Manalyze report for cd027c995e06a83fa812e136ea3897964f34e76ffb54c3a0b98b84527cb1bda8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Sep-22 13:34:36
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win32_nondev_m_r\WindowsPlayer_Master_mono_x86.pdb
FileVersion	`2019.4.11.2988036`
ProductVersion	`2019.4.11.2988036`
Unity Version	2019.4.11f1_2d9804dddde7

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 88.2452% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2023-10-23 22:58:21)	`All the AVs think this file is safe.`

Hashes

MD5	`803257c1c33b94869ad9ffbc64c0f455`
SHA1	`ee96d5ae37a2a759518f446f58e582ea3c27dcdf`
SHA256	`cd027c995e06a83fa812e136ea3897964f34e76ffb54c3a0b98b84527cb1bda8`
SHA3	`92a26b6dceb45024546fde5053afc29f547e939e1108571895063b34c53e85f3`
SSDeep	`6144:/Vls9uTi4DLS9t6xGH2oRnNiBGhyKOj8gqp12t769As9nyMTcm486Xo5MJSEsCa:N+rcrho5M9OHLP`
Imports Hash	`93d7bb032e5b4ede025420a3defb9706`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2020-Sep-22 13:34:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xae00`
SizeOfInitializedData	`0x91e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000125D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa0000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`db1f15be09b789283a7850e61d3d2ed9`
SHA1	`3dc68d97a4b336170e796e7de67d9ed7406ca1a7`
SHA256	`39173c9dc8014fc31a05bf2b5a2403004e7946b3d1f00ea28644f708f7abee8b`
SHA3	`7ddd3e8ecae2eefe04d89c92d06533589dd4befb048f6f574d748661c48d3197`
VirtualSize	`0xac07`
VirtualAddress	`0x1000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59524`

.rdata

MD5	`1ebdcd8bd6cb4ffa6b0da968d510bc4a`
SHA1	`2cecb70e3cf8c6d93d035f3ae230d148b68a3858`
SHA256	`d30718154afb4e2a12cbb0c0ec7e7856cf19ce59beb352ce45209aac091ac0cb`
SHA3	`46941823ae4e7f29d290d957930a2055a5f7fefac9d7e7bc42c33f76294ad9fd`
VirtualSize	`0x593e`
VirtualAddress	`0xc000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0xb200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.85905`

.data

MD5	`1e19c674a19facad078a63ef812dda50`
SHA1	`65f38401a2b3fc61f41771c1e72e9aa73fd10799`
SHA256	`c4cf693f8d4d834aff4a4197177982ea8c0b8cb49af91fefe52400f22f4be1e2`
SHA3	`b01bb11e9989bb2c8315f2bb119c2fec9f66f8c08ab4350959948bc6b6f03bfb`
VirtualSize	`0x12b4`
VirtualAddress	`0x12000`
SizeOfRawData	`0x800`
PointerToRawData	`0x10c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.00867`

.rsrc

MD5	`2575165971839a0c8f6f3870b93d7337`
SHA1	`b03038e1075eb28e6c0acf9fff5b4a55cb30cbab`
SHA256	`ab725a913b8a9e2f3bf764017d0d5d3170d7a654782271aa84fdd33c2f35b6c8`
SHA3	`2a3157651775f3c0c420d0f6af0de1e3eae8f6eb0f4ff82b03d7fb2f2a34152e`
VirtualSize	`0x8a0d8`
VirtualAddress	`0x14000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x11400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.30781`

.reloc

MD5	`25e1753d72af594ac26f64810125b391`
SHA1	`7c0624cc0d5cc961ea96284928f1c1b04158e7d2`
SHA256	`2a418bf5f3798d42ded392bd99424322fa6065dbd2b03837f229a7f8ac14f2af`
SHA3	`dea2e06065ca3c2a46313e341e3ac93a3971a8e885926fed33373f60955f6dae`
VirtualSize	`0xdcc`
VirtualAddress	`0x9f000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x9b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4902`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcess` `TerminateProcess` `CloseHandle` `RtlUnwind` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `DecodePointer` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x12004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x12000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28708`
MD5	`6386992b5339b36f5a0795234cb75c34`
SHA1	`9a5e4ce35c055d3bf7686b485410fe554c251446`
SHA256	`4d22cf19906655e9cd539d251f79344c1f2f460afb6284b85a7a81663d7a0d55`
SHA3	`22f234a5c8420f34916f1835b1dc905d9bc789370de04ca8417f4124191a7616`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28523`
MD5	`5b42a5bfa083484f938585ccb39f978e`
SHA1	`b1b8ee12baeb9aaa73bcf71866e7ff2340009cda`
SHA256	`4fbe6ff74dfc3337a5e6ceace53cb888b048456e1f0dfd635d4ed1a34f9a8306`
SHA3	`96cfa4e55541107f1e815bc7549cf88e6038eb9054069cfc4d45d5effdfec931`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.30162`
MD5	`c3cca81ec5076abf7f2a874cabd3d204`
SHA1	`197b983740fa233bb7b3ec357b6f90a2e898cb1e`
SHA256	`c7f4d7c59e892d428076da3c767a015b14c7ff20974c577eade715ae5b5787ce`
SHA3	`d89efc783a50729150513587284ee5c0518ef9129849270b72e2197a361f59a8`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31119`
MD5	`ccc8fa214d08d8a79122795248b7ab51`
SHA1	`e8befd49ec075412b5fdc1c2c9e97728af0cc932`
SHA256	`f961feaaed247dddb5058366958c2fe9a56ef42f0575113066552ac612da02e7`
SHA3	`f8be51b530677c68ae02dca06483fbd8a5b219610d1fcf594d108c0ff9eaa582`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31925`
MD5	`046c783430048b28b406f8fed15eacbc`
SHA1	`104ff9b850963852113046edc0723786cbe9c08c`
SHA256	`3062633940fb2f4f8b9e5b3bd0d275ac91cb7f3021e46163f1cbaa781606b779`
SHA3	`c126d21f3ec7d5e0ab306eb404c7daa96d5f0b161a506e18d55a9d4073c49ca1`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.30529`
MD5	`1737e6065c48732a79331ceef6a2b200`
SHA1	`e6167fb4cee0e09152b70405beff42051b6d4fad`
SHA256	`f8379b05674fa7497689a9c98fd247fc69b7a12ef6aec8b9fda174b65429ee56`
SHA3	`c24559b2cceabf2d29c3a2b4267299babffefeb197c5a94f863be959f3e8647e`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34238`
MD5	`e69641678f2ca13832182511348bee86`
SHA1	`370f4ac2f7fb61c8619f7950dd170b1163f709a7`
SHA256	`8a63508e821948e9d2b2ea64ab1a5209718e6c08c3fec45c1fdc0c1fe3fe40b5`
SHA3	`3da89d701a53086400bc7b7b8ab41126e08f2129babc72f06ee5c03764b02117`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.30875`
MD5	`3f57184d8b0b1c975818a707415be912`
SHA1	`c40b8ba4d27032baa165fe3af02927c3261bd973`
SHA256	`7f9fb216d16b5b0a7f0ee66cec59e327a61b662231d3fa6a7a630925aff14743`
SHA3	`d4902f050426a924ce812e7b5f9eadc90eb4aa5b39f4a74e4bb91ae1f73340cb`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.1096`
MD5	`041549e18e2e8b68785a2ee7917a5d07`
SHA1	`32bc32a3f9d5d277b08734e522db2888d4cf6a05`
SHA256	`8521934399a680828a64a4e0bd978aabd54f8039317ab2e3bd96243f3cef0d4d`
SHA3	`3aa38e8db886f7c3cac5eddb2f9df930358b51cb785b2db18afd174ec29407d4`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39183`
MD5	`96f21833376f0c074b3ef0291a073702`
SHA1	`15887355c143bf6b3c86a89f3b82c97c655ed2ca`
SHA256	`de5c86e9fcb78f8c542a9789eba793086be228449fa6ad1a6e7d0ad932d0309f`
SHA3	`769fedb4db376d21ff15561d4c0d3c1d067f8ce0715fd516a0cfce1311eb07eb`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2019.4.11.38916
ProductVersion	2019.4.11.38916
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2019.4.11.2988036
ProductVersion (#2)	2019.4.11.2988036
Unity Version	2019.4.11f1_2d9804dddde7

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Sep-22 13:34:36
Version	`0.0`
SizeofData	`125`
AddressOfRawData	`0x10bbc`
PointerToRawData	`0xfdbc`
Referenced File	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win32_nondev_m_r\WindowsPlayer_Master_mono_x86.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Sep-22 13:34:36
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x10c3c`
PointerToRawData	`0xfe3c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Sep-22 13:34:36
Version	`0.0`
SizeofData	`672`
AddressOfRawData	`0x10c50`
PointerToRawData	`0xfe50`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x412018`
SEHandlerTable	`0x410bb0`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x64797d74`
Unmarked objects	`0`
ASM objects (VS2015/2017 runtime 25711)	`10`
C++ objects (VS2015/2017 runtime 25711)	`144`
C objects (VS2015/2017 runtime 25711)	`18`
Imports (VS2015/2017 runtime 25711)	`2`
C++ objects (VS 2015/2017 runtime 26706)	`36`
C objects (VS 2015/2017 runtime 26706)	`17`
ASM objects (VS 2015/2017 runtime 26706)	`18`
Imports (VS 2015/2017 runtime 27012)	`3`
Total imports	`78`
C++ objects (VS 2015/2017 runtime 27012)	`2`
Exports (VS 2015/2017 runtime 27012)	`1`
Resource objects (VS 2015/2017 runtime 27012)	`1`
Linker (VS 2015/2017 runtime 27012)	`1`

Errors

Leave a comment

No comments yet.