Manalyze report for f207bbb20a9f6386aaa40ebafa116d391092e3cc606bdea9e60d9bc7f015c4b6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Aug-10 03:59:44
Detected languages	English - United States
Debug artifacts	D:\unity\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\WindowsPlayer_x64_Master_mono.pdb
FileVersion	`2018.2.20.13562854`
ProductVersion	`2018.2.20.13562854`
Unity Version	2018.2.20f1_cef3e6c0c622

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 87.0624% of the executable.`
Safe	VirusTotal score: 0/71 (Scanned on 2023-07-03 01:02:19)	`All the AVs think this file is safe.`

Hashes

MD5	`99be87fd879a998711ee932eafc73ca5`
SHA1	`767fad0f2aeef10b70ea0a65e7a5e2996d3fc508`
SHA256	`f207bbb20a9f6386aaa40ebafa116d391092e3cc606bdea9e60d9bc7f015c4b6`
SHA3	`0f6429bfe795d0e5389b0f87c147df68d4b8d30aebb75205ab9306401cc7467e`
SSDeep	`6144:IP1SPCWfhcoE8MX+LFViVfbXrF1CJSEJ5uLKO+uno3U:ezWfyD8DiV3CzJ3Ns`
Imports Hash	`fafa4a28b560c39ab0fffc511680e6be`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2019-Aug-10 03:59:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9800`
SizeOfInitializedData	`0x95c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000125C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa4000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b07513582cec41ad6f24e3a756cfef9b`
SHA1	`b460af2a9b14717e418e514269d7d754a9b3d8ad`
SHA256	`e9b13336de076772e7bb581f2a1dc42e99147bc0b6d8635d508d899ab8cc37a9`
SHA3	`a87e8671e626831fa4227ec395d04e55c5f57ccd544934db8b44a436e8211a9c`
VirtualSize	`0x97d0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39389`

.rdata

MD5	`35407d803aa6a197de128b1d359a5226`
SHA1	`3295294a0ea3de655fd6ce3a3a9c222c0c79f955`
SHA256	`be164ede00bcced73b43be380b84583a80584001ae54beb3e126db6a7070abd9`
SHA3	`2ce7372fca3ee16804a3914860946e9580131557528305b9cc8cc023f17c621c`
VirtualSize	`0x86ee`
VirtualAddress	`0xb000`
SizeOfRawData	`0x8800`
PointerToRawData	`0x9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.74656`

.data

MD5	`6d252422734eee1f813ab7217917d94a`
SHA1	`f2813b18da62c6a0bb4f5f266c7d7a688dcf7b29`
SHA256	`7111190be1e3cd28b63254a6b14c9047e6927d189343e49e4180e74dd08ad256`
SHA3	`1167b7c535019f1549599789c5e1e63c9409d89fa8467a89aa9bd1d40951460c`
VirtualSize	`0x1ba0`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.81355`

.pdata

MD5	`530148cbb3563cb1970bcd6a11c3a1cf`
SHA1	`79f4278c043d16197d937b9f8e5185d9a1663e58`
SHA256	`2f17fd908808a738a0043b37b21d12be2165dbf4433032ec1984096161ef7ebb`
SHA3	`8c11d268f1a1bb4032bee87961ee9f82238abde86f027542ac9b39764f97c161`
VirtualSize	`0xba0`
VirtualAddress	`0x16000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x12e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71208`

.gfids

MD5	`46c60981d23fc3fa81a8a0b1587ec7a8`
SHA1	`f5604281ea9a3c7aff381d510e957a5fd34526ac`
SHA256	`16df975b78975d566927219825ef2b36c53e1b239b03bd602c25188303a7e812`
SHA3	`a040bb18acc108fcada483b77a99d9643a349615018be0fdc9322fbda0cd45ff`
VirtualSize	`0xa0`
VirtualAddress	`0x17000`
SizeOfRawData	`0x200`
PointerToRawData	`0x13a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.2509`

.rsrc

MD5	`73e6bb7e29acd498e770126e92bd1d77`
SHA1	`efad6098fac06be02e08cdda16682b824a8ef1dd`
SHA256	`9744cc266a2516e31ee9dcc900fb97903ef1d9175f28ac1757ffef8d645de653`
SHA3	`8c294e418f6af9daeab852ee65cbc3c36fef34ee756e45a5340c4f476257ac2d`
VirtualSize	`0x8a0e0`
VirtualAddress	`0x18000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x13c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.07326`

