Manalyze report for 460f88d4ebcd0117a75fb6c6d44e69c78b2b829941d838390d5d6d0f380bc323

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Nov-19 19:52:45
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb
FileVersion	`2019.4.33.13218480`
ProductVersion	`2019.4.33.13218480`
Unity Version	2019.4.33f1_c9b2b02eeeef

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.7884% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2026-04-16 18:00:29)	`All the AVs think this file is safe.`

Hashes

MD5	`4789b6648139299b91256d1afe307f39`
SHA1	`f79c7c8421a8cd4d03f406b9bf3e931d49491803`
SHA256	`460f88d4ebcd0117a75fb6c6d44e69c78b2b829941d838390d5d6d0f380bc323`
SHA3	`5c72d174bd71a46de4fa197e0cb50c024a8a8ce2935ece8820fc290c962631e4`
SSDeep	`6144:i/7oYfSHQPWTUg4rgS96ioIoVC9I1n833tnzm6uPNWawdyLNsLHhQINVlN9766H:Q7qTU7gtk9Ms7d6GjdIjQAy/xVf6`
Imports Hash	`fd60dddc87379c239e8ac49516966c3e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2021-Nov-19 19:52:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9e00`
SizeOfInitializedData	`0x95e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa3000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`396787b09c7084619fd353ed4d4aa25a`
SHA1	`10bbf1d12fd72a6f2490dae0fb34b3e3c37d0397`
SHA256	`84c4f4af681e7c55e04955e3244214c6a39406c9ff283dac14b45179c7344fd2`
SHA3	`2dbc41d4fcc7f9459799c1f273cc7d0b29a65a800004b70b2d8024daf74dfc23`
VirtualSize	`0x9d70`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39606`

.rdata

MD5	`577cd870487d4254feaae9c5ff384a05`
SHA1	`ec8826b8ddf3d693c8c723bc3bf46a71d4e7d856`
SHA256	`070e492c0a1e91b7a318ef327156dd451f47c91b58f7f0990ff95bd8507619fa`
SHA3	`2b1ade45a974f73b31e8518373bc37d8d8d6cee6deb186e3db0729665916423a`
VirtualSize	`0x88de`
VirtualAddress	`0xb000`
SizeOfRawData	`0x8a00`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72585`

.data

MD5	`db32eedebac3d09a8db683fdd7266183`
SHA1	`9d3ad2e8f784250c149bc0545875f3347c1e07d5`
SHA256	`63a977bb7df30209d66ab0ee3c2587394d2d84b87cfabab13902a80a9f8ac2bb`
SHA3	`f60fb1eaea0dc406d8fd8219c5b9519256c10cea02ce9801f2b262cdde729c42`
VirtualSize	`0x1bc8`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.81338`

.pdata

MD5	`3ce1bc4528abab2f9296f6de2d66eb13`
SHA1	`236a9014dd4163c9bea0d3216c4339b71336ac60`
SHA256	`846c816328ade2f569bd6d1755940b260f0c1dc44653c50fa0b693d81cdc395f`
SHA3	`78586f62c74b7328c23e5e427db6af1753665224f815fabb19547b4c15db1d67`
VirtualSize	`0xc18`
VirtualAddress	`0x16000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x13600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.30914`

.rsrc

MD5	`c6abe3173704066d4a1516c4f16cbe9e`
SHA1	`57b1b16f549f66f61639484176394c22a7b6db7a`
SHA256	`80a395a4610c244be6f63633b7954af3e85badfe5bab7da52a2397968fabb47c`
SHA3	`e747855684ffcb72e4f61ed3d328213f99a4beba09316afe419717edf7dc4fbd`
VirtualSize	`0x8a0e0`
VirtualAddress	`0x17000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x14400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.40641`

.reloc

MD5	`15c60be0054361c5f282b9c542c4b5cd`
SHA1	`3414732e68613e7ee32812f73810341e1aa3c9b2`
SHA256	`1597710aaca61843fdb13da316d06290830148f7e34074bef548abcbffa3b72c`
SHA3	`dba1e0d3f98cd89e8c35eb26f42dfaa9d0746b81262aa44f970150cf3cd45691`
VirtualSize	`0x614`
VirtualAddress	`0xa2000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.75713`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`GetModuleHandleExW` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x14004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x14000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.35762`
MD5	`0e7ef2cdaf32b186f40f46a50b11290f`
SHA1	`bdaf06978c54a7400b6de0dceab6d50f3f02b594`
SHA256	`e9bd4f16d8217a67eeed0edce84fe15186f6f6fb5bd17db2942549c20086fcf9`
SHA3	`5f692d3e15f788eb15c0a4d746c8638b6136bebfbe568dfb7cad5177bc51ba2e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.39465`
MD5	`ff7163a765e82358957d08d42b5319b3`
SHA1	`65968ace409c5adb9ab17234d3d28c2c365fb579`
SHA256	`124521e48010d23766e0811ef6a457f538befc97d6a903955e921a9acf86f75a`
SHA3	`1f5731c88110471dbb309c2bdd2807d8fbf9fc191a91c026efa0b9a630c518d4`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.45246`
MD5	`e064601b3e20dd633e57f984e712964a`
SHA1	`7728d6c3af946342f39f184fcf3411305da1a1db`
SHA256	`c13bec76e286446296823ee89dfc7e640a975b611597f2551e637c9b1d8027ad`
SHA3	`70ef982e76dde867b702cb2c1059ffaac06497863fe114e2e524de7ca178f2c3`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.48966`
MD5	`f1dadec351dd3735403074d7bd65cbf3`
SHA1	`1d34f4a89f4f725854bcaba43a20b5c40591490c`
SHA256	`15e70d0b18c2a0b8b80b092e524bc5a9b9487d4dde751126d34ec91a49a29060`
SHA3	`59cd83a7964a21c6ca03202d84d0ad8ad18ee52ff5d336ed384e4ff413cb0db2`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.49845`
MD5	`2f68f930bcd2ca32635ccaa1a3cae1af`
SHA1	`4b28de81d3111c8436dda9bbb57a46f1d15ae2bf`
SHA256	`9aeb67282a6effefc97cf4ebab1c16a3c6c8b2651f54007ca63c7ac3fa8ba5e7`
SHA3	`89c585301b0b8c5d23ad2fafab74725f3a654c286a9fc0bcb42ec0ef272ec5c6`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.43507`
MD5	`0e23a2061c7d2ac4ca56aabadfb3bdb7`
SHA1	`82ead9ca6c17bbb86414617f2330e9d7151c2fe0`
SHA256	`0cd5d57273d44fa42e81f2c4b558b508d1485a93cf63eb856e8ff72ee0511159`
SHA3	`314a02c2017d004ad6258d94a2ac79412d6fcc5bd5eab4ea2676bfdb3800ea51`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.42336`
MD5	`d3e1754d7acc439e9405070265e9567b`
SHA1	`5b8dac01e580cc32d3cb8fa6de398d9bd8d33ee9`
SHA256	`0222cd8fe1684ef6c1788a51a7ebdc93b1867d8349b01af31c2c5a797b2fca13`
SHA3	`b7aae3b4b7908f1c907397a6a029686550c34c21e1ca2b0009e1481438427eae`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.33061`
MD5	`9acdbfabd55f38182a46d0b77645d164`
SHA1	`ab3b4b9383a500010ea8bddc7a9ce933829a4062`
SHA256	`4ecf949253bd5b19b183940d2a5e0ceed53aad4231db72e5f45503f04d56f6ea`
SHA3	`380866d5468cb0da1d50e3d825eb8b52d12d538d4842af1ecabcd020b732ccab`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.11037`
MD5	`bcf69e81304af21868215d24bb0facc7`
SHA1	`65d7cc2931268ba3505ae14c1bf193541aaf6747`
SHA256	`45da3aae981fc484253bdabdee737f2b093f98df65b3ff5fd174e36c00ae25f9`
SHA3	`e229905c36394f3a6925cd272ee9f892ac21a60f89f973bfeb0ec6a732c9bf51`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36997`
MD5	`c946b63e1af388de6f2a4af7ee0d70fa`
SHA1	`877131199f3832913e3fc38adb60ca686e96c58c`
SHA256	`c56177810b447cf96fe418afa68cb92bb1b6410cf06bb79a79e396625de94490`
SHA3	`de5c3cf6c59913a21f9ae0f477cbdcd9c7f1c795c32c1021590818c2efdfa301`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2019.4.33.45744
ProductVersion	2019.4.33.45744
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2019.4.33.13218480
ProductVersion (#2)	2019.4.33.13218480
Unity Version	2019.4.33f1_c9b2b02eeeef

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Nov-19 19:52:45
Version	`0.0`
SizeofData	`125`
AddressOfRawData	`0x123d0`
PointerToRawData	`0x115d0`
Referenced File	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Nov-19 19:52:45
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x12450`
PointerToRawData	`0x11650`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Nov-19 19:52:45
Version	`0.0`
SizeofData	`696`
AddressOfRawData	`0x12464`
PointerToRawData	`0x11664`

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140014028`

RICH Header

XOR Key	`0x2a1ac2b2`
Unmarked objects	`0`
C objects (VS2015/2017 runtime 25711)	`10`
ASM objects (VS2015/2017 runtime 25711)	`5`
C++ objects (VS2015/2017 runtime 25711)	`141`
Imports (VS2015/2017 runtime 25711)	`2`
C++ objects (VS 2015/2017 runtime 26706)	`38`
C objects (VS 2015/2017 runtime 26706)	`16`
ASM objects (VS 2015/2017 runtime 26706)	`8`
Imports (VS 2015/2017 runtime 27012)	`3`
Total imports	`82`
C++ objects (VS 2015/2017 runtime 27012)	`2`
Exports (VS 2015/2017 runtime 27012)	`1`
Resource objects (VS 2015/2017 runtime 27012)	`1`
Linker (VS 2015/2017 runtime 27012)	`1`

Errors

Leave a comment

No comments yet.