Manalyze report for c6a2b124cc0c6a9bcebc0a88066f8de64139533eea4ff6be787569c182322b2c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Mar-15 11:31:11
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb
FileVersion	`2018.3.9.9731614`
ProductVersion	`2018.3.9.9731614`
Unity Version	2018.3.9f1_947e1ea5aa8d

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.7865% of the executable.`
Safe	VirusTotal score: 0/71 (Scanned on 2026-03-28 22:02:12)	`All the AVs think this file is safe.`

Hashes

MD5	`3d094b211e1ec4628e2fa44b8723a2f7`
SHA1	`6f8d96de49a76f19c38353bd2b371a621235dbd6`
SHA256	`c6a2b124cc0c6a9bcebc0a88066f8de64139533eea4ff6be787569c182322b2c`
SHA3	`5ee8cbc25fec07ef379545ab02f7900318a1b1180ea1a70aed0cf568dac46f80`
SSDeep	`6144:TBCic2D7kN3QBqgPtQCDUJtZv3r5vOGFnPwwync4hnxSI/Cj7/q5NEvZXfamOhM:tLkN1CyWD3`
Imports Hash	`2903938ebca26120e91d0905dbfde587`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2019-Mar-15 11:31:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0x95c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001268 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa3000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e3959a3353a0c73333174f549d388e74`
SHA1	`ddd6e2efb0cca809074dfd5597e3c51a0b74fc6d`
SHA256	`40308324ce0101e9106893e9c2aa57981cbb7d275d154727ad8e54657eff05cd`
SHA3	`3bc5704bfa603c12d782251d650603bfe76d880487157a0efbb3c52ddd367f21`
VirtualSize	`0x9e80`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37547`

.rdata

MD5	`7f1aa1a1cea1a97c935703e2bb86b896`
SHA1	`a68c168b81fd0ee356becc6b7cdcde02908bd97d`
SHA256	`e33360bc3919a7cf89a8c79fe36a260bcff8b4266c55f53e2a15febf7d3738af`
SHA3	`f2971c19e2ac92074160ec89c6430b92e2a45c91c4196f2ed27413a1fb2a94ce`
VirtualSize	`0x87ce`
VirtualAddress	`0xb000`
SizeOfRawData	`0x8800`
PointerToRawData	`0xa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.75506`

.data

MD5	`e5723f0a96548881b4089bde74a34fc6`
SHA1	`1cc548e1b83bbe5f362a98ca6da244de6dade3bc`
SHA256	`ecf3f7a52f8a031db5c7ce8d9d8e05965b7fbde8e543ba56ea1662fdcd093dd7`
SHA3	`ea9bf9671edf6c6262b017ec3e6f18e282e6e1b832a5a96fc43b0d53d5a18c97`
VirtualSize	`0x1bb8`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.81096`

.pdata

MD5	`e66db456ae04138dcb237c5291e8eee0`
SHA1	`cf319e03da59e0027dbc745063b4877b4751f613`
SHA256	`a430de6014c7ac4e917ef44bfb3056041eaa1826bfc3fd9b5ae49854754fae8f`
SHA3	`f88e3bb467530326a62ce7d52572c594e43178feffb8a762d40420b094a4a5e2`
VirtualSize	`0xc30`
VirtualAddress	`0x16000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x13600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.31128`

.rsrc

MD5	`7d427be88a98a0d2bdc632a434bf9b6f`
SHA1	`ff64b20ffea7ffeae5056ad5992c78e06aa11b80`
SHA256	`26adf6853e9ecd045d1db7db2e5f132cf267b2c6dd9d2a084bf088b98ca5de5f`
SHA3	`515fba976c7112b8e3ea469e7ab92e53204a4f48c012163a338f462ebfe377f3`
VirtualSize	`0x8a0d8`
VirtualAddress	`0x17000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x14400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.87994`