.reloc

MD5	`44f94589028c41d8662e8f9f493de263`
SHA1	`cf5acb572314b728a949314bd273658cccf2c130`
SHA256	`3a4caac2440aef6badf4d94c32967de065dc95c8433b9e15a50567de36c03d81`
SHA3	`3816d9a31825cb0c112b792fd558c69fecc09882488f77b7f93953c60758abf3`
VirtualSize	`0x614`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.74001`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`HeapAlloc` `RaiseException` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `MultiByteToWideChar` `WideCharToMultiByte` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `GetACP` `HeapFree` `CloseHandle` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `LCMapStringW` `SetStdHandle` `GetFileType` `GetStringTypeW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `WriteConsoleW` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x14004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x14000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.98784`
MD5	`a8696a2d90736f069a43d2eaea643cf7`
SHA1	`04be649328a98a02af3d734946c038ab8af096ae`
SHA256	`7b6137b708376c6dc2f1634f25a26879e1f57a74da062dab62c3505e44bfa633`
SHA3	`5afe31e54a247d3e462b301e2925e2f2381ed3f9eef483b161e6416d9d8895d3`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.168`
MD5	`6bbb097256e674aebe1f519d78bdb2a0`
SHA1	`ff9ace4b852e1c3307c834737cb1e95e34980280`
SHA256	`0d17bbdd074065e6bc2a83a150e5087471583114ef481388419053d6e99a2137`
SHA3	`0477cc5c9c8b564bfa1e4eab305d79b74dad6b6d31c4e64ed63478a6bc48cbbe`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24638`
MD5	`75397b744ec8873c3c0903ea04b3f2cb`
SHA1	`c392cf3b979def43ab40ac09661dba1e410ed9d6`
SHA256	`111722b899c7952b565a2309ce75812af775f5074749394b3c728fb85047feb6`
SHA3	`9d5cd75ec055b7bad5dd582467a810d620e5ad9c659d26c1601a82a09b5bee74`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.20209`
MD5	`c5be51914a972a7a90bb44fdb49392e5`
SHA1	`c27154d662f9305c3d2401686279414376dfaec0`
SHA256	`2d8a3709e9c594cd0cdfa36e3dc8e3e58e0a5ba25db14650f435c2f775d875c3`
SHA3	`56e29cd5d6107417cc41e6260701494fd0039abf7a5052bf3c3adfa833f6f2b2`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.23768`
MD5	`4fb3a5d3dd8f1e5220324a49cc09f85f`
SHA1	`6083740a4ea217e75e4493e07d656ad396155d94`
SHA256	`e583988e211a829ca0db362cc1cb8a40698e807d25fa709daab3556ecbd6f1f0`
SHA3	`565b2746b3a011161fd3a092f3a02db9d47b1ade8046644f198d0f607db8f6b5`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.18162`
MD5	`bfb424af13eae7570cda128f48214707`
SHA1	`e6b839bf9d67ec4fee0cd3a2d30ca6f3b1685e8f`
SHA256	`01e423f1b55ed53f6bcbcc78e7cd572bd8656d3e6f4db11b7228aea55bfad429`
SHA3	`cfaf3f87d727692b0dd074e2789eb8757108007760868692d746978898ea6af7`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.1436`
MD5	`b62c2bcff3904e97b8fa3f6c97dd444a`
SHA1	`a33fabe10dbcd0ff1e1dcf37b142e26f6aed1412`
SHA256	`b53517e550d56cf10f7fb894201ed0bd14c19894043df7c2d38f7a4b60a4b620`
SHA3	`dfec811fe83fbb2e24b2bc28b1d5ead76e93bd025d6dbbed1597e02497acb494`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06857`
MD5	`45d220f60927f623e94077452d45edef`
SHA1	`acf257866814181786315169ab9eda5ecdb92aac`
SHA256	`511ae27a8627f1c0e1264cb881381c9e3736a136b1656be1baf726f3554adf2f`
SHA3	`65a287cf4437b2e5c3a3eb25f9ae480f6f3e66eb9e714c1169d269380e9cb3d6`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.98725`
MD5	`2ea7692974a003700901868d08333532`
SHA1	`195fe70e8ec02b2f3eed625e40d50ec45f5b72e5`
SHA256	`a80e82c775d8b6eb846686a010d34dee252ca955abec739323ab4c6a7921a8db`
SHA3	`a9d4448879b4b7639fe8d18a8cebb1f7652d23a479768185230f2533c92fc91c`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39815`
MD5	`c76832c64b9917d388ea0af685e570ab`
SHA1	`71d5a5daefc64ae42a96b99f25c2bc900a1c3f86`
SHA256	`fdd629e6cd1d043f62c9185c960effb85dff565acc5e4e4c2341f526ed51575c`
SHA3	`d742aa6b1a35841c46233e496183f12dae1566431f274d23b7c147c9c0eee985`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2018.2.20.62438
ProductVersion	2018.2.20.62438
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2018.2.20.13562854
ProductVersion (#2)	2018.2.20.13562854
Unity Version	2018.2.20f1_cef3e6c0c622

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Aug-10 03:59:44
Version	`0.0`
SizeofData	`135`
AddressOfRawData	`0x12208`
PointerToRawData	`0x10e08`
Referenced File	D:\unity\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\WindowsPlayer_x64_Master_mono.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Aug-10 03:59:44
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x12290`
PointerToRawData	`0x10e90`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Aug-10 03:59:44
Version	`0.0`
SizeofData	`736`
AddressOfRawData	`0x122a4`
PointerToRawData	`0x10ea4`

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140014020`

RICH Header

XOR Key	`0x5f8f0463`
Unmarked objects	`0`
241 (40116)	`4`
243 (40116)	`120`
242 (40116)	`13`
ASM objects (VS2015 UPD3 build 24123)	`7`
C++ objects (VS2015 UPD3 build 24123)	`28`
C objects (VS2015 UPD3 build 24123)	`18`
Imports (24218)	`3`
239 (40116)	`2`
Total imports	`86`
C++ objects (24218)	`2`
Exports (24218)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (24218)	`1`

Errors

Leave a comment

No comments yet.