Manalyze report for 140502911752ecf93687fec4aa6af7f2

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Mar-30 08:56:58
Detected languages	English - United States
Debug artifacts	C:\BH3EngineDevPC\Unity2017_4_18f1\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_il2cpp\WindowsPlayer_x64_Master.pdb
FileVersion	`2017.4.18.5715588`
ProductVersion	`2017.4.18.5715588`
Unity Version	2017.4.18f1_5736849e9d26

Plugin Output

Malicious	The file headers were tampered with.	`Unusual section name found: .tp6` `Unusual section name found: .tp6\x00a` `Unusual section name found: .tp6` `Unusual section name found: .tp6\x00a` `Unusual section name found: .tp6\x00s` `Unusual section name found: .tp6` `Unusual section name found: .tp6d` `Section .tp6d is both writable and executable.` `The PE only has 1 import(s).` `The RICH header checksum is invalid.`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.4291% of the executable.`
Info	The PE is digitally signed.	`Signer: Tencent Technology(Shenzhen) Company Limited` `Issuer: DigiCert Assured ID Code Signing CA-1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`140502911752ecf93687fec4aa6af7f2`
SHA1	`0bcad08f20831e652872f6ace1349336b019d546`
SHA256	`cfb0e45f04520b1ff78bfd1d6289a1e1795470ef387388f0afc274cb95d5d72f`
SHA3	`cc385b8a515c52c704bd12e591b6082aead3788cfdcd3b768bf528efa8212761`
SSDeep	`12288:LrNDSeC9c4d/7XdVvxw9rvSlclK9569xul+5w/CsLLTz9D9D9PxmlVakKJlig:N0cADfxmSIO+5UCsLlig`
Imports Hash	`7995c07d7992f1a7b672a1e70bee8640`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2020-Mar-30 08:56:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9800`
SizeOfInitializedData	`0x94a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000A5B1F (Section: .tp6d)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xa6000`
SizeOfHeaders	`0x400`
Checksum	`0xab37c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.tp6

MD5	`64110fd7dd9b398ea44e621417730511`
SHA1	`18bce000793f663ed2f17124e6f0a4d9ffaf1ae9`
SHA256	`f1bb2cdb753b8ce97dcded8dab4034df2b35fd181ba12cfeec931bde6ffc9d24`
SHA3	`084b8de574ca5ec77e0b4130f5051577af3ba0260b2d8e4784e8feaca4e0c064`
VirtualSize	`0x96b0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98748`

.tp6\x00a

MD5	`0de161f51f0000d41610ea075be95b37`
SHA1	`0e0505db9915f86ac99748f49c1b271d64c3ab97`
SHA256	`6617f1d2dabcb3f19016a508b1cbb2a3b63189cc0767a79f84894e0284b7000d`
SHA3	`d5225742afe1a4e04c7801fd4e05003c1b9dd930ecc827ea3d524b5982f7a7df`
VirtualSize	`0x872e`
VirtualAddress	`0xb000`
SizeOfRawData	`0x8800`
PointerToRawData	`0x5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.75028`

.tp6 (#2)

MD5	`9d3c68ffdcf259cd342ec486ed5e4d4e`
SHA1	`8c2930621ecd135fec369546ba62424b8fb370d4`
SHA256	`48d9da35d5fc641f228363b64e2e4f40a95fe6656da10ddd700bf57cf49315ef`
SHA3	`700c25ef3ca031e775192fc904fec681029d54df4bca9483349c511e82ab4954`
VirtualSize	`0x1bc0`
VirtualAddress	`0x14000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.55642`

.tp6\x00a (#2)

MD5	`da38a5f24cdc8cec631dacafd7a5b531`
SHA1	`01c3b13146074cbeb7f7c63b1a4e8917767093b0`
SHA256	`743fa6264db61688c40855ef10ea64ec446c0ff6e34c5469890781ade94ce703`
SHA3	`3678759db12423e2df6cfa265e60fc9b48041f82d8e3ff2f2f41f859b6ce661e`
VirtualSize	`0xb64`
VirtualAddress	`0x16000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xe200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60105`