.reloc

MD5	`e3aac30c773e88c2700a0e0f950592be`
SHA1	`2bf91fe5fe83ccb77977059ad2d6dbfefb19c443`
SHA256	`ced816cb4e98622677b5ca96407ddb8fddd97a04969717422058fd431560654a`
SHA3	`1e658d88e531b0977ab24a26bba64dd18e03ef3c7db199c804c3a262c9ffb89e`
VirtualSize	`0x614`
VirtualAddress	`0xa2000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.74269`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`TerminateProcess` `CloseHandle` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CreateFileW` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `WriteConsoleW` `GetModuleHandleExW` `HeapFree` `HeapAlloc` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x14004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x14000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.72352`
MD5	`cdf87b6f6b8718ae133e16a315b7cdd1`
SHA1	`fce9e440868f935bdc72f70dcde469c8b770a0df`
SHA256	`6830487da29d4c63b7eb4716c5db34b4cb9269c6c4c537072cff463a941202b9`
SHA3	`f33f8142ecb1776a6651bc82df09d7fc84c13759cdf27e038a66e7c31dfabdbe`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.89486`
MD5	`7b0e264339752561f12ab286de8c695d`
SHA1	`841fc6b73f9e8b91616532519f47eb74ff6d4769`
SHA256	`86b216345c9e36309c0dda72a221f3c155723738047ee5180dc711eb7dc53266`
SHA3	`76e01f91561611047821aad38f2e33c0b11281dcb551e5379af50d66d67badcc`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.98315`
MD5	`97efa17b2dbadb93f61cbdab156654ff`
SHA1	`f43445c031e47aeba566d59f65e1239bd0659df3`
SHA256	`2b00a98e94f2ec25df58242e7ecc128e038b0540d248b862264615baf21d6141`
SHA3	`f9163f74248a26782e404d33bbd08cbf8775c469da6903e11526dcfef9022521`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.97456`
MD5	`45d8f6de6075ea03e2c44e090ae803cb`
SHA1	`4fa6cd0c489de83253be4bc37c08ac8673c13776`
SHA256	`07acdf8138664cc662ce28aeb9cf7f1b7917de201c35c04fb39449c9d983398b`
SHA3	`7619d73dd8038660e318de23acfc41c2e7d4d449545f55480c7ff3a164435253`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.01033`
MD5	`445fc2663a0339ccc3df00925fe8a5c3`
SHA1	`f78fcc8af760405c3a9ac11472a750ccf160deba`
SHA256	`2a529b7ae2ee4abbbb413542978e9f4630bc2c03f6a70c5cfeca9a82d8d2d176`
SHA3	`8ed124282a8dd2f8ce6aed6baee18d997bb84b2a5e48d458b43df9f7e181b4f8`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.02726`
MD5	`01d6f4da724e5bf5f5dfa80a5df38494`
SHA1	`56909e6208a5ae30a560fc58292d67597a1a64f2`
SHA256	`ac3db3a4e769c5a44f5d99ff6b2455177214e23517640bc6417b0f3d9520d42d`
SHA3	`f1e86ab1cfe8be7e679dc5a1db81429207b3a114836528739eebcab86702382f`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.99156`
MD5	`57ac92521f6f6f56c579031cf3936980`
SHA1	`640a88184d75be97fe0201e78e85cf5d06b03b7d`
SHA256	`3cf548bb24672a810cddd0773edd7ef19d928436e35d42f7aa2ba293bc22eaec`
SHA3	`dde27f577f1c21f2046626fa4ddd9a5adb1ea37cff705d8a1958a1b9c18070c7`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.95198`
MD5	`b6bf9e2ddcd34effa81aa94da498b155`
SHA1	`5e6eb64c46003335fb954e92cb79f8142b82f0bb`
SHA256	`caabf283f3dbebf332190bb9059479bc3b9025113804c41e0427db9bdf91a7b0`
SHA3	`55af3b6d70b602f58a8433644ae03f2678c89c4222257f84125c9ef43073393b`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.63547`
MD5	`bf9b940fd5c8a3f1462be351592191a3`
SHA1	`0a1f0f18aa5ba4b1a326408f67946929825e5f97`
SHA256	`fdbcfeaea8e74d194a16ce50137ced12f93221341c11d4d422bc2da00e45716b`
SHA3	`8eea9217d472776c09b3e88b9b0d071c07655772a1ba09a96fd81288be260239`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42223`
MD5	`0e1295c5664cd211a7fbdbd979e9c0bc`
SHA1	`886cb6e7b46b107cbe6a6eb541b96ae0de4f86ea`
SHA256	`7bd9d45feecf8388314d2428db2a4d51425dc72fddd3eae4df7b921c02bc3077`
SHA3	`c0eff959d79f312c403a597f3c11830a2c33d44a37807c9b828cdedd8d6ecab1`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2018.3.9.32286
ProductVersion	2018.3.9.32286
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2018.3.9.9731614
ProductVersion (#2)	2018.3.9.9731614
Unity Version	2018.3.9f1_947e1ea5aa8d

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Mar-15 11:31:11
Version	`0.0`
SizeofData	`125`
AddressOfRawData	`0x122b0`
PointerToRawData	`0x116b0`
Referenced File	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Mar-15 11:31:11
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x12330`
PointerToRawData	`0x11730`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Mar-15 11:31:11
Version	`0.0`
SizeofData	`696`
AddressOfRawData	`0x12344`
PointerToRawData	`0x11744`

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140014020`

RICH Header

XOR Key	`0x5bef5e40`
Unmarked objects	`0`
C objects (VS2015/2017 runtime 25711)	`10`
ASM objects (VS2015/2017 runtime 25711)	`5`
C++ objects (VS2015/2017 runtime 25711)	`140`
Imports (VS2015/2017 runtime 25711)	`2`
ASM objects (VS2017 v15.?.? build 25930)	`9`
C++ objects (VS2017 v15.?.? build 25930)	`34`
C objects (VS2017 v15.?.? build 25930)	`19`
Imports (VS2017 v15.6 compiler 26128)	`3`
Total imports	`81`
C++ objects (VS2017 v15.6 compiler 26128)	`2`
Exports (VS2017 v15.6 compiler 26128)	`1`
Resource objects (VS2017 v15.6 compiler 26128)	`1`
Linker (VS2017 v15.6 compiler 26128)	`1`

Errors

Leave a comment

No comments yet.