Manalyze report for 0823d132912746bebc039dcd604a3b43

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Aug-31 00:30:19
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_Master_il2cpp_x64.pdb
FileVersion	`2020.3.36.7469419`
ProductVersion	`2020.3.36.7469419`
Unity Version	2020.3.36f1_71f96b79b9f0

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.3959% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2024-12-25 12:16:11)	`All the AVs think this file is safe.`

Hashes

MD5	`0823d132912746bebc039dcd604a3b43`
SHA1	`e5b7915328d6942a09c3b737c1023d5a9a11ad2a`
SHA256	`db13f76d9d3542294dab5c150ded37b6424c95dcca4c0b24796d4e982b7fb973`
SHA3	`5cbc8653e55df9130b45082a5c4b8b5d43663322e5112d1ac32f3442a61c50bf`
SSDeep	`1536:TCL9gXAX271lcBzqEY2lkCsJVxYDXosWkd09dl3aPGMCjkOqxHQSBBBBBBBBzu+:UgXpJozm2lkCspYDbM5qxHQvVBFUs`
Imports Hash	`5f74a5c747508e2822fdb9b687deaf42`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2022-Aug-31 00:30:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa200`
SizeOfInitializedData	`0x96600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa5000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`dc34d9506ae9e3616b5265da7e35b1f6`
SHA1	`dce8f4d17ddc08b8460b046a362a27430cbe2e75`
SHA256	`e80b2c4dfacb7fab649683f679231937cf85d5498d6d4b5d3a3e61149f064124`
SHA3	`08b3146b697934b2f68c0ed66868b3c96973ed20c4a70245a96b304f456d0106`
VirtualSize	`0xa120`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39574`

.rdata

MD5	`0012a8b376d329d1464d4476535d344a`
SHA1	`a1f375b88e247644a34bb5bb41af2dadb5e4fe05`
SHA256	`97a46e397397a4d39c07e496ddf73f892c69c1a46d694142ecd19684d00efd14`
SHA3	`79785a16a7b662ec79247431fb99daeac44e7821f6a0a5befe5c5833c7886152`
VirtualSize	`0x8c6e`
VirtualAddress	`0xc000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65235`

.data

MD5	`a9e79420695e9bc679ca784c3876e94f`
SHA1	`85d68049c56be1369a584c2cef1f26bece917c8f`
SHA256	`a64f2a1dd771a4ddc2a8b9ebecec8d75683a19da0fcb7c92b1ca380ca540a055`
SHA3	`902fec18ac997b92fb99b25384f1c089fc9ae1ab1d849e846fff2b3a4d2bd9fa`
VirtualSize	`0x1cd8`
VirtualAddress	`0x15000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.67624`

.pdata

MD5	`789f36f907239c1ceca2f8ec3f79fcb5`
SHA1	`11b2d5522be4b2558a7e492c53b4d86184702c90`
SHA256	`5e2c8dede33e201308d3fabb30b57b487ba34d524537e56449f854c9d6e560e4`
SHA3	`0b06f78c7fe1c1611e2e7abfd4a78a87cf82474f2ac5b4a8daa9c07fbbf85778`
VirtualSize	`0xc48`
VirtualAddress	`0x17000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.36097`

_RDATA

MD5	`1960efd573f3d23522c840210d59fb7e`
SHA1	`47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2`
SHA256	`ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4`
SHA3	`225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4`
VirtualSize	`0x94`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.08512`

.rsrc

MD5	`ff02eef6ab6755bcfe7019ffaf452fc0`
SHA1	`f0dd41de60b680afe2083306a924253455e5665e`
SHA256	`1a2c84310d1db8b2f30bec34524e47be96a0a98d31e9808b91fd866b4d0acb3f`
SHA3	`957548d7f09e8ae87d423871cc86a1adde9ab2eee871f15fe41c8cd70c2b15f3`
VirtualSize	`0x8a148`
VirtualAddress	`0x19000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.07781`

.reloc

MD5	`a9c3cf69888151777a2a472fa85313df`
SHA1	`a5410c074ce059a802887d8ef48a198d601aa9e3`
SHA256	`02d5b365a568a1cfd46be8549a8fee9793a57a8d69c3544d8232330a87a3d7ad`
SHA3	`874351b3eea840f9c0337e4533e9a1b535fab5c0ccdeba911f149a1902c60a44`
VirtualSize	`0x634`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.78467`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x15004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x15000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75306`
MD5	`94c3a44570e4dbcb1678ce2a825289ad`
SHA1	`adca4c6226cdb7fabe0e158ef808921c6e9562f9`
SHA256	`555ff7c907fa081093493adc51a146b26dc864a0cf262dac5de3c7c4ca1f2781`
SHA3	`58c6ef658430d1942a9e644538b74daf9698e955d5b1382c441448aef08268c8`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0149`
MD5	`18e0dcffdb21c2a19df2b19b46ed2642`
SHA1	`6ea01f350564ad81025a9290a0637d4cd8e0baeb`
SHA256	`e9729d8350a5e3707c94b35cf4feb1950665728342f8582e2eb4b48435d30031`
SHA3	`7036c26f24231d37e1bcec5f6ebe3f5245ff97ecbfd98ef272240c96ebb51be5`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92307`
MD5	`cb06af4d058877f9551772387a34d79c`
SHA1	`e3da73e4876ef1f1a60bce1765be774e5009a213`
SHA256	`010afc72c4e57d447d5414af4250651dc817f7f917202d38bcbc350048a3d6d8`
SHA3	`ab14e89eae4f042f1adbd7411a41229fda7131672c80d4cde0035b34b4f02ba9`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.30142`
MD5	`c60865d6307e227f01d78d7ed71c17ba`
SHA1	`846fd36245586535c3649ae1228ba30f7f09f8f9`
SHA256	`bd5b329e775567f5d98770265b2c2f3802697d193a033102018ddac4e04241df`
SHA3	`773aab7306e6767f527fdf45452d6cdef9668c488a2e8958e0b387dedac4d996`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46`
MD5	`21074804537cef2056b1909df5f97c1b`
SHA1	`54b872a3540d6632fd0e1e60350ebe6b27f1f784`
SHA256	`d4c91794e5562042d38a604681858b8bddd7f79919e88ba980e2161a292ba8cc`
SHA3	`a97bb15ecbd7bbbc6b65877a351801617881ab1508ea1d6773db059edf14a985`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21088`
MD5	`c1e1f5f7362d5289581c205d8886c054`
SHA1	`a7a628fb44bd6ea9c1c17b691c88e58f198ef012`
SHA256	`716b88726fe963c91171090bc76e25a2c95b4eb8befc8e5b237db9d92ab9d447`
SHA3	`95b8706413673080583c764bc27c21b2d5b457ab61939926eae5750020ec5794`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31751`
MD5	`ffbef5dd376ffb41d3fc348c480ff861`
SHA1	`2a7d638872b8bcb5b2eb1606dd316777d22134a0`
SHA256	`2c89d3951deb31232a729c1153fd622e2595a837b63ed726ba34b889d2834e73`
SHA3	`a9aafe3f7e0d0d39b3a26f5c160643af705ef0e6ffd515ca605eff2313c427fb`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.02365`
MD5	`38f542ca3025d95bd7c5089f2c5fbaf7`
SHA1	`af415b295314a1425f90d4b6bf9f9f67844e861f`
SHA256	`9266d593ae9f6abd11d3701dfaf3de0a8004d6ec85666c948a7131391162ef10`
SHA3	`235ac75d875ab022a166458810145f64defcace7e440cad8f79e4f4c8f03a5ba`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27212`
MD5	`c26dcc53310997da1b51f0c7038a342a`
SHA1	`378978c63c4811cbae90173dcbe1c5f6e5f0e248`
SHA256	`e84d3f72214506b8d787153112c492fb48e16eee95645f00c66b15ccb356c2db`
SHA3	`685c79030e12c08a9a7e3458449a7a49caed28bfd74df38cbac1e7efc1e0d696`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41601`
MD5	`32c08a09df32fd3224b0bdedf388eb51`
SHA1	`d4baec0e8555cddbddaf9f2684395727f3209ee1`
SHA256	`b29cf4896f7a44e4e0218dbfafcfb400aaf5c0fea16ba6bf97d5cc4c420fa9eb`
SHA3	`fc24775ad5cad37a434f4a291b1f48426251025f65030bfe5b37b54f62835788`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2020.3.36.63851
ProductVersion	2020.3.36.63851
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2020.3.36.7469419
ProductVersion (#2)	2020.3.36.7469419
Unity Version	2020.3.36f1_71f96b79b9f0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Aug-31 00:30:19
Version	`0.0`
SizeofData	`134`
AddressOfRawData	`0x13730`
PointerToRawData	`0x11d30`
Referenced File	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Aug-31 00:30:19
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x137b8`
PointerToRawData	`0x11db8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Aug-31 00:30:19
Version	`0.0`
SizeofData	`712`
AddressOfRawData	`0x137cc`
PointerToRawData	`0x11dcc`

TLS Callbacks

Load Configuration

Size	`0x130`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015030`

RICH Header

0823d132912746bebc039dcd604a3b43

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors