Manalyze report for 6c7315b95dc960aa188200c6045395aa

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Jan-17 19:16:38
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win32_VS2019_nondev_m_r\WindowsPlayer_Master_mono_x86.pdb
FileVersion	`2020.3.44.8328603`
LegalCopyright	(c) 2023 Unity Technologies ApS. All rights reserved.
ProductVersion	`2020.3.44f1 (7f159b6136da)`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 88.0626% of the executable.`
Safe	VirusTotal score: 0/74 (Scanned on 2024-06-03 01:54:54)	`All the AVs think this file is safe.`

Hashes

MD5	`6c7315b95dc960aa188200c6045395aa`
SHA1	`60118e4bc79c2b76e0c90d32d43f2df0441826f3`
SHA256	`e0f76bdc1db527e5300cf36c0f5863b1ebff1a0843ddd547a7d2d08b2f299c2e`
SHA3	`93a9e42c2848cd53b903f4ea85cb79588befbda81dd70ae57a4d6ee9f9f8297b`
SSDeep	`12288:pRqA3u5YZoOsoi8LGw9sz1jn322522522522522522xN/x1Lcs:vqw7VGw9sz1jn322522522522522522`
Imports Hash	`e31e227f9c58f4b15ebf5b93d8c3c2a0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2023-Jan-17 19:16:38
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xb000`
SizeOfInitializedData	`0x92000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000125D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa0000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`636a50817fb8d4d2225711d6df90d934`
SHA1	`154657214b9e8c30238d21eb3f15ccd543443ab9`
SHA256	`fbb396dc2594f288c280de91f59ac41d0e490558e054ae19d3e0128c070f9963`
SHA3	`ce1cff8d002fe2d72cb6a9ae763b6b2b17c9fcd2412a0afa898305be85ab3ba7`
VirtualSize	`0xaedf`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62043`

.rdata

MD5	`5b58482350de46a7c1dfe3ddbb324abb`
SHA1	`eb8917cdde17ddd0781c6b31165437559f679dea`
SHA256	`a5b35d147e72e127cc5355c652ca996661a1d39c5d50fa682a346c64f98a5230`
SHA3	`5cb3c971ecc75e99c7220e340cd8b39deb738c845747c2dc223463359194416d`
VirtualSize	`0x5a6e`
VirtualAddress	`0xc000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0xb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.80265`

.data

MD5	`f8ccc19f852cfd9366353f5516003dc6`
SHA1	`d4d8b732331beb3a731549c4f58b6330a60617e1`
SHA256	`e5c0a92c51c13a9ab826fd320a3762e540efab26416c5b31aa9aface399d8c13`
SHA3	`24e2c42b901e9a48f06b672849598c53998f392d29d30d16ad34a7120ff69329`
VirtualSize	`0x13b4`
VirtualAddress	`0x12000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x11000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.81902`

.rsrc

MD5	`ad3e5b46668f6c98673bdae5f6d9e920`
SHA1	`783f43905438d580e0cae03c021837ff4dd4a70d`
SHA256	`d4e9847330abf8b0137d5f835d52a7b3cdd86d3c517af69f2e817e65972aadcf`
SHA3	`ff695765407e561cb041c649e32ad91e1102cbfc425581ae471288d2ba9e1215`
VirtualSize	`0x8a198`
VirtualAddress	`0x14000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x11a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.79492`

.reloc

MD5	`a3849fa22b0c397cbb0d30da18810ce9`
SHA1	`90cc39f4eafd522bb6ffd51012df20ccf3d1436c`
SHA256	`9a0923b1157f3092d3512bac4fc19ad81acf88601f514a7a21a50f795418c7f3`
SHA3	`195019e39f6fed5e509411f7e4a94583800d24ce15eb86358978450d1d19394a`
VirtualSize	`0xdc8`
VirtualAddress	`0x9f000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x9bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49463`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcess` `TerminateProcess` `CloseHandle` `RtlUnwind` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `DecodePointer` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x12004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x12000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.71655`
MD5	`de011b9f4c336e2795ee82ed0ead57f1`
SHA1	`ab916d051c1e392104669e79dcb18e82197654cc`
SHA256	`6ed3a7d5ead3736ace63f311ac22c224d9bcdeab0bf8a1540e1b2eeb61560043`
SHA3	`796206c2f85ecc229ae20538653ed04dc9cc7f3989c1625f96dcf3e941809c33`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.79492`
MD5	`e26f52e857bc080340daccf352d741f3`
SHA1	`9b373bd10a148585e56da041ae27fbbe8bd8c5cb`
SHA256	`4bb6234994e34a5614024afefb5ae0126d91585ffeef992a5fc600ef7b332a82`
SHA3	`6d075b23b9c8b0fa281b2beedf2d7647b683487d960df7fc86015fdddc4139ce`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82593`
MD5	`1e9c879064ec426da62062163eb632ed`
SHA1	`b499017495dea317860eff8d2957681e4c49f09a`
SHA256	`6eec613ce531d5ae93c1c2635e2ad35beb3e92bc39bbefb6a0092c196d39e401`
SHA3	`8488eee2bc5fbe215c281662259ba41baba7c5917de4b43f09201cc483acaa76`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85397`
MD5	`6ac76c7ad1e925a8c62f069efa135846`
SHA1	`15e8f402a124c28b2c4ac0511d6b6cc026362727`
SHA256	`9197e8d35d451dc6a16211866fa4dc001e2666159b51d648b624eeb7757ccd06`
SHA3	`af5262113b2509dc98f6485c7c173b021c415c9c71e6a95ad3f9b26f1b240d31`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.92702`
MD5	`32cd9dd8f75ce47143bfc850d97ad9e6`
SHA1	`0e7769ada1543bc98ac40675f52790e3b5453edd`
SHA256	`333580f27e6a3802da7f92590d3f661e803cf461d75bd3de41b54b24cff5909a`
SHA3	`dcce63012a7d1db4a944dcef2d764445924d2637dacb6c55b1486370c24fa00a`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.96077`
MD5	`64503cdd0065797f6b5f105a461fec4a`
SHA1	`a5865a3581c9b0dde8190ce7da91114991f1f93b`
SHA256	`40ce9bd7932364108f997e3f104e9e4a3fbeabf436586df1c7f68218f62ae3df`
SHA3	`f5344df7bb4c9540cbef673cacf19f20b87be2108355857943e249af400322cb`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.09346`
MD5	`decb3f75000639017cba31f0eb17373c`
SHA1	`df00cfc3f264bb641959c4913ff000edcbec415d`
SHA256	`23593b8390c264ff89d64d4998563952e2d49a2c732acd62ce8a8029a314b430`
SHA3	`9bf76a05c342619d3b827846ed82c6e918f6e0b12f5f97e1dfcaed4398a630cd`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.01035`
MD5	`6292d0016976e94dceec64aaae40fd13`
SHA1	`4eb3849205965548513d980267a717e7c2ca5d03`
SHA256	`f87160bafee6edd09301ba739ba1b94e4204711bedb5ac87ffb2760c9f446424`
SHA3	`787668813ee810220ff88d49c09733ec55a09677cfc8263b5e2b70c19b4ccf17`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.88363`
MD5	`c444ca4e55019612d9f613584376d5d3`
SHA1	`d463cb4e49cb7f4d3a0bdd66191679fad33b7f49`
SHA256	`c47bfff4be171416287f780a85d420d3d0515e139fb80965eea116127dd1a1a5`
SHA3	`e875d8b38dba2e703d7c6ce65d995bec46a210c53c84f0b37dd4fe4b373df21e`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58913`
MD5	`94e9fa3db839704ba6624e6d7ad0162c`
SHA1	`c1daaebfa5244b7669bebe93f4cea02ce4d9d071`
SHA256	`f003ee5680548d6655c4d69b2c16d6fd15217956859b7a188c841bbdaac3819f`
SHA3	`3772e185246e601527730565286e126b82060740567c89c223f2240e0ea0fe14`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2020.3.44.5531
ProductVersion	2020.3.44.5531
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2020.3.44.8328603
LegalCopyright	(c) 2023 Unity Technologies ApS. All rights reserved.
ProductVersion (#2)	2020.3.44f1 (7f159b6136da)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Jan-17 19:16:38
Version	`0.0`
SizeofData	`134`
AddressOfRawData	`0x10ce4`
PointerToRawData	`0x100e4`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win32_VS2019_nondev_m_r\WindowsPlayer_Master_mono_x86.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Jan-17 19:16:38
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x10d6c`
PointerToRawData	`0x1016c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Jan-17 19:16:38
Version	`0.0`
SizeofData	`672`
AddressOfRawData	`0x10d80`
PointerToRawData	`0x10180`

TLS Callbacks

Load Configuration

Size	`0xb8`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x412018`
SEHandlerTable	`0x410cd8`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x55a4df06`
Unmarked objects	`0`
ASM objects (VS2017 v14.15 compiler 26715)	`10`
C++ objects (VS2017 v14.15 compiler 26715)	`139`
C objects (VS2017 v14.15 compiler 26715)	`18`
Imports (VS2017 v14.15 compiler 26715)	`2`
C++ objects (VS 2015/2017/2019 runtime 28427)	`37`
C objects (VS 2015/2017/2019 runtime 28427)	`17`
ASM objects (VS 2015/2017/2019 runtime 28427)	`17`
Imports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`3`
Total imports	`81`
C++ objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`2`
Exports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Resource objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Linker (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`

6c7315b95dc960aa188200c6045395aa

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors