Manalyze report for 8c345dad7e8700c043584ad6ced091e99c31fec9d1b303d16a321d18b26b73c9

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Aug-16 17:45:37
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win32_nondevelopment_mono\player_win_x86.pdb
FileVersion	`5.6.3.10261224`
ProductVersion	`5.6.3.10261224`
Unity Version	5.6.3p1_9c92e827232b

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Suspicious	PEiD Signature:	`Crunch 4`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `Contains references to internet browsers: firefox.exe iexplore.exe` `Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System b3 eb 36 e4 4f 52 ce 11 9f 53 00 20 af 0b a7 70` `Looks for VMWare presence: VMWare` `Accesses the WMI: root\cimv2` Contains domain names: api.uca.cloud.unity3d.com cdp.cloud.unity3d.com cloud.unity3d.com config.uca.cloud.unity3d.com connectiontester.unity3d.com cs.unc.edu curl.haxx.se example.com facilitator.unity3d.com http://msdl.microsoft.com http://msdl.microsoft.com/download/symbols http://unity3d.com http://www.openssl.org http://www.openssl.org/support/faq.html https://api.uca.cloud.unity3d.com https://api.uca.cloud.unity3d.com/v1/events https://cdp.cloud.unity3d.com https://cdp.cloud.unity3d.com/v1/events https://config.uca.cloud.unity3d.com https://curl.haxx.se https://curl.haxx.se/docs/http-cookies.html https://www.microsoft.com https://www.microsoft.com/en-us/search/result.aspx?q masterserver.unity3d.com microsoft.com msdl.microsoft.com normal.xyz openssl.org proxy.unity3d.com tangent.xyz uca.cloud.unity3d.com unity3d.com vertex.xyz www.microsoft.com www.openssl.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .trace` `Unusual section name found: .data1`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: SHDeleteKeyW RegCloseKey RegOpenKeyExW RegCreateKeyW RegSetValueExA RegQueryValueExA RegDeleteValueA RegQueryValueExW RegSetValueExW RegCreateKeyExW` `Possibly launches other programs: ShellExecuteW` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptImportKey CryptVerifySignatureA CryptDestroyKey CryptGetHashParam CryptDestroyHash CryptHashData CryptReleaseContext CryptCreateHash CryptAcquireContextA` `Can create temporary files: CreateFileW GetTempPathW CreateFileA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: WinHttpGetIEProxyConfigForCurrentUser` Leverages the raw socket API to access the Internet: WSAEnumNetworkEvents WSAResetEvent WSAWaitForMultipleEvents WSACloseEvent WSAEventSelect WSACreateEvent WSASetEvent WSACancelAsyncRequest WSAAsyncGetHostByName WSACleanup ntohl htonl ntohs htons getpeername getprotobyname recv gethostbyname shutdown listen accept WSARecvFrom WSAIoctl getnameinfo getaddrinfo recvfrom sendto send gethostname socket connect bind inet_addr WSAStartup select __WSAFDIsSet inet_ntoa getsockname freeaddrinfo WSASocketA WSASetLastError WSAGetLastError setsockopt ioctlsocket getsockopt closesocket `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeA GetDriveTypeW` `Can use the microphone to record audio: waveInOpen` `Reads the contents of the clipboard: GetClipboardData`
Safe	VirusTotal score: 0/44 (Scanned on 2025-03-15 13:00:13)	`All the AVs think this file is safe.`

Hashes

MD5	`8ad57b137aea50ab08bc64156abaedd2`
SHA1	`1f14d1dfaf84cb5b254c310b9df90f52a6af7614`
SHA256	`8c345dad7e8700c043584ad6ced091e99c31fec9d1b303d16a321d18b26b73c9`
SHA3	`cc6e79d7b5a671c488a81c8c8fa2b2a7da234cc1638fd58dceb48af5491e0b45`
SSDeep	`393216:WNP/ek+x/TXbnEqeFN271y62UqpTNQaxFQYo8d11FnVNAUsERZrqbCwKjmEu7PR:U3RGKjmx`
Imports Hash	`ea72ead9afe538645f56c324c3b62dc4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	2017-Aug-16 17:45:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0xe3ca00`
SizeOfInitializedData	`0x3e2a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0088B527 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xe3e000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x1225000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d5c553cc6568ebef19225ec6432fbd1c`
SHA1	`45c052771d31e35f1be667b17e15bd130609c19a`
SHA256	`e7244566070c42dd2324a23885e66fabd426db0be3e8b8aa77311eda5b6ebe17`
SHA3	`b2745de3884e7998006de7a73cac8959b3083d9782578aec881d1f6ac2adadf2`
VirtualSize	`0xe3c80a`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe3ca00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.74931`

.rdata

MD5	`17f1c4476192d6bcb0da92a8dd58d0a7`
SHA1	`f3223921cedca8e247686e8ccbed47d4f7797d6b`
SHA256	`652ede4971f62ec1e2c41be24e7bdae809488b5ec702b8ac07186445abf5d7b8`
SHA3	`8bd4eeed15d6c7cd020c5de3c18a0cf7533134394e3ad033bb77008ac950b825`
VirtualSize	`0x1bb0a4`
VirtualAddress	`0xe3e000`
SizeOfRawData	`0x1bb200`
PointerToRawData	`0xe3ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.10707`

.data

MD5	`7e270087d0fff248feac0730ebce7874`
SHA1	`7507ea242ba76e4f725ce840772b01574877dfb7`
SHA256	`e38df78380cd26285514d054c8da670e55adc65beb290ef6d09367e79e7ffbb4`
SHA3	`24d33bdac1a33caf8ebb649840802e5bebc5e2ebd65b530468278bf31ed1d054`
VirtualSize	`0x1084c0`
VirtualAddress	`0xffa000`
SizeOfRawData	`0x40400`
PointerToRawData	`0xff8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.5435`

.rodata

MD5	`9349f2d7cd96be2fa9a3f808675bf933`
SHA1	`d3b3ee2d7b099cde5ba4aa04b3c41d05a643ff78`
SHA256	`992660c0dd299971f0b6dd982dab15edecccb5be7919eddb8c3f746c7d2be30c`
SHA3	`81b0530fb697427bcfe3fe08dbf5f2377bd730415a7d4810cb23211882002cc7`
VirtualSize	`0xad0`
VirtualAddress	`0x1103000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1038400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.97031`

.trace

MD5	`aad9145907e88a07ce152c30e88a6396`
SHA1	`c345abc468912273a7a68b7c18ace598e25fad3c`
SHA256	`4408c707e258e6c2efa34d1c91f78a892630c6fa534a7a029237dce933ad02b2`
SHA3	`59bd8dc61602f22ea323f9c06585a53e336e9c8141922a554ee7edf6b0314234`
VirtualSize	`0x1b40`
VirtualAddress	`0x1104000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x1039000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.90331`

.data1

MD5	`f5688adfeaf35cd6be99948b3e39f323`
SHA1	`2f55833ab355e954606909994f39dda329ac124f`
SHA256	`e4c3899536c9b4e013c94c9d414ad6c0902675cabdca901b48355f1cfc5b257c`
SHA3	`250e3c80907146c70bf643680ffe1d340a35f3acc2c6b24760df231480e9ac57`
VirtualSize	`0x40`
VirtualAddress	`0x1106000`
SizeOfRawData	`0x200`
PointerToRawData	`0x103ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.436447`

_RDATA

MD5	`31add87e8ed016bfc340ac6bb55ed98e`
SHA1	`8ab7a40e28893005962b4acd6b970a471fd34f13`
SHA256	`8f9168b445cce65240ffa9471332ffac83f05226ad3d20d2bccb59f5b41fc2e6`
SHA3	`46c22fd53d412aa489162b7475d3d539267702047888c36b375bad96ba579839`
VirtualSize	`0x540`
VirtualAddress	`0x1107000`
SizeOfRawData	`0x600`
PointerToRawData	`0x103ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.55215`

.rsrc

MD5	`2b8777bec5640feb9c312dbe62f54d86`
SHA1	`ec103b87f2eeb449074b6d9d6ef12ea642c7b38c`
SHA256	`2ccd91053f4a12b72f0c4cd795f40e384cd3411a996479d80f7eda87dfb52188`
SHA3	`a60f1ce7bed58e149635bd4533aa5f7d52625cb0fc7249886c2ce43d236b5ddc`
VirtualSize	`0x8a748`
VirtualAddress	`0x1108000`
SizeOfRawData	`0x8a800`
PointerToRawData	`0x103b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.54134`

.reloc

MD5	`202e9053d2354b78630c64b607444d46`
SHA1	`e7b8103f7dc2ab6843f38fccc543954fb2a001bb`
SHA256	`90721703ba234d58b2ec0540c316c4a06c05d133a9fd86d90ac96eb5ba852da7`
SHA3	`dfa7f35e1cc2884909c22eb07d2d898256879dfa5940d49de635fd68c29619b3`
VirtualSize	`0x91806`
VirtualAddress	`0x1193000`
SizeOfRawData	`0x91a00`
PointerToRawData	`0x10c5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.65391`

Imports

HID.DLL	`HidP_GetCaps` `HidD_GetPreparsedData` `HidD_GetProductString` `HidD_GetManufacturerString` `HidD_GetSerialNumberString` `HidD_GetIndexedString` `HidP_GetButtonCaps` `HidP_MaxDataListLength` `HidD_FreePreparsedData` `HidP_GetData` `HidP_GetValueCaps` `HidD_GetHidGuid`
KERNEL32.dll	`InterlockedIncrement` `InterlockedDecrement` `GetFullPathNameW` `GetCurrentProcessId` `GetCurrentProcess` `GetCurrentThread` `GetWindowsDirectoryW` `FormatMessageA` `SystemTimeToFileTime` `GetLocalTime` `GetTimeZoneInformation` `LocalFree` `GetSystemInfo` `GetModuleFileNameW` `InitializeCriticalSection` `ResetEvent` `GetTickCount` `ReadFile` `SetFilePointerEx` `WriteFile` `SetEndOfFile` `GetFileAttributesExW` `CreateFileW` `SetFileAttributesW` `GetFileAttributesW` `MoveFileExW` `FindClose` `FindNextFileW` `FindFirstFileW` `FindFirstFileExW` `SetFilePointer` `ReplaceFileW` `GetTempFileNameW` `LoadLibraryExW` `CreateEventW` `GlobalUnlock` `GlobalLock` `GlobalAlloc` `RemoveDirectoryW` `SetFileTime` `GetSystemTime` `GetDiskFreeSpaceExA` `lstrcpynA` `lstrcpyA` `lstrcpynW` `GetCommandLineW` `ExpandEnvironmentStringsW` `ResumeThread` `GetThreadContext` `SuspendThread` `OutputDebugStringA` `GetEnvironmentVariableA` `GetFileAttributesA` `GetModuleFileNameA` `GetVersionExA` `GetCurrentDirectoryA` `VerifyVersionInfoW` `VerSetConditionMask` `GetVersionExW` `GetSystemPowerStatus` `GlobalMemoryStatusEx` `GetUserDefaultUILanguage` `GetComputerNameW` `GetTempPathW` `LocalAlloc` `SetUnhandledExceptionFilter` `OpenEventW` `DebugBreak` `GetCurrentDirectoryW` `GetOverlappedResult` `CancelIo` `GetFileSize` `FileTimeToDosDateTime` `FileTimeToLocalFileTime` `lstrlenA` `GetFileTime` `VirtualQuery` `GlobalMemoryStatus` `RaiseException` `DecodePointer` `EncodePointer` `HeapAlloc` `HeapFree` `RtlUnwind` `HeapReAlloc` `HeapQueryInformation` `GetModuleHandleA` `GetCurrentThreadId` `ExitProcess` `SetConsoleCtrlHandler` `ExitThread` `GetCommandLineA` `HeapSetInformation` `GetStartupInfoW` `FileTimeToSystemTime` `GetDriveTypeA` `FindFirstFileExA` `IsProcessorFeaturePresent` `GetStdHandle` `GetLocaleInfoW` `UnhandledExceptionFilter` `TerminateProcess` `HeapCreate` `SetHandleCount` `GetFileType` `GetConsoleCP` `GetConsoleMode` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `FlushFileBuffers` `SetStdHandle` `InterlockedExchange` `GetStringTypeW` `LCMapStringW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetFullPathNameA` `GetFileInformationByHandle` `PeekNamedPipe` `CreateFileA` `WriteConsoleW` `GetUserDefaultLCID` `GetLocaleInfoA` `EnumSystemLocalesA` `IsValidLocale` `CompareStringW` `SetEnvironmentVariableA` `GetDriveTypeW` `GetProcessHeap` `GetProcessAffinityMask` `InterlockedExchangeAdd` `VirtualProtect` `VirtualAlloc` `VirtualFree` `FlushConsoleInputBuffer` `SwitchToThread` `SetThreadAffinityMask` `InitializeSListHead` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `InterlockedFlushSList` `OpenEventA` `SetWaitableTimer` `CreateWaitableTimerA` `GetSystemDirectoryA` `SetConsoleMode` `ReadConsoleInputA` `GetDateFormatA` `GetTimeFormatA` `CreateMutexW` `FlushInstructionCache` `CreateSemaphoreW` `SignalObjectAndWait` `VerifyVersionInfoA` `ExpandEnvironmentStringsA` `GetVersion` `SleepEx` `GetQueuedCompletionStatus` `CreateIoCompletionPort` `SetHandleInformation` `FormatMessageW` `GetSystemTimeAsFileTime` `HeapSize` `InitializeCriticalSectionAndSpinCount` `CreateFileMappingA` `MapViewOfFile` `UnmapViewOfFile` `SetThreadPriority` `CreateThread` `TryEnterCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `DuplicateHandle` `CreateMutexA` `ReleaseMutex` `InterlockedCompareExchange` `GetModuleHandleW` `SetDllDirectoryW` `CreateDirectoryW` `WaitForSingleObject` `WideCharToMultiByte` `LoadLibraryA` `SetEvent` `IsDebuggerPresent` `ReleaseSemaphore` `WaitForSingleObjectEx` `CreateSemaphoreA` `TlsSetValue` `TlsGetValue` `TlsFree` `TlsAlloc` `DeleteFileW` `CopyFileW` `GetStartupInfoA` `LoadLibraryW` `GetProcAddress` `FreeLibrary` `CreateEventA` `CloseHandle` `Sleep` `SetLastError` `GetLastError` `MultiByteToWideChar` `QueryPerformanceFrequency` `QueryPerformanceCounter` `SetErrorMode`
USER32.dll	`SystemParametersInfoW` `GetAsyncKeyState` `ClientToScreen` `RegisterRawInputDevices` `GetMessageTime` `MapVirtualKeyExA` `GetMessagePos` `GetRawInputData` `GetKeyNameTextW` `LoadKeyboardLayoutA` `GetRawInputDeviceInfoW` `GetRawInputDeviceList` `wvsprintfA` `GetWindowLongW` `SetWindowLongW` `PostQuitMessage` `GetMonitorInfoA` `SetFocus` `GetFocus` `ShowCursor` `SetWindowTextW` `GetDlgItem` `IsDlgButtonChecked` `CopyImage` `SetWindowLongA` `KillTimer` `GetMessageA` `PeekMessageA` `SetWindowPos` `SetCursorPos` `RegisterDeviceNotificationW` `GetMessageExtraInfo` `PtInRect` `MessageBoxA` `DispatchMessageA` `UnregisterDeviceNotification` `ReleaseCapture` `DestroyIcon` `DestroyCursor` `ChangeDisplaySettingsA` `SetCursor` `GetSystemMetrics` `GetDC` `ReleaseDC` `CreateIconIndirect` `IsClipboardFormatAvailable` `GetClipboardData` `OpenClipboard` `EmptyClipboard` `CloseClipboard` `SetClipboardData` `GetCursorPos` `WindowFromPoint` `IsWindowVisible` `GetCaretBlinkTime` `MessageBoxW` `UpdateWindow` `GetKeyState` `LoadImageW` `DialogBoxParamA` `EndDialog` `SetForegroundWindow` `ScreenToClient` `CheckDlgButton` `GetAncestor` `CreateDialogParamW` `PeekMessageW` `IsDialogMessageW` `DispatchMessageW` `MsgWaitForMultipleObjects` `SetCapture` `RegisterClassExW` `DialogBoxParamW` `LoadIconA` `SendDlgItemMessageW` `SetDlgItemTextA` `SetDlgItemTextW` `CopyRect` `OffsetRect` `GetDesktopWindow` `AdjustWindowRectEx` `GetWindowPlacement` `ClipCursor` `MonitorFromWindow` `GetWindowRect` `TranslateMessage` `GetProcessWindowStation` `GetUserObjectInformationW` `SendMessageA` `UnregisterClassW` `DestroyWindow` `DefWindowProcW` `RegisterClassW` `CreateWindowExW` `EnumDisplayMonitors` `EnumDisplaySettingsA` `EnumDisplayDevicesA` `GetClientRect` `EnableWindow` `SetTimer` `ShowWindow` `GetParent` `ValidateRect` `CreateDialogParamA` `GetWindowLongA` `GetThreadDesktop` `GetUserObjectInformationA` `EnumWindows` `RegisterWindowMessageA` `SendMessageTimeoutA` `IsIconic` `LoadCursorA` `wsprintfA`
VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueA`
ole32.dll	`PropVariantClear` `CoCreateGuid` `CoTaskMemAlloc` `CoTaskMemFree` `CoCreateInstance` `CoUninitialize` `CoSetProxyBlanket` `StringFromGUID2` `CoInitialize`
SHLWAPI.dll	`PathFileExistsW` `SHDeleteKeyW` `PathCanonicalizeW`
ADVAPI32.dll	`RegCloseKey` `RegisterEventSourceA` `ReportEventA` `DeregisterEventSource` `CryptImportKey` `CryptVerifySignatureA` `CryptDestroyKey` `OpenProcessToken` `GetTokenInformation` `GetSidSubAuthority` `GetUserNameA` `RegOpenKeyExW` `RegCreateKeyW` `RegSetValueExA` `RegQueryValueExA` `RegDeleteValueA` `CryptGetHashParam` `CryptDestroyHash` `CryptHashData` `CryptReleaseContext` `CryptCreateHash` `CryptAcquireContextA` `RegQueryValueExW` `RegSetValueExW` `RegCreateKeyExW`
GDI32.dll	`ChoosePixelFormat` `SwapBuffers` `GetDeviceCaps` `SetPixelFormat` `GetObjectA` `DeleteObject` `CreateBitmap` `CreateDIBSection`
SHELL32.dll	`SHFileOperationW` `SHGetFolderPathW` `ShellExecuteW` `CommandLineToArgvW`
OPENGL32.dll	`wglGetCurrentContext` `wglCreateContext` `wglMakeCurrent` `wglDeleteContext` `wglGetProcAddress` `wglGetCurrentDC`
WINMM.dll	`waveInGetNumDevs` `timeGetTime` `timeEndPeriod` `waveOutGetNumDevs` `waveOutGetDevCapsA` `waveOutGetDevCapsW` `waveOutClose` `waveOutOpen` `waveOutUnprepareHeader` `waveOutWrite` `waveOutReset` `waveOutGetPosition` `waveInAddBuffer` `waveInPrepareHeader` `waveInUnprepareHeader` `waveInGetDevCapsA` `waveInGetDevCapsW` `waveInStart` `waveInOpen` `waveInClose` `waveInReset` `waveOutPrepareHeader` `timeBeginPeriod`
WS2_32.dll	`WSAEnumNetworkEvents` `WSAResetEvent` `WSAWaitForMultipleEvents` `WSACloseEvent` `WSAEventSelect` `WSACreateEvent` `WSASetEvent` `WSACancelAsyncRequest` `WSAAsyncGetHostByName` `WSACleanup` `ntohl` `htonl` `ntohs` `htons` `getpeername` `getprotobyname` `recv` `gethostbyname` `shutdown` `listen` `accept` `WSARecvFrom` `WSAIoctl` `getnameinfo` `getaddrinfo` `recvfrom` `sendto` `send` `gethostname` `socket` `connect` `bind` `inet_addr` `WSAStartup` `select` `__WSAFDIsSet` `inet_ntoa` `getsockname` `freeaddrinfo` `WSASocketA` `WSASetLastError` `WSAGetLastError` `setsockopt` `ioctlsocket` `getsockopt` `closesocket`
OLEAUT32.dll	`VariantClear` `SysAllocString` `SysFreeString` `VariantChangeType` `VariantInit`
IMM32.dll	`ImmReleaseContext` `ImmSetOpenStatus` `ImmGetConversionStatus` `ImmGetCompositionStringW` `ImmAssociateContextEx` `ImmAssociateContext` `ImmGetContext` `ImmSetCompositionStringW`
DNSAPI.dll	`DnsQuery_A` `DnsFree`
IPHLPAPI.DLL	`GetIpAddrTable`
WINHTTP.dll	`WinHttpGetIEProxyConfigForCurrentUser`
MFPlat.DLL (delay-loaded)	`MFGetStrideForBitmapInfoHeader` `MFStartup` `MFCreateAsyncResult` `MFCreateMediaType` `MFCreateSourceResolver` `MFCreateAttributes`

Delayed Imports

Attributes	`0x1`
Name	`MFPlat.DLL`
ModuleHandle	`0x10b6fb0`
DelayImportAddressTable	`0x103a260`
DelayImportNameTable	`0xff645c`
BoundDelayImportTable	`0xff6550`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0xffa538`

NvOptimusEnablement

Ordinal	`2`
Address	`0xffa534`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.53515`
MD5	`86cbf444d0f51064884bb911b313c7cc`
SHA1	`494c41e9a81e450b1caed354b6d1140d6e2c1ca3`
SHA256	`81b782598f8e40b971b71b7e4ba8d8723b933970fcadee76a6cde62a174b7288`
SHA3	`69fe507d29c1e4d75adb2f4a0e0376f034e336a29ea7d9b695ee0caa9ce3eb0e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.41463`
MD5	`d404433baa3957e3a374dcdbc55e1c00`
SHA1	`72eaa5218795b57af0dc23c4edd4f9daa8608845`
SHA256	`e404b29bf96790b7dcf9c4bbb5d57f59ed34c8cfcc55ec40c95dcc8606c9fcfe`
SHA3	`bd277f65efff80e1cf899a6d00de909ec25082c34b24066ebb973c02e64afd79`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.26051`
MD5	`b90590848187099acc53a1919de0e324`
SHA1	`f9b3564d7546919033350e60aff95594480b2667`
SHA256	`81700a9beef9a5847767f99f6e0bd484b69d590bb51643920e70595bf9ed7e1a`
SHA3	`ec607eb21e42c1b1ba076498b55ecb0bc318f2a382bd3488b0665871a4d99328`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99643`
MD5	`3dfb16f9a2a89296777f2f70764ec4c8`
SHA1	`df9e6535828c9c5f4527ece14f9355d96d8f918e`
SHA256	`4c023daa55874af1e593512cf3381f9dba1bbd38f11f94497c627b2671757daa`
SHA3	`9ad5a91163b7842198dc8237c09a65452185f1a2772f7dc8596921b5c1323693`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.82857`
MD5	`defbcbcb86d118ea5df03d24b99b4862`
SHA1	`db0047391d3f8213b0d818ee5b3f8a6bae722b9a`
SHA256	`9d1c456ed1f2c1c8ff246f95a76abe525f25e6b58b4b73e421eef07629ff30da`
SHA3	`17fd70779e29f2591bc37c5a8457c131e7b918b7df360b34d3c88d3867f41a2d`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.6423`
MD5	`dcf03744786c17498666f1ae2c9d9e07`
SHA1	`7e43e6d30c9c6281f3500eb0ae3fde498314185d`
SHA256	`ea90a362a078eb471c7a3874e600794b9368f50172741ea42cd713d19c1dd235`
SHA3	`f1adc3139546c961402fb455aedd38fdb93d5539c70bcd49e2969ea4b5918842`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.56913`
MD5	`20114a013ca136c46af1c0a24a765cb2`
SHA1	`2ed81cdbd64170dca0f21660d680a037046e7f48`
SHA256	`15eb0963dff09b655909e506987196b30271381363d8267e4c98bad577bc1471`
SHA3	`17684d148a04433f79644a8a16af79482c3aa6a71a4907ee63ae637fb3607ec8`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.48719`
MD5	`d4d6ae081cb309386d6281667000f8f3`
SHA1	`f2e15a28cb6ca91b39102ce33a787512c86578e5`
SHA256	`ef168a887964ff959e3d3107d8589068983fef3b720ab50cf3f9cc55296b4d32`
SHA3	`b984a7b7182542a321dbd6e4112f693a5bf1968f9d47140e300caff20d9022f2`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40098`
MD5	`de0d9d9926096b8c38414b1ef9b47652`
SHA1	`519b54e7eaac9ecba9897f65641b982ed5434b03`
SHA256	`ee0f69ee420b36cfd103930b12e32bb3eaefa4fd24e73954febec5a0cc194d7a`
SHA3	`3ce2a31e4c657b1c44814f22fe89b16cab120e111f36e1fdfe424433ff0cd91d`

9 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x124`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99471`
MD5	`b62b6b1e4cd3054ab1b07b033356d108`
SHA1	`c0170ce1c06de46e62508e1d774d64e952cd111a`
SHA256	`6a3c71d7f89e83280ff2aa75c76d49c3239060f8ee53cfc2692e05c4fc9c7eab`
SHA3	`9e885ae1d0f740d603c9ef2ca1a92c8a61ddb587a0f50bee653496e0ac8fe4f6`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98084`
MD5	`2165d3c35627dfb0f24dfa8839b650c1`
SHA1	`5168d394292dd31902f3f8112b22cd604529f378`
SHA256	`7aa854f2b6bf3241c666d0b851ecaea27082934a4b2fa43db752591dfcf9434e`
SHA3	`395d76a75afaab97318d9ea2f3785b5ade74331f689f98e69f22f301be84d67a`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19606`
MD5	`e71ed01bef9a6e44b5a60f28e2d14320`
SHA1	`28a0948d37b93bfd392044a4338968bd3f4de535`
SHA256	`af380b7f1f6bedba49ef3833569a36314f9834b759bfbdc7f5474d65081186c6`
SHA3	`a275daef8cf31a8e4d53a63b80b73137c0c41a126920ed0b63416f8643332d35`

108

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xdc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23439`
MD5	`89647fd8d7ee80b9e9e46db2a1053a29`
SHA1	`10dd88f00a8f56cce48908628abe1215235f624a`
SHA256	`692985cf029eb28098357336ea128b16211fb8fb8ab3e8f90949a952a2514f65`
SHA3	`01c77f889f7bb48a0744fe4f076df03cf74591df831c9d043237c2a7a7426f3e`

109

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09377`
MD5	`839f2e562a1f062fd873414ab28cf1d2`
SHA1	`ed961a5852bd1ac5b55fa8fd70fa8213754abc57`
SHA256	`296b7d861a9ee473d4e8a62f9d7adb025d1fbe8e61206870f426e5c870a98936`
SHA3	`6a4b1fab7319e07585d923be21a3d852ecc1988286973bf8440e25f2a35a3cd0`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37937`
MD5	`71ac7d86a353ebfc418d1b284b2f3f97`
SHA1	`0954a1523cb8e793dd4983241eecdf76a5fa66e5`
SHA256	`f648d32fdea3dd4ad741384f1d1a65a41a93c6524d3fa7903188c69495bc087e`
SHA3	`fddda5a11c76cd67ae70a66766fd7bbbfc61b93c9e14eb815c0668a8054506f7`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x655`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37545`
MD5	`e64f0e3051453730fcd59e3487fff82c`
SHA1	`881f9506d98c7244ee2e6cc48de59fb5fe9394a0`
SHA256	`cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2`
SHA3	`e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.6.3.37608
ProductVersion	5.6.3.37608
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	5.6.3.10261224
ProductVersion (#2)	5.6.3.10261224
Unity Version	5.6.3p1_9c92e827232b

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Aug-16 17:45:37
Version	`0.0`
SizeofData	`137`
AddressOfRawData	`0xfdac3c`
PointerToRawData	`0xfd9a3c`
Referenced File	C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win32_nondevelopment_mono\player_win_x86.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x649597fd`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`34`
C++ objects (VS2008 SP1 build 30729)	`1`
C objects (VS2012 build 50727 / VS2005 build 50727)	`1`
C objects (VS2008 SP1 build 30729)	`36`
C++ objects (VS2010 build 30319)	`8`
Imports (VS2003 (.NET) build 4035)	`3`
Total imports	`534`
152 (20115)	`6`
ASM objects (VS2010 SP1 build 40219)	`73`
Unmarked objects (#2)	`195`
C objects (VS2010 SP1 build 40219)	`1043`
C++ objects (VS2010 SP1 build 40219)	`1204`
Exports (VS2010 SP1 build 40219)	`1`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

Leave a comment

No comments yet.