a7abbd43bcbf83ebc696e0b4dc96f37d0dcb5e14dfd`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88187`
MD5	`ba2d024d2ebd6db46cd279ec4507b9f2`
SHA1	`3632363fd81fc40f6afc474ed792deb999f0e9c8`
SHA256	`57c0290286373b0ebc9a706748ed5a3263025650718a0cb9762c7338446fff5d`
SHA3	`af9594818ea013c9d2c552c9790b7a495213c74fce8be00a31ede74421befb53`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67838`
MD5	`4032bcf36df7cd3f1fb698cf5f64aaa8`
SHA1	`620f90cfe9143d2fa4273f33833b472089d7b7b4`
SHA256	`b29291f564db1e644909e5c8d71c923448c06ea709b9b4419b128c1bb9708bf5`
SHA3	`e90c34ed9a6b0acddf42014c5e01d2e2c9bc5e7c02a0be6b1365b150b6e919fc`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40208`
MD5	`75bb86a20928975647355316ed6bf9c7`
SHA1	`9a7cbb74813f196d5160c3d046a9a748f7c06cc0`
SHA256	`e7f91f1dddc82fd1a7ef2100233de449410dba43e34f3c40c43faaa1ee8ee972`
SHA3	`f713a89d16c8de2f7bcb4daeff17b63a8db8d29a0b6851dc104dca60ff611d33`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.22922`
MD5	`55224334d047ede9fd17b9d058cfceca`
SHA1	`28ba75a78dd845a140d2f2f8e4262059873071a9`
SHA256	`8d4e9a8b5b5ea1b87741f579ed402258e65a9097e7f50244312f2d3fb5bdf5a1`
SHA3	`809598c931683a4d8d244db572cfe18dcdb3550d8c9c91b1917657c054fd3190`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05784`
MD5	`1f42636ec742846bf5d0ab6895f49e2f`
SHA1	`406d00f3150635998caf9a488cfc362cef20c5fb`
SHA256	`9d9374f7bac0d99ae137682daa76206d7a5cf0a85ccf7da24a30c08592cfd42c`
SHA3	`b0907413eca6a81d4e71aff46902a4f617f1610a7549056f616e0d5efbf2f8c0`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.946`
MD5	`47e4fbb651097c00d8519e25c1db6255`
SHA1	`405f48ebefb3d2e7f9e4dace5c6f4dad671553b6`
SHA256	`f13a6f4bf28efd6df60406a1d56b0eb89c62cd46fcada158263a6d462f09448f`
SHA3	`4b2ef87bd6209cf5e1bd38359a4f97b7700e35d12104fc0c762f58fd5ba9a290`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83778`
MD5	`464eb58cf46f6ac63d94412bbea8af96`
SHA1	`8008dbc934ab8efca4fd775e772a8d43c7812346`
SHA256	`fd5547dc4c051650888e8692ad714f0bcbc322459fcbea4777ad5e7ca8cc8c84`
SHA3	`9d49da205973dc190607523efdba39ed84a0de1480c54ac66071b4619fc00354`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.77297`
MD5	`689baca0ed5ca6ec1cb47b1d5dab4615`
SHA1	`dd98021bbd2828e8270fc93190fa9c7f138051d7`
SHA256	`826517b2ca39f482fec171033df578f7c187726c51273c970b1075e4f0cc7eb2`
SHA3	`553ddb9cf94a7d6f3f5773d1a85aa99238ceca35e5859b20e98b35953bea921b`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42331`
MD5	`4ea365605f157c39a440913896148e1a`
SHA1	`0e4e9d73d8e91b7c051b242957476dfa95a8b08c`
SHA256	`92261e4ab203c3514a8351868cf4c903274985437d8470a74c42241fc21492de`
SHA3	`7c2eb2dc3f35504d92cc1b9015ddbec480c219b124e9ddb40926137564fbbd61`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2018.3.12.64867
ProductVersion	2018.3.12.64867
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2018.3.12.9108835
ProductVersion (#2)	2018.3.12.9108835
Unity Version	2018.3.12f1_8afd630d1f5b

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Apr-05 19:25:16
Version	`0.0`
SizeofData	`125`
AddressOfRawData	`0x122b0`
PointerToRawData	`0x116b0`
Referenced File	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Apr-05 19:25:16
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x12330`
PointerToRawData	`0x11730`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Apr-05 19:25:16
Version	`0.0`
SizeofData	`696`
AddressOfRawData	`0x12344`
PointerToRawData	`0x11744`

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140014020`

RICH Header

XOR Key	`0x5bef5e40`
Unmarked objects	`0`
C objects (VS2015/2017 runtime 25711)	`10`
ASM objects (VS2015/2017 runtime 25711)	`5`
C++ objects (VS2015/2017 runtime 25711)	`140`
Imports (VS2015/2017 runtime 25711)	`2`
ASM objects (VS2017 v15.?.? build 25930)	`9`
C++ objects (VS2017 v15.?.? build 25930)	`34`
C objects (VS2017 v15.?.? build 25930)	`19`
Imports (VS2017 v15.6 compiler 26128)	`3`
Total imports	`81`
C++ objects (VS2017 v15.6 compiler 26128)	`2`
Exports (VS2017 v15.6 compiler 26128)	`1`
Resource objects (VS2017 v15.6 compiler 26128)	`1`
Linker (VS2017 v15.6 compiler 26128)	`1`

Errors

Leave a comment

No comments yet.