Manalyze report for 5534465062a9089840568af130b7d0f3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Mar-18 12:42:53
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb
FileVersion	`2020.3.1.7841951`
ProductVersion	`2020.3.1.7841951`
Unity Version	2020.3.1f1_77a89f25062f

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.3788% of the executable.`
Safe	VirusTotal score: 0/67 (Scanned on 2022-05-08 09:42:52)	`All the AVs think this file is safe.`

Hashes

MD5	`5534465062a9089840568af130b7d0f3`
SHA1	`47b1b9670c57e945a630787b661ebc57fa6da787`
SHA256	`93d8dfb94ade06c2d7d4ca47add7d6881ff70453016cc8d1cd14537cc86c06a8`
SHA3	`1f9eee2ec5fcbcb078c38a74b8a4d47c411e6bf36c40c3749af135a81cf4e958`
SSDeep	`1536:cC79gXAX271lcBzqEY2lkCswVxYDXosWkd09dluaUGX/9fpDBGQ6J5CYExyHQYY:pgXpJozm2lkCsuYDbMkZkBfx9`
Imports Hash	`5f74a5c747508e2822fdb9b687deaf42`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2021-Mar-18 12:42:53
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa200`
SizeOfInitializedData	`0x96600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa5000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`21b36fdaef4252cfff5d97233a08237d`
SHA1	`9169d9d590945e9449a0650b633fe17015740f97`
SHA256	`1d5305f7e37da4709ba7b7140c745a8bfd40e1645f5a2240a35d36cc4e7ebf6e`
SHA3	`5b3b61078be056f6f0b5fa1bcd81112af0c0030a1af3156f861ac5d670a0b9b6`
VirtualSize	`0xa120`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39577`

.rdata

MD5	`0afd6f9718e2e03fb8b9ed5792fa2e18`
SHA1	`edece1af02391940de041e7899c3d784ca3d2220`
SHA256	`897dc254503655a34d584fd8c8dd06c7fb657d22c90305cdc15deafe1260fbf1`
SHA3	`f5598aa3fc77cde96d7b0f821f5c3e6e2ece9a202cdeef8cba3caea380a6716a`
VirtualSize	`0x8c5e`
VirtualAddress	`0xc000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65222`

.data

MD5	`a9e79420695e9bc679ca784c3876e94f`
SHA1	`85d68049c56be1369a584c2cef1f26bece917c8f`
SHA256	`a64f2a1dd771a4ddc2a8b9ebecec8d75683a19da0fcb7c92b1ca380ca540a055`
SHA3	`902fec18ac997b92fb99b25384f1c089fc9ae1ab1d849e846fff2b3a4d2bd9fa`
VirtualSize	`0x1cd8`
VirtualAddress	`0x15000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.67624`

.pdata

MD5	`1063600acd63dabfe63d12849686b634`
SHA1	`afb48051e210d322b89b35b107cfdd3c081e6eb0`
SHA256	`e74fd6df00f224c718b9e961e0f5bfb66ad096ee5367bc368a7511504e6753fd`
SHA3	`7c8904447aec520dd5ad9142ee328fc8094c3b055bec0da3997ca87f3c309370`
VirtualSize	`0xc48`
VirtualAddress	`0x17000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.35289`

_RDATA

MD5	`1960efd573f3d23522c840210d59fb7e`
SHA1	`47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2`
SHA256	`ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4`
SHA3	`225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4`
VirtualSize	`0x94`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.08512`

.rsrc

MD5	`91020f649ffaba353e580cb66b11a8ad`
SHA1	`47eca2076b3c12d02e0171ee3768ec59e63de257`
SHA256	`ded81f4830853c875c4025cdf185ae04f2272d888a5f307f6a3d86ef13383f04`
SHA3	`0b849450cf9e407ffc7e72bda48e024a04ebc91ae835e477f1c4503fec480f93`
VirtualSize	`0x8a0d8`
VirtualAddress	`0x19000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.68901`

.reloc

MD5	`a9c3cf69888151777a2a472fa85313df`
SHA1	`a5410c074ce059a802887d8ef48a198d601aa9e3`
SHA256	`02d5b365a568a1cfd46be8549a8fee9793a57a8d69c3544d8232330a87a3d7ad`
SHA3	`874351b3eea840f9c0337e4533e9a1b535fab5c0ccdeba911f149a1902c60a44`
VirtualSize	`0x634`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.78467`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x15004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x15000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52403`
MD5	`ee4ea8403afc056a622cbbaa351146b9`
SHA1	`99a07d0ed79fc7517b6ff599ef72fc10c5324d85`
SHA256	`661c61b5d90a3498287349e430c8f5e41f707791c8b77def3121329a09062315`
SHA3	`fa20ed2d06e29e9f283e3d0026caa7935687cbaa964dc30b0efd01e7e6cf850d`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5672`
MD5	`0d761e17023bf8868e214930e45d36e8`
SHA1	`728d2fccee4394aef38e958132c7ef1a7f7eae67`
SHA256	`d1a91772e1b9012791a752ebcb080d45a73397e317fc40ac5ba427c8c9aacc7a`
SHA3	`9e68fe4f2c39eb1f7c88ab45e3e27526588526dd1065899cdb63915f735b5d79`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.65251`
MD5	`051f5cae11d560509e32a02121b606ad`
SHA1	`8bda467d5f976f1640775436741c4187d3b581e2`
SHA256	`be92e4691b8c3fda07d429194c662ed1d77737b63a990d15034a08321291ff95`
SHA3	`287b3521c0fa9cabf9a00c91ba8f25508d9b70cfcea1879c4c9ffea931681813`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.75891`
MD5	`d947b3d7652ea00f1b3100cbe78148e9`
SHA1	`8487821ba0badf1c52b6452e39871b686be6b4cc`
SHA256	`065ae2ff1405b93144e8aba85320bc49f057b8becd535a3273fd19a0670ee017`
SHA3	`c02f659ccab116ac99b2209ab2430d22622a8a280f3609bc79604d019ab18c37`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.89786`
MD5	`4d89de13f4006c81aec75150780a797d`
SHA1	`8599f2cb25de68b41c77b7781a6f14f12f3de1a2`
SHA256	`437542a4d41adf9a2777cda9b508e0f2111e45a029d4c937b1773d78dff63baf`
SHA3	`a58b5c181ac9c46dff2dde9324bb28955fb0d696b7e5b3c0be2630c76090d209`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.99316`
MD5	`28c394c40b4aeb06e38e6daa61c4f1e6`
SHA1	`d9d1d24576c7bf0b541b80448c949bf81e46e083`
SHA256	`8d91b075e7c72f280874916db8a643f23b3632eed94ac361715589b521abb65a`
SHA3	`41e9115c1070dea61020d2290c0772bf19b8bf6a6024214468229311f0bf6623`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.25726`
MD5	`009d69eb53f707b27cb90668a5b11963`
SHA1	`5e7e847753f5b04e89fd3ba09d599008558e23e5`
SHA256	`5ce4550f3b641654fe825aed657ea977b265380b5248f6c888a73fe9e33d11cb`
SHA3	`630c9f0d9c48ec9341af10c78e375c381501cea5476be2306643af7b6c9fa120`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.28974`
MD5	`d0cba488891c3818d0e54401025c4399`
SHA1	`c2f38ef1eb93d64b6087d678ddddaea57372c24f`
SHA256	`ab3f00b79df23234c5925431872b6e901e53ab21c86cd434d75beb18792a5f71`
SHA3	`9f3524cc38e6e66a911fea9b98419e16b8bbe51a940517803d07ae528eda5c64`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.49433`
MD5	`dbfaaf9a4a98cd83d9c2dae4cab618ce`
SHA1	`ce04f89197c054988fb73d2db235e06dc88eca96`
SHA256	`ccfba96a540675aca2762628957432fc013ff354920e1a200579f9a129b3be9c`
SHA3	`f25a01c5abef017965f74bea4fcf0deefdb9f426349a7b2789537dc0c04a6390`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40626`
MD5	`58fdfc49aa1bb816d500f5e2877c20c2`
SHA1	`356fa794a9f4e049459d00df3a54a1574fde6171`
SHA256	`0ef9ff887ccc08f0991ba04e2e24f69a05de8b0db39c7adecc4ee41052a23fbd`
SHA3	`38e322cbfcfe45a7eb195acfa206a65243976cc006338a9926343c3f7417ce6c`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2020.3.1.43167
ProductVersion	2020.3.1.43167
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2020.3.1.7841951
ProductVersion (#2)	2020.3.1.7841951
Unity Version	2020.3.1f1_77a89f25062f

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Mar-18 12:42:53
Version	`0.0`
SizeofData	`132`
AddressOfRawData	`0x13730`
PointerToRawData	`0x11d30`
Referenced File	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Mar-18 12:42:53
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x137b4`
PointerToRawData	`0x11db4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Mar-18 12:42:53
Version	`0.0`
SizeofData	`712`
AddressOfRawData	`0x137c8`
PointerToRawData	`0x11dc8`

TLS Callbacks

Load Configuration

Size	`0x130`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015030`

RICH Header

XOR Key	`0x69197163`
Unmarked objects	`0`
C objects (VS2017 v14.15 compiler 26715)	`10`
ASM objects (VS2017 v14.15 compiler 26715)	`5`
C++ objects (VS2017 v14.15 compiler 26715)	`136`
Imports (VS2017 v14.15 compiler 26715)	`2`
C++ objects (VS 2015/2017/2019 runtime 28427)	`37`
C objects (VS 2015/2017/2019 runtime 28427)	`16`
ASM objects (VS 2015/2017/2019 runtime 28427)	`8`
Imports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`3`
Total imports	`85`
C++ objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`2`
Exports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Resource objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Linker (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`

5534465062a9089840568af130b7d0f3

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors