Manalyze report for 1012379a73f429e0fb95596b05384cc8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Jan-22 05:49:01
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win32_nondev_m_r\WindowsPlayer_Master_mono_x86.pdb
FileVersion	`2019.3.0.2599713`
ProductVersion	`2019.3.0.2599713`
Unity Version	2019.3.0f6_27ab2135bccf

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 88.2445% of the executable.`
Suspicious	VirusTotal score: 1/67 (Scanned on 2022-06-14 13:25:19)	`MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`1012379a73f429e0fb95596b05384cc8`
SHA1	`c06ba190a4201665d8dfceb2052fad1f390e2ee8`
SHA256	`80071adef993b7b5173b5da49fa317d5d8dfc0866e4baf8fc7463ad7973ee248`
SHA3	`b3e2081cdfc47c89ffbe655285d5fe19e9e7cc7412259fead58bddcd85ea8002`
SSDeep	`12288:0+8wz/2TTLM9VZflc2/kuZqnDCTQwsg4wGj5YSjRn9s4AP:09wz/2TTLM9VZdJLZqnDCTlsg4wGj5Y`
Imports Hash	`93d7bb032e5b4ede025420a3defb9706`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2020-Jan-22 05:49:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xae00`
SizeOfInitializedData	`0x91e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000125D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa0000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`db1f15be09b789283a7850e61d3d2ed9`
SHA1	`3dc68d97a4b336170e796e7de67d9ed7406ca1a7`
SHA256	`39173c9dc8014fc31a05bf2b5a2403004e7946b3d1f00ea28644f708f7abee8b`
SHA3	`7ddd3e8ecae2eefe04d89c92d06533589dd4befb048f6f574d748661c48d3197`
VirtualSize	`0xac07`
VirtualAddress	`0x1000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59524`

.rdata

MD5	`89abacfcb8ff203289198f840269d409`
SHA1	`c28778b28f04c46ad6e46cee933b8a129994f20b`
SHA256	`8850202ea26db9c28ea8cd1b9c6b6f38e2b7c13d680a0ea80d3cb8dad9fb64d5`
SHA3	`f10c8e98654a9b7ba9537cf8c7a9549c173590f12ec305f56fd963f2113d540a`
VirtualSize	`0x593e`
VirtualAddress	`0xc000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0xb200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.85987`

.data

MD5	`1e19c674a19facad078a63ef812dda50`
SHA1	`65f38401a2b3fc61f41771c1e72e9aa73fd10799`
SHA256	`c4cf693f8d4d834aff4a4197177982ea8c0b8cb49af91fefe52400f22f4be1e2`
SHA3	`b01bb11e9989bb2c8315f2bb119c2fec9f66f8c08ab4350959948bc6b6f03bfb`
VirtualSize	`0x12b4`
VirtualAddress	`0x12000`
SizeOfRawData	`0x800`
PointerToRawData	`0x10c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.00867`

.rsrc

MD5	`825e3e63a3a8be3ca4390c20f485bada`
SHA1	`2b49a03aa7c47471db663763a23eb3a68d20a735`
SHA256	`d92ebf2af7ac2bef6ab9e3c987a31db5d6d57ae2242e75bb3bf014a86cff71a3`
SHA3	`630aa1dd26842c3813de1ae3fdd775213b52cb7a883cc5c8798b92faa9d84ce7`
VirtualSize	`0x8a0d8`
VirtualAddress	`0x14000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x11400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.15142`

.reloc

MD5	`25e1753d72af594ac26f64810125b391`
SHA1	`7c0624cc0d5cc961ea96284928f1c1b04158e7d2`
SHA256	`2a418bf5f3798d42ded392bd99424322fa6065dbd2b03837f229a7f8ac14f2af`
SHA3	`dea2e06065ca3c2a46313e341e3ac93a3971a8e885926fed33373f60955f6dae`
VirtualSize	`0xdcc`
VirtualAddress	`0x9f000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x9b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4902`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcess` `TerminateProcess` `CloseHandle` `RtlUnwind` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `DecodePointer` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x12004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x12000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.08759`
MD5	`580e21409753759c0c2e603ca435d9ac`
SHA1	`55260b8c93b8b2a6545187d49a882a24eb97bab5`
SHA256	`196b938c5f081308382a1baab87d1a81b96af74175d416754cf24954c28757cb`
SHA3	`de010cfb27f22b11c9f830280c7ac51422a477d1b01d4d4ec624e0a2c1a9e207`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13448`
MD5	`109a6409951c2b60c1ce2855db92081e`
SHA1	`e63cc9a9944bb72e7fb2965d658dea4c53dcdee4`
SHA256	`e9d2792b0859735354ddee719aadee70a95a68bab29442fff322014790b59f5b`
SHA3	`0180343376703d5b6be3b6a63d8701937ec04b0e0d8ad6c3b391be2232ba675a`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17193`
MD5	`ab1f90d1a5472697db8f560065ef9c88`
SHA1	`86257af535d16952378c8ee3b5096fb93c26a939`
SHA256	`7c93d501183dcf4be0c651eaaff4a6451b171a2f4ce85f8016f5b9c462fdfc71`
SHA3	`f2a902ffaf12b0ce65be08caa302c3ffd9277566bc6c4b2b5e48bb361c36a63d`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19306`
MD5	`db3a54fc34d41b6b56e4fbdde50dfc44`
SHA1	`3bc8de655dfdd9a07c41245e0470e01e932a28b4`
SHA256	`a31e8bd1dfe85b2d8fbf5c5765bdfb4f7bdffb06341cb6dd5522e419559a82f0`
SHA3	`314f1bb7e966bdc5ae26ceea10baf67f7fd94a855c64434eec8e7dab2f1d07f6`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.20575`
MD5	`c30e65b560538c95c6955d2f2493c34b`
SHA1	`0f4a54f38599b0ec7cb2598e22bc4a2189cfbdec`
SHA256	`77d64069f3ca5d8418d00cc9b04962ecd2a0792cfdbc02c3f645e327361c1b77`
SHA3	`e02e2486f6988a4abf79766f733b6afaba849cb7fc0ccbb3fc525a8d484a2ae4`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.18244`
MD5	`8f701f5eddfaf9cc52aa4596b57ab541`
SHA1	`e804d7955a2e1b31459f0f4d63f15480eb7fc996`
SHA256	`26b0ddea033d9c19ccc97241c9782c13e03ac15a0fb889ec236b4e62cd239493`
SHA3	`66c7c16e4ad25d7f0af726b6cfff5d9263dee2b40774f6ef75b4b46d08b5b982`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21056`
MD5	`85c123d061605c16837f9a775077a5ce`
SHA1	`429f5a6774980900b4587325641150f8e4e977a0`
SHA256	`593ba7f6e19f5483f9fad2e6447f87bc6f84df74635a7b16887afbbf2ecc3ab5`
SHA3	`b775b7b6e6b097c93b99b4b95b2a21119bb0888c8db1c5ae9e7cacc26f1efb11`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19147`
MD5	`6aa4b87d30d67f51f3e2192ad9929c59`
SHA1	`ee09c3fbdbf9eb6e257839ebd38655234a3a9439`
SHA256	`f96a42e1a2459d8e3461d71178f575958bcd3c279c83faf6675d8dc1b3beea0d`
SHA3	`2342a2bdf99694750d9be388f807093608424064c89c20792453bb25be713161`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13543`
MD5	`aacaf137b89fb16da72a4768934d50da`
SHA1	`09e1a19506353b064c960919534536529b8886fa`
SHA256	`8176d388b4a47ad81c4a6490611bf2516ce62f1a2264158fe5b94783ca797415`
SHA3	`8682c27ee91c3b67508e690877168db34ef43fb02d19b0192e9fd1a0fd4fb8dc`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38507`
MD5	`99136e0063923a13188f3b60f5ab3676`
SHA1	`36e31a4b5e12faf827d9981321b260d05a527d0b`
SHA256	`cfbf915c884fd765ecb3713250b0e9c72525a18b971d517e52182a5de8b91e61`
SHA3	`e4441e8c5efad49019946e93d249e9de9b8f42b430a1087768c460d421a98555`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2019.3.0.43809
ProductVersion	2019.3.0.43809
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2019.3.0.2599713
ProductVersion (#2)	2019.3.0.2599713
Unity Version	2019.3.0f6_27ab2135bccf

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Jan-22 05:49:01
Version	`0.0`
SizeofData	`125`
AddressOfRawData	`0x10bbc`
PointerToRawData	`0xfdbc`
Referenced File	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win32_nondev_m_r\WindowsPlayer_Master_mono_x86.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Jan-22 05:49:01
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x10c3c`
PointerToRawData	`0xfe3c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Jan-22 05:49:01
Version	`0.0`
SizeofData	`672`
AddressOfRawData	`0x10c50`
PointerToRawData	`0xfe50`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x412018`
SEHandlerTable	`0x410bb0`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x64797d74`
Unmarked objects	`0`
ASM objects (VS2015/2017 runtime 25711)	`10`
C++ objects (VS2015/2017 runtime 25711)	`144`
C objects (VS2015/2017 runtime 25711)	`18`
Imports (VS2015/2017 runtime 25711)	`2`
C++ objects (VS 2015/2017 runtime 26706)	`36`
C objects (VS 2015/2017 runtime 26706)	`17`
ASM objects (VS 2015/2017 runtime 26706)	`18`
Imports (VS 2015/2017 runtime 27012)	`3`
Total imports	`78`
C++ objects (VS 2015/2017 runtime 27012)	`2`
Exports (VS 2015/2017 runtime 27012)	`1`
Resource objects (VS 2015/2017 runtime 27012)	`1`
Linker (VS 2015/2017 runtime 27012)	`1`

1012379a73f429e0fb95596b05384cc8

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors