f87792487fa64cea43e0f7760c95da31eedbaf9b17f558e6daede23babf9fefd

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Nov-04 03:17:40
Detected languages English - United States
Debug artifacts C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_nondev_i_r\WindowsPlayer_Master_il2cpp_x64.pdb
FileVersion 2018.4.29.5295330
ProductVersion 2018.4.29.5295330
Unity Version 2018.4.29f1_50cce2edf27f

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Suspicious The PE is possibly a dropper. Resources amount for 86.7871% of the executable.
Safe VirusTotal score: 0/72 (Scanned on 2026-03-12 13:55:21) All the AVs think this file is safe.

Hashes

MD5 073aa5a9d4619ea0d08a6e21b96d546c
SHA1 95a5ff1891c7ad782f48b1c666c32eda2919e705
SHA256 f87792487fa64cea43e0f7760c95da31eedbaf9b17f558e6daede23babf9fefd
SHA3 e14b94f51b32a6d66e6d6d9c996f03b44f70f2dc737296c63addf10eca45fa26
SSDeep 6144:bBCic2D7kN3QUdjzLe718IeM9LGnGuIz06Oubj3UPhj2A0:1LkNbb+8IH9LGn3Iz3Ou+jH0
Imports Hash 2903938ebca26120e91d0905dbfde587

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2020-Nov-04 03:17:40
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xa000
SizeOfInitializedData 0x95c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001268 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xa3000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e3959a3353a0c73333174f549d388e74
SHA1 ddd6e2efb0cca809074dfd5597e3c51a0b74fc6d
SHA256 40308324ce0101e9106893e9c2aa57981cbb7d275d154727ad8e54657eff05cd
SHA3 3bc5704bfa603c12d782251d650603bfe76d880487157a0efbb3c52ddd367f21
VirtualSize 0x9e80
VirtualAddress 0x1000
SizeOfRawData 0xa000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.37547

.rdata

MD5 35b6d243287bae8753c05a29f567c26c
SHA1 153e0dd8455b1ba15b93f6a0d22b179f03f2eac3
SHA256 cdfa1b1c4626b514a7ee7ef4f80e54c260a4ca5a979d4c3701607855167e3474
SHA3 0917151323d0fa8e7517a75adead8460486d6be37788b0bc79be990ada23c3b5
VirtualSize 0x87ce
VirtualAddress 0xb000
SizeOfRawData 0x8800
PointerToRawData 0xa400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.75503

.data

MD5 e5723f0a96548881b4089bde74a34fc6
SHA1 1cc548e1b83bbe5f362a98ca6da244de6dade3bc
SHA256 ecf3f7a52f8a031db5c7ce8d9d8e05965b7fbde8e543ba56ea1662fdcd093dd7
SHA3 ea9bf9671edf6c6262b017ec3e6f18e282e6e1b832a5a96fc43b0d53d5a18c97
VirtualSize 0x1bb8
VirtualAddress 0x14000
SizeOfRawData 0xa00
PointerToRawData 0x12c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.81096

.pdata

MD5 e66db456ae04138dcb237c5291e8eee0
SHA1 cf319e03da59e0027dbc745063b4877b4751f613
SHA256 a430de6014c7ac4e917ef44bfb3056041eaa1826bfc3fd9b5ae49854754fae8f
SHA3 f88e3bb467530326a62ce7d52572c594e43178feffb8a762d40420b094a4a5e2
VirtualSize 0xc30
VirtualAddress 0x16000
SizeOfRawData 0xe00
PointerToRawData 0x13600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.31128

.rsrc

MD5 6cf05814940a4e4f145ef60e25b408b0
SHA1 b571979356126b2fee3b3aa8cde9d22abf274c09
SHA256 247425231fadbfb99331f3f21238e0c008b9dde192b98a8f754d4c611551f3fd
SHA3 efa70698ca9aab8a78bb2f86300990fdc64568b4b189d37b4ffe150c5002f0bc
VirtualSize 0x8a0d8
VirtualAddress 0x17000
SizeOfRawData 0x8a200
PointerToRawData 0x14400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.02618

.reloc

MD5 e3aac30c773e88c2700a0e0f950592be
SHA1 2bf91fe5fe83ccb77977059ad2d6dbfefb19c443
SHA256 ced816cb4e98622677b5ca96407ddb8fddd97a04969717422058fd431560654a
SHA3 1e658d88e531b0977ab24a26bba64dd18e03ef3c7db199c804c3a262c9ffb89e
VirtualSize 0x614
VirtualAddress 0xa2000
SizeOfRawData 0x800
PointerToRawData 0x9e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.74269

Imports

UnityPlayer.dll UnityMain
KERNEL32.dll TerminateProcess
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
CreateFileW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
WriteConsoleW
GetModuleHandleExW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal 1
Address 0x14004

NvOptimusEnablement

Ordinal 2
Address 0x14000

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.4631
MD5 17d0ee2ceb01c73f5f9bcc57578e45bb
SHA1 32b702c6990cb4307f7fdde60add789d00cd5c71
SHA256 134ca0249700874cc79e981079a29458d6dad5130131b4534b682d4b7e164f79
SHA3 ea83198e6bc527095e78224d990e0c2c29443651b656a4683245341efc386550

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.41008
MD5 eca7e4776c8db7b0ede7b34582966ede
SHA1 632be5c5edea25bc91adf3330f8ff1b0c6fe3989
SHA256 b2d2e9620fa1d60cef779d99a93a69430be7c81d547d444be5e3da968c7240b5
SHA3 cf5691b1254515a3eba548ea788d7bb19d1ab7e1987cc212fe5ecd49cfc0c67c

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.32629
MD5 54335e55c70efffbc63b5557e5afa9e7
SHA1 2d68cdf2c65cec01399833a6f5ae4ab8983a95c4
SHA256 0dce6843127442938d3f6c9e36bf78d5d49876b84fc55f8df0b281f7156f8dc7
SHA3 59bbbc710f8ac2a0c97a8f6dfb3a9cc8c7c3a291294d5b48d42db5237e03bab7

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.22692
MD5 3ed40f14b3295b9e80d69c955b4ac66a
SHA1 6f22805b5be3b4412190daaac4d63a8bc899aaa4
SHA256 b776c58138ea9bb49d985a87e9aaf9144c2b5e0857c149a1a2e61201a662e891
SHA3 2b4f4eb9cf8fd0a93182c27ce3996ac8d0ae320ee884dded6ebae16bfaf313c9

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.16579
MD5 4ef19b7a9de60f4ff5219f14bb06b740
SHA1 ef2d0be4bb32590a9da17f7afe0f6a203c698d50
SHA256 aae0f68e5bc0a59f66e8fa12c6bf5c5cd5e96460777fb335fc7c951a3adb0e4d
SHA3 2711414f8626551766a04bbb1fb3bec621ed8c362634968ee7a7fd66efd79b15

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.08195
MD5 5b83cd1e835a9ba4278da7b6308bfbd7
SHA1 00c53df641e9af05d51fa0ef852dc28118580f03
SHA256 3257f1ee3fa157fc939352091dd865f1dc91736079bb89a7360f24818ddbfe4f
SHA3 db0b82917f4991ada1a4d451c93027aece0bb6f9c33c42cde42119d1453af6bd

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.03731
MD5 2e724c5fb706059e4f7d683ee55d1db6
SHA1 7ed95db72519481b26450df4576e9ec8b2599136
SHA256 18afa0b4b8fbd898a143822ecd325502cf3a24a7585bc05ea4d1f61157393a49
SHA3 da5226cbc4220cfb69a8991cbf6ebbb288303b74b85f6d962c83335dfc1ab1bb

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.98118
MD5 386426897120db165acfd1f250e4473b
SHA1 c3e6565b9ebbdf39b035ce586a55f3d2a6e233d5
SHA256 cfe13a97c85fa0c6d05ac1d05a95b1809859df8b5c1bb0e76619fc373548b445
SHA3 f028be79ae2585465e39502f5c0be6c951bcc4a66d7476eb15c2ae5250b00fc8

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.95571
MD5 5e238834c6756659dab437724dcc7a47
SHA1 3bbe781c79e13ef8e5765dd7b67c930a39e9f14c
SHA256 e548f026f8771ccb12ae1ed870a2cc01b43a0f7e843e896aac612078c223b91e
SHA3 f587f634d4741c4909105e95f24f1d515a1bac6377de8925ebede630dd94dbd0

103

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x84
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04448
Detected Filetype Icon file
MD5 3bf2dac037ce87794e66ff7f054e913f
SHA1 52ca961fd37ad960905a681d1db5157508ef1602
SHA256 2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581
SHA3 8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x1c0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.4085
MD5 63be5b1d250f3f6c8ea9ea9c2227e563
SHA1 82a5d85f8c3073170a77b902665c3ae01c868507
SHA256 512ecc32c47e20d8080bcb8b1de1e2329820681239b6bc81adad2fcafa0ca264
SHA3 a1254317aa658b3b669bd88008266c73a230b201c9a07e1bdc8fae7e4b351658

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x655
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.37545
MD5 e64f0e3051453730fcd59e3487fff82c
SHA1 881f9506d98c7244ee2e6cc48de59fb5fe9394a0
SHA256 cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2
SHA3 e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2018.4.29.52450
ProductVersion 2018.4.29.52450
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - United States
FileVersion (#2) 2018.4.29.5295330
ProductVersion (#2) 2018.4.29.5295330
Unity Version 2018.4.29f1_50cce2edf27f
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2020-Nov-04 03:17:40
Version 0.0
SizeofData 127
AddressOfRawData 0x122b0
PointerToRawData 0x116b0
Referenced File C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_nondev_i_r\WindowsPlayer_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2020-Nov-04 03:17:40
Version 0.0
SizeofData 20
AddressOfRawData 0x12330
PointerToRawData 0x11730

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Nov-04 03:17:40
Version 0.0
SizeofData 696
AddressOfRawData 0x12344
PointerToRawData 0x11744

TLS Callbacks

Load Configuration

Size 0x100
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140014020

RICH Header

XOR Key 0x5bef5e40
Unmarked objects 0
C objects (VS2015/2017 runtime 25711) 10
ASM objects (VS2015/2017 runtime 25711) 5
C++ objects (VS2015/2017 runtime 25711) 140
Imports (VS2015/2017 runtime 25711) 2
ASM objects (VS2017 v15.?.? build 25930) 9
C++ objects (VS2017 v15.?.? build 25930) 34
C objects (VS2017 v15.?.? build 25930) 19
Imports (VS2017 v15.6 compiler 26128) 3
Total imports 81
C++ objects (VS2017 v15.6 compiler 26128) 2
Exports (VS2017 v15.6 compiler 26128) 1
Resource objects (VS2017 v15.6 compiler 26128) 1
Linker (VS2017 v15.6 compiler 26128) 1

Errors

Leave a comment

No comments yet.