.tp6\x00s

MD5	`450ec568807695bd8d900e4c44b352f3`
SHA1	`1ce6b4e0869a08fe52ea5272d6e2467e3ca30120`
SHA256	`ed614a9f4cc5a4ff65a165a9545542d08f657de4452229db546a717a44baca69`
SHA3	`4933e60b3c0f8e09e02a6e1f77b93183f48962e9fb2b8762ca1acd35b19c734e`
VirtualSize	`0xa0`
VirtualAddress	`0x17000`
SizeOfRawData	`0x200`
PointerToRawData	`0xee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.472`

.tp6 (#3)

MD5	`31887d0a4b86f856eda970e0dc8ea78a`
SHA1	`fda31d0cb84aed1d3e99f53a38557b5977bec5b0`
SHA256	`b7c285b9bee449b924286f6efa69a9c4759c876520a5d19d8916b1964da642f6`
SHA3	`27064432067d594b1cc067207117dd9305fe7894bfa5547c995d3e9b36bfbdea`
VirtualSize	`0x8a0e0`
VirtualAddress	`0x18000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0xf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.32335`

.tp6d

MD5	`df45c876c2bc949f9ea1880d7aa78b5f`
SHA1	`364805d05f013d8c75c30cd380d08faa5879d216`
SHA256	`c0ed1c9c0177636101b37006b53e4a128f9a95aacb0373e5c6ca0746c06c3125`
SHA3	`f9d8e335b91f4b4ef93af17c026fedc04f00f39f12c98afefe35b8e16152414e`
VirtualSize	`0x2b29`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x99200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.88798`

Imports

BH3Base.dll	`#1`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x148f0`

NvOptimusEnablement

Ordinal	`2`
Address	`0x148f4`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.2679`
MD5	`6e06de960e420524b035422b973e9f42`
SHA1	`8f58662d942ffd45f59c16ec50755ca643b5e4c5`
SHA256	`a67e3ad4451b8d12170d3ae1f44a0957ed3b25bd0fbaf1b3fe1639b02e3fdfa4`
SHA3	`7cba3ce41a8cf8e9b9b6b8156a8eb7fe8f1383f03509b141e95d9ae7a2f2fcd3`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.43923`
MD5	`08de766649999b060f472ed698ca94ad`
SHA1	`f85f8957c7a58028504382d760ce867b9cd32370`
SHA256	`101ff4862e38a698b1587c590ffe0a87460dcd61cc89a3c100227a4a546c1589`
SHA3	`3d1751a7b257a8914eb936b8f3a184063ea7591cce48d9c8a411632cf81751c5`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.4993`
MD5	`a31fc3cf1c0206660e18ca8e9247f27b`
SHA1	`dd0a6dfa28b3851cc4b16128d8fd324d5fa335fb`
SHA256	`39eed5de19c99479010d282b8baf2a9fde44dd5ce7814469d2f5853b47c392a2`
SHA3	`ef3e1a7a9d06bcda5e09e981050e3f339d9b5abd6ea93acfc648146a753e155a`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.36099`
MD5	`d2b458e2dac6ad952339153d52713b75`
SHA1	`6288714ad96be407c40e733afc940904e75c1521`
SHA256	`94bc611b2b5e80a916d346d1dcada0291bcad3e5dd08acf6fe86bf43ff4f1a0e`
SHA3	`a1ee45877b82e1320430402c5d62941937f87da66bf5ada53b9283e7b46d33c2`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34627`
MD5	`b68a004525784984bb4a54bfa79b0427`
SHA1	`1e0d38392e2e7cc699450d8890e89236bf013acc`
SHA256	`f5b0c2b72249069b26f6d0fe660f3b2a8d53b418f2f96b276fd93aaf91d2b132`
SHA3	`596a3dc8c116ad9c1d9e6439aa14ceba2b2e021f31baa3093b5a9a1a3308ea4e`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.29352`
MD5	`565c2168a14048bcfc34c310d1889c18`
SHA1	`bc96a33080e3d41045e6643316def138d307bf5d`
SHA256	`594ec93cd4c3fafcb86baea4197db36e0efacf3bb1ad9daac6ff46e1f6c3ccb0`
SHA3	`031753222527c394b0922f8a9ad016ded1b57147d4a622b5325471072ba2b8c8`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.2434`
MD5	`855cb8ac16caaeacb2da3c056bd6c6ba`
SHA1	`046295a7e47edc26a76a056beceeddac4d9947f6`
SHA256	`ae03602710c83415ff1adb44b39ac8c255cc69cbb79babeeaf098271dca60d4d`
SHA3	`49afe271396e4f8995dfb1db0d75192d87923888973949f7ce20ca4c7b3ab2b6`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31475`
MD5	`248b5b0a51927a4c447815a53ff823fa`
SHA1	`e7d6b615ba35022a80004227ac522161a5555cab`
SHA256	`97568c22e1c970697d99f022478cb339a998dc21725b955cad64b973e51d08e1`
SHA3	`f478d50c9a0a2525099745ebd327ffd07cba46aa60ad252966d53961497f2dd1`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31312`
MD5	`6ec9beaed01a415f4c31f95a91e09cf9`
SHA1	`32ed90f5f9e25529a35c79cc1a61d617175bfd8a`
SHA256	`a0383a49941bfb544eb60ad962e367c0742c215bc9dbf8f2828ba16dcaffd723`
SHA3	`fe0f142c6199eaf08c518766f03de9c3d15181e7f7d8da742ccd63eceb7abfed`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40857`
MD5	`9a79fe936a979b8f05fa3f4bcfa7b0d5`
SHA1	`ddad9c2abc26508c42764ef64106d5a1c9ee5f96`
SHA256	`af48344bc8ecf63bf70776c2dc0680b2765a75d7e022023fe867f7437a3a161a`
SHA3	`0561e7df7f86b7fd59a165309df8206eef5a2af69c21e828238390cdaf366f99`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x663`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38211`
MD5	`76425b16c7a421e16e7c77ae0c79e4b7`
SHA1	`7eac4a232f4509ab609e050613f718fa73e492f6`
SHA256	`f2854a5b16db24236c510659589caa32ef7398f7000ba7a91deec1dfc4a5d08b`
SHA3	`c9541bd410417a0c1a98243b9ed5fd55a8191c542d80502efd891dd7463f3cf0`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2017.4.18.13956
ProductVersion	2017.4.18.13956
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2017.4.18.5715588
ProductVersion (#2)	2017.4.18.5715588
Unity Version	2017.4.18f1_5736849e9d26

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Mar-30 08:56:58
Version	`0.0`
SizeofData	`158`
AddressOfRawData	`0x12248`
PointerToRawData	`0xca48`
Referenced File	C:\BH3EngineDevPC\Unity2017_4_18f1\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_il2cpp\WindowsPlayer_x64_Master.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Mar-30 08:56:58
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x122e8`
PointerToRawData	`0x10ee8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Mar-30 08:56:58
Version	`0.0`
SizeofData	`736`
AddressOfRawData	`0x122fc`
PointerToRawData	`0x10efc`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x5e2e7137`
Unmarked objects	`0`
241 (40116)	`4`
243 (40116)	`120`
242 (40116)	`13`
ASM objects (VS2015 UPD3 build 24123)	`7`
C++ objects (VS2015 UPD3 build 24123)	`28`
C objects (VS2015 UPD3 build 24123)	`18`
Imports (VS2015 UPD3 build 24210)	`3`
Imports (VS2008 SP1 build 30729)	`2`
Total imports	`86`
265 (VS2015 UPD3 build 24210)	`2`
Exports (VS2015 UPD3 build 24210)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3 build 24210)	`1`

140502911752ecf93687fec4aa6af7f2

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.tp6

.tp6\x00a

.tp6 (#2)

.tp6\x00a (#2)

.tp6\x00s

.tp6 (#3)

.tp6d

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors