8656f6e773d61534d729e7769af9bfec

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2021-Jul-19 22:29:10
Detected languages English - United States
Debug artifacts C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb
FileVersion 2021.1.16.16457987
ProductVersion 2021.1.16.16457987
Unity Version 2021.1.16f1_fb2103c1c146

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Suspicious The PE is possibly a dropper. Resources amount for 86.3971% of the executable.
Safe VirusTotal score: 0/70 (Scanned on 2022-08-02 03:32:10) All the AVs think this file is safe.

Hashes

MD5 8656f6e773d61534d729e7769af9bfec
SHA1 cb20c29cddb3a624ec23caafbb958fdca2cf7bf5
SHA256 55b4baf7cc7d095808ebc913e07a954241aa081d6df61e9a91d70783a38e3b07
SHA3 980d19190a891b599bcb2e64df85dbe07e8a6d51f61f1037340da5e0fa2badf0
SSDeep 12288:T4eCdOOCmReJ058BERqaNDKMZF3On+GzAg7LJ:U5jRu058B5qDt2+o7LJ
Imports Hash 5f74a5c747508e2822fdb9b687deaf42

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2021-Jul-19 22:29:10
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xa200
SizeOfInitializedData 0x96600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001260 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xa5000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 21b36fdaef4252cfff5d97233a08237d
SHA1 9169d9d590945e9449a0650b633fe17015740f97
SHA256 1d5305f7e37da4709ba7b7140c745a8bfd40e1645f5a2240a35d36cc4e7ebf6e
SHA3 5b3b61078be056f6f0b5fa1bcd81112af0c0030a1af3156f861ac5d670a0b9b6
VirtualSize 0xa120
VirtualAddress 0x1000
SizeOfRawData 0xa200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.39577

.rdata

MD5 40ca718e5995edd46b00c54c171b4cda
SHA1 97f3b853fa5e2bcf0d9f098955c2deda5871ad31
SHA256 08b4470c49a273c8ff19f50f0993677431a755d49e95bdc2dc5f7377d2109748
SHA3 7d7fd3585d6fc4dc01deacc3329b7ba010383423ea7cbc31c0d220493e45e5c9
VirtualSize 0x8c5e
VirtualAddress 0xc000
SizeOfRawData 0x8e00
PointerToRawData 0xa600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.65244

.data

MD5 a9e79420695e9bc679ca784c3876e94f
SHA1 85d68049c56be1369a584c2cef1f26bece917c8f
SHA256 a64f2a1dd771a4ddc2a8b9ebecec8d75683a19da0fcb7c92b1ca380ca540a055
SHA3 902fec18ac997b92fb99b25384f1c089fc9ae1ab1d849e846fff2b3a4d2bd9fa
VirtualSize 0x1cd8
VirtualAddress 0x15000
SizeOfRawData 0xc00
PointerToRawData 0x13400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.67624

.pdata

MD5 1063600acd63dabfe63d12849686b634
SHA1 afb48051e210d322b89b35b107cfdd3c081e6eb0
SHA256 e74fd6df00f224c718b9e961e0f5bfb66ad096ee5367bc368a7511504e6753fd
SHA3 7c8904447aec520dd5ad9142ee328fc8094c3b055bec0da3997ca87f3c309370
VirtualSize 0xc48
VirtualAddress 0x17000
SizeOfRawData 0xe00
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.35289

_RDATA

MD5 1960efd573f3d23522c840210d59fb7e
SHA1 47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2
SHA256 ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4
SHA3 225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4
VirtualSize 0x94
VirtualAddress 0x18000
SizeOfRawData 0x200
PointerToRawData 0x14e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.08512

.rsrc

MD5 002445e01970337f05b5009239ad5762
SHA1 5591d867b9d2aa1a83263c460d6178705b154025
SHA256 0d9cb19022328db88972e1b0752a9ff5ed2c791e9f4f5e570bea27685019102b
SHA3 a9ca65642669633431f88a0ba89cccf350f24735cab408034c44b367c3183202
VirtualSize 0x8a150
VirtualAddress 0x19000
SizeOfRawData 0x8a200
PointerToRawData 0x15000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.56054

.reloc

MD5 a9c3cf69888151777a2a472fa85313df
SHA1 a5410c074ce059a802887d8ef48a198d601aa9e3
SHA256 02d5b365a568a1cfd46be8549a8fee9793a57a8d69c3544d8232330a87a3d7ad
SHA3 874351b3eea840f9c0337e4533e9a1b535fab5c0ccdeba911f149a1902c60a44
VirtualSize 0x634
VirtualAddress 0xa4000
SizeOfRawData 0x800
PointerToRawData 0x9f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.78467

Imports

UnityPlayer.dll UnityMain
KERNEL32.dll WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
CloseHandle
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal 1
Address 0x15004

NvOptimusEnablement

Ordinal 2
Address 0x15000

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.55538
MD5 0323e8b8cfc4aa9945b6b6263faaaeda
SHA1 b32c3d9940ee41f2fcb8d5bf778bced140ec7d33
SHA256 a071e69e7cb5d7441fe30688946edb6599de8bc009d8a85641a96c04d563455b
SHA3 fa1b211b2ca129e03633cc11e2020545071bb59cde73680cbfea306dd772c468

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.55714
MD5 9922a267cc4521bf66d0dad890210369
SHA1 87f8288e415f3fb25e67ea290e63e11525f2cf0b
SHA256 6b673c4b3729721e384a57e9eb6e8c88357e699ddfc47c0e750aef38ec3768ae
SHA3 396c5efac57d8a5c9f6c4e4658b9e17cfe0031e617c7edc8a2c500af8637fd2a

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.5552
MD5 8c25c2c6887456565ba7374cee8ea59a
SHA1 30e5b4cf7cd709c6341f225baa5886e37a287117
SHA256 bcbd0c527a24e922506208362dfe4a3aaff3435cb32f7f9ebaf7dc49b376b259
SHA3 7d36322604684d2cba282b340a65d3e5ac5a9d3d4641754f6691d8f828eb6f6f

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.54942
MD5 479e37570453b66ff74faa297598cc32
SHA1 de918cba196797af932d1baa28bb0df6058a5477
SHA256 cb9c67925e0f3e26ca1bd67ac26ad07db29fe9fe3213f6568793ac6c2da969d5
SHA3 ca757a7aee02c0a1784b57cf96c1a9883fde77daa68a4582d3bd948675ce4078

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.43835
MD5 ac8ba8bd1bb0d39d211f83660718d647
SHA1 aea43a5f2064aefe227afa96325747e728e416b2
SHA256 3a55e984ac08819383073b913df0c2b437735bb4519c4b4c507981a008273323
SHA3 3c440c47a9d25b534a5c2a94f3f5d7c2a269c76c44a6b0783396d30d87a72d26

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.48109
MD5 76ef60c042a2efc3dca7de418fe6f775
SHA1 253ae9fbd393d9fe970661a2180f034374ca5faa
SHA256 e5baac744bdd53c35a80d42a440953bcd4171173e080baa9066f06f945aa0e98
SHA3 7904eff1f2428c7f5ef5751ff3454fcf1f2d3877399216b1fcb733c2b1046106

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.59834
MD5 7ca7b1035cddf100e75b8a9dbc52a241
SHA1 1e7caa04f8bfd5923d543ffa44b82a6f7e84fe72
SHA256 32e6793ac94254718a9e4eba4ffb8210ac97316dc565ce4414b36a58a6acb50f
SHA3 31e9c5ad6b1d9375a951317a64d3122a7637c205dadabad48662ce4fe57b3d07

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.66541
MD5 837ae263715b2d3cfec28b3df961fe88
SHA1 3a43b8056a7696d559b3f2d714d5aa184b98a3b3
SHA256 e39e45571dbdfc215b5d25b1461e4f11a00b2b3fd9acb78e148aefa91acba2a9
SHA3 8271de1355da761788a8cc2ad19ce181ebc8b2fe33cda3d76a35945dcb681421

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.59062
MD5 5e78835e894207ed591705363286fa6f
SHA1 1eb12401f308194ab29698f4f73614e2f1bb50b3
SHA256 12382e82a3120370cb5aab4785099d0fd299897f23f3aa1616e5c61ac7347562
SHA3 e0d89199d6d10683b20c49177e3f91697ad95aac4bde88655fd7fd9995461cda

103

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x84
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04448
Detected Filetype Icon file
MD5 f7731730720cfe035cf030b40d0e2eb6
SHA1 d046e23f2ee2b93ad96be8e1dc9120ecf3915091
SHA256 5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500
SHA3 6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x1c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.39882
MD5 bc99503686512722ee651d7a0db74e24
SHA1 a32da60900bd14e092865579cc08743343197dc6
SHA256 4cbe6ef70a0116ce4bc0108cdd7b42de91dd660d625ac98fc254db8897f870d1
SHA3 e1ff320de43dc5eb2cf429172c6034e76a3398dfee3d5ba8db2ce8ea15fb6321

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x6c1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.37708
MD5 aab7e8aafe7b06ab3d003b54ab5e18ed
SHA1 dccf0408f43059df37b755f3241a8b4b35c728af
SHA256 fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8
SHA3 a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2021.1.16.8451
ProductVersion 2021.1.16.8451
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - United States
FileVersion (#2) 2021.1.16.16457987
ProductVersion (#2) 2021.1.16.16457987
Unity Version 2021.1.16f1_fb2103c1c146
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2021-Jul-19 22:29:10
Version 0.0
SizeofData 132
AddressOfRawData 0x13730
PointerToRawData 0x11d30
Referenced File C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2021-Jul-19 22:29:10
Version 0.0
SizeofData 20
AddressOfRawData 0x137b4
PointerToRawData 0x11db4

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2021-Jul-19 22:29:10
Version 0.0
SizeofData 712
AddressOfRawData 0x137c8
PointerToRawData 0x11dc8

TLS Callbacks

Load Configuration

Size 0x130
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140015030

RICH Header

XOR Key 0x69197163
Unmarked objects 0
C objects (VS2017 v14.15 compiler 26715) 10
ASM objects (VS2017 v14.15 compiler 26715) 5
C++ objects (VS2017 v14.15 compiler 26715) 136
Imports (VS2017 v14.15 compiler 26715) 2
C++ objects (VS 2015/2017/2019 runtime 28427) 37
C objects (VS 2015/2017/2019 runtime 28427) 16
ASM objects (VS 2015/2017/2019 runtime 28427) 8
Imports (VS2019 Update 5 (16.5.4-5) compiler 28614) 3
Total imports 85
C++ objects (VS2019 Update 5 (16.5.4-5) compiler 28614) 2
Exports (VS2019 Update 5 (16.5.4-5) compiler 28614) 1
Resource objects (VS2019 Update 5 (16.5.4-5) compiler 28614) 1
Linker (VS2019 Update 5 (16.5.4-5) compiler 28614) 1

Errors

<-- -->