Manalyze report for 97a87a8d367af111ba245508f86e83ec

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Aug-23 05:13:25
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb
FileVersion	`2021.3.30.11810317`
LegalCopyright	(c) 2005-2023 Unity Technologies. All rights reserved.
ProductVersion	`2021.3.30f1 (b4360d7cdac4)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.4087% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2025-03-01 19:09:19)	`All the AVs think this file is safe.`

Hashes

MD5	`97a87a8d367af111ba245508f86e83ec`
SHA1	`0be2069edeb10c9c2050326391d70cc760ce3dca`
SHA256	`e8a9ca9899a050db67348923b472b67929c0bd6970a91cd696c6b7e242a8e713`
SHA3	`29e6f90161019f618f66c44c2f802f1f8dc6b319fc0361d70200e7eec94bee72`
SSDeep	`12288:joCCEKr82FXBg9bkYUVtuNDN2m/MMOECj1MUIMBRlBo:MsKw2Fskhcp2gMX55MUXO`
Imports Hash	`5f74a5c747508e2822fdb9b687deaf42`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2023-Aug-23 05:13:25
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa200`
SizeOfInitializedData	`0x96600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa5000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4190b7be9f5f4eb52c040a688e61a250`
SHA1	`ee3a1c75987c1b0e5e4ed015cbe0c92530bdad11`
SHA256	`7d92c29b88ce9a3c69a11f70fbc73e302f5d8d66766589406274d31e97ed920b`
SHA3	`0e04178fbb1a5d03ab267f800a38d342bb9f4a2bb6441604af8a9b52ecb4c4c6`
VirtualSize	`0xa140`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39724`

.rdata

MD5	`adda8815635c0c178deadc543e6b5ab6`
SHA1	`d6d366a70eede4a7e38a1bb7377d2452615e3dba`
SHA256	`115c11a581c433140a60ef776c3ea46212a31f4d2468f19636ce63f76e4cbffe`
SHA3	`16f60324b44f7a8ecbedfe6c8ff7597b29d19036069d5015b851c09f6fba364b`
VirtualSize	`0x8cce`
VirtualAddress	`0xc000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.6529`

.data

MD5	`2e9924c581c86e57e2e2b0ac87e1aa45`
SHA1	`a1a176fc5c54e8c996a328e810c15c16cdb5b73d`
SHA256	`90b0d83be28bc06320f7b2ce10f056ecd17badc2e84e2b1533c0454096a1e5a0`
SHA3	`8c3bb6dfd1204e833639461f26a41ad45e7fa68dcdc97aa4908992d272dc2237`
VirtualSize	`0x1ce8`
VirtualAddress	`0x15000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.6801`

.pdata

MD5	`2717431295e555cdae3fb602e2bd957e`
SHA1	`408d09336a1192e50edb78d3e7795fbc547ac381`
SHA256	`d927fd3b2aebd7b714861d2fede4d4929f356363e518385fd3c95e3262524631`
SHA3	`bbf9f4f071095b27e2349d9a28e1c01b5066c00143b8c5f7a393d2267f8178a5`
VirtualSize	`0xc54`
VirtualAddress	`0x17000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.34687`

_RDATA

MD5	`1960efd573f3d23522c840210d59fb7e`
SHA1	`47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2`
SHA256	`ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4`
SHA3	`225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4`
VirtualSize	`0x94`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.08512`

.rsrc

MD5	`0a5fb8823487e5922449ab5d6f962b03`
SHA1	`ff69adc4674bed41559f4606693c73c4998e1332`
SHA256	`385e8115ff1ff4eb2aca7d6193d222b94c9ac58632b2bf36a9e1a4462a3b7f64`
SHA3	`655af7fb19811d2346c309a2fda84f3bb60b49e2a28150122208e54f61edd852`
VirtualSize	`0x8a1a0`
VirtualAddress	`0x19000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.38176`

.reloc

MD5	`687aa942cda2e64adc67a829f1587240`
SHA1	`26058e365b4fef9cae39c529017700cd0ccfedb7`
SHA256	`e5b51406ab27a5065a374454ac72e242a50072d670957430f820af90f479b506`
SHA3	`8a51aae6ca0ea13d9513cba0336e2446957914c5ba6561a337c3afdf42f3c689`
VirtualSize	`0x638`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.79086`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x15004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x15000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.37518`
MD5	`01556c54f2deab2082203646827bef31`
SHA1	`eca59e33162714ea2d35b5c639438ac997927aec`
SHA256	`3a930f9cbf87b3f4b0194ba594713834a91c1d6904814e80cc4f4616fdddfb51`
SHA3	`4e86837daf9d06c34e1dcb688b30036c731656a34b83d7af5ceff9d2c5f6f4a4`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.37429`
MD5	`b89b86cd57dec31729bd691e8f5241a7`
SHA1	`aff2ce7a9ad559c0d710447d0bba570ba2edb6d9`
SHA256	`ab455e5b42c7bc8479295f13927be4659dc912e5265a2f8f0e12128fc8f1f64e`
SHA3	`a0a27ab33a6b8ceb47162025dd8997b7bff54b5eee629902b0b101a6ea3e9581`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.37345`
MD5	`c37acc42ca127cc6b9f6b8edb02352f7`
SHA1	`bd4c8d449cf4edd22a13dfa22ddc9543367ae511`
SHA256	`3baababcfb6edbb9fcf8ab97dc0f22abe578d22baff2d483d628b02848f56fc8`
SHA3	`69b53e04b9918b4802be27716484ff3c2622e52d6f6c7f8071ef73b8335e51d0`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.37133`
MD5	`154e438995c8997f8a32335c47a7b892`
SHA1	`f5ac8339b5f6af4df3e1fd94b4e186d8ac732c09`
SHA256	`27a449d6e40094396b3e1d78a7b4046a82f02a6f8ed653b06baa8ba696407a57`
SHA3	`7adcf4f3464fa21a536591b69f4edf8a0301d4f42450af128f277c5bc0bf90eb`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.36223`
MD5	`9814bb522da8b43f9be4475e1e65ca65`
SHA1	`846de6da11a66839607fad98661e757bd7209cfc`
SHA256	`ed5bc1f6ed54e64bd4d6b0ddf0678d9c74dbb628eea5fd3fe0a22d41325b5c68`
SHA3	`71174f01727068cd50e9639d3d3b767abd3907acf4e62466686c10062acfcc53`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.3184`
MD5	`48535b4f21598dd729df01096bd629ef`
SHA1	`d487ce0e19522a7ac7dd6765f6afa01c589ae0f3`
SHA256	`23eb510af510afc6ed7a7956c7f49d97b833ce13e40f7417d3fbc8324e18d3ff`
SHA3	`273aaf19b584693a7335941306df8a37ad4e9869bef4c6d5eacf5e1578a73635`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.33434`
MD5	`cca228c1eaece8f8a021e048c825b2f7`
SHA1	`f09404e71dcd486c9713babb27ee1fedb2024732`
SHA256	`7cd79902f6dde4a5fba4904ab39655d4c807e1d3aa1f36ec3983c3eee8820bfe`
SHA3	`f954061d82a1cd346ba1568ac40719eccfe202bf96a5998d9e89255ce0d07086`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24389`
MD5	`ed4b9e94359c8a073b267ec97c010689`
SHA1	`1e974496ee240ff36adf459123e2bdd2ee990ef9`
SHA256	`439b08aed8f4c6009b6810210a8535005e976506048f998821a86ef20649bda1`
SHA3	`10b13491408a6c13e9083ab340dbd4f62b715cddca84c2a74402ebcff87dd4be`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.01862`
MD5	`0296837d0363c8fa4252e83ab4d4643b`
SHA1	`e97ae4071bb35d80d9498243a012d2a768cb3eb9`
SHA256	`6311ce7f85d2722af2919f32317b79bb67fd392c3a992700810b1b6cdf41a983`
SHA3	`49dadbb4d0e240dba1f6e49cea74265bb45c2c6448c50fc1702dc45b5d61d930`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x214`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54264`
MD5	`eb7f181f8345bcd08216a264d13adc94`
SHA1	`732019a2681de2b584c3de13b963aea2b502a78d`
SHA256	`00a52638f04d5fb287ba4f714045fb88993bb9cfcce854a3d23cfec9a0236cb1`
SHA3	`77ec149ee92ff84f38699db5cd587b9379a9aafbb7be2b372a154784307f63e1`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2021.3.30.13837
ProductVersion	2021.3.30.13837
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2021.3.30.11810317
LegalCopyright	(c) 2005-2023 Unity Technologies. All rights reserved.
ProductVersion (#2)	2021.3.30f1 (b4360d7cdac4)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Aug-23 05:13:25
Version	`0.0`
SizeofData	`141`
AddressOfRawData	`0x13780`
PointerToRawData	`0x11d80`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Aug-23 05:13:25
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x13810`
PointerToRawData	`0x11e10`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Aug-23 05:13:25
Version	`0.0`
SizeofData	`712`
AddressOfRawData	`0x13824`
PointerToRawData	`0x11e24`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015030`

RICH Header

XOR Key	`0x735735a6`
Unmarked objects	`0`
C objects (VS2017 v14.15 compiler 26715)	`10`
ASM objects (VS2017 v14.15 compiler 26715)	`5`
C++ objects (VS2017 v14.15 compiler 26715)	`136`
Imports (VS2017 v14.15 compiler 26715)	`2`
C++ objects (VS 2015/2017/2019 runtime 29118)	`37`
C objects (VS 2015/2017/2019 runtime 29118)	`16`
ASM objects (VS 2015/2017/2019 runtime 29118)	`9`
Imports (VS2019 Update 8 (16.8.0-1) compiler 29333)	`3`
Total imports	`85`
C++ objects (VS2019 Update 8 (16.8.0-1) compiler 29333)	`3`
Exports (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`
Resource objects (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`
Linker (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`

97a87a8d367af111ba245508f86e83ec

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors