Manalyze report for 9fee9d072ab5eb03baad8fa52deaa2e67e3105d1c2b00a33f3db73f7d16e34b4

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Sep-16 18:58:59
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_Master_il2cpp_x64.pdb
FileVersion	`2020.3.19.6877495`
ProductVersion	`2020.3.19.6877495`
Unity Version	2020.3.19f1_68f137dc9bbe

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.3959% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2025-10-13 03:41:26)	`All the AVs think this file is safe.`

Hashes

MD5	`d7699c12381ab6ead479325c0eb20edf`
SHA1	`6fef7b26794ee2e98d44e4b8b78e188e22d01f52`
SHA256	`9fee9d072ab5eb03baad8fa52deaa2e67e3105d1c2b00a33f3db73f7d16e34b4`
SHA3	`544826aa3e6b224cf4f7a2f647252ad0c00d3af4c13bee6d341c3ec5ddde08ea`
SSDeep	`12288:W4eCkPDgnoORe930A0xII3eJUxLnRpDzqIVvrsEx6RQRl+xCQ07p:xy+LelR0xI4F1RpHqarsEx6+Rlmx01`
Imports Hash	`5f74a5c747508e2822fdb9b687deaf42`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2021-Sep-16 18:58:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa200`
SizeOfInitializedData	`0x96600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa5000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`dc34d9506ae9e3616b5265da7e35b1f6`
SHA1	`dce8f4d17ddc08b8460b046a362a27430cbe2e75`
SHA256	`e80b2c4dfacb7fab649683f679231937cf85d5498d6d4b5d3a3e61149f064124`
SHA3	`08b3146b697934b2f68c0ed66868b3c96973ed20c4a70245a96b304f456d0106`
VirtualSize	`0xa120`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39574`

.rdata

MD5	`53aab4e287f86d8261f17bbba629f06e`
SHA1	`7332d588248e81a59f8e9f19b236c17d01516543`
SHA256	`6eb34c6b1cf199d57e1a86e22210d9fe9613a5c66bca4c6fb54768851e8e3328`
SHA3	`a01d0b15450e2c62afadd2f5fd302c3b53a0fcdcb081e0d22f8766aa8a007014`
VirtualSize	`0x8c6e`
VirtualAddress	`0xc000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65198`

.data

MD5	`a9e79420695e9bc679ca784c3876e94f`
SHA1	`85d68049c56be1369a584c2cef1f26bece917c8f`
SHA256	`a64f2a1dd771a4ddc2a8b9ebecec8d75683a19da0fcb7c92b1ca380ca540a055`
SHA3	`902fec18ac997b92fb99b25384f1c089fc9ae1ab1d849e846fff2b3a4d2bd9fa`
VirtualSize	`0x1cd8`
VirtualAddress	`0x15000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.67624`

.pdata

MD5	`789f36f907239c1ceca2f8ec3f79fcb5`
SHA1	`11b2d5522be4b2558a7e492c53b4d86184702c90`
SHA256	`5e2c8dede33e201308d3fabb30b57b487ba34d524537e56449f854c9d6e560e4`
SHA3	`0b06f78c7fe1c1611e2e7abfd4a78a87cf82474f2ac5b4a8daa9c07fbbf85778`
VirtualSize	`0xc48`
VirtualAddress	`0x17000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.36097`

_RDATA

MD5	`1960efd573f3d23522c840210d59fb7e`
SHA1	`47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2`
SHA256	`ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4`
SHA3	`225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4`
VirtualSize	`0x94`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.08512`

.rsrc

MD5	`6736c908023a74225c6925a92cf67fbd`
SHA1	`b48b0906b13231739c9da61d257a04c2f2f890e3`
SHA256	`166ae42ee67f4248daeeab6d53608f011952a8e5a4c69a2b63bd5945fb3eb04d`
SHA3	`6cc8a0a3cb3a64d81b9d688741b15c5fc2de63fc795bd470952ca5cc004b0f0a`
VirtualSize	`0x8a148`
VirtualAddress	`0x19000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.5369`

.reloc

MD5	`a9c3cf69888151777a2a472fa85313df`
SHA1	`a5410c074ce059a802887d8ef48a198d601aa9e3`
SHA256	`02d5b365a568a1cfd46be8549a8fee9793a57a8d69c3544d8232330a87a3d7ad`
SHA3	`874351b3eea840f9c0337e4533e9a1b535fab5c0ccdeba911f149a1902c60a44`
VirtualSize	`0x634`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.78467`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x15004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x15000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.51096`
MD5	`b81ebb568bc8463573b23af874446c54`
SHA1	`c068e8997481b1031589f35f68d4acb12d1165be`
SHA256	`18e841e66aabaa8f1460529f1d5a69798ee650a93c6e265fd6386ee1911fab71`
SHA3	`a42a54a77590a433b71f27906c552a1438054d5446c10310cae0244cc01687d6`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.53166`
MD5	`e593a126f732bedfd677d56d1b617b70`
SHA1	`a41e05ffc29cec7cd6a39cf3aa3e51780c52da35`
SHA256	`e4a0eca552ecf3da21958594fa17660bd74c4bc0fefbc6c402f0f7045b015670`
SHA3	`77f6d48c763165b184b5d04c952853885c94cf4b8d539e77c7e6f748014dc217`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.54578`
MD5	`8b2b7bdb456400e94881a9af2d66d63b`
SHA1	`758f2951ebbc641bbce5eb50a73e5f0f01135fca`
SHA256	`1ce5241244bef99e04bb4e34f21d1264f10a78ff86cac387d81f4446024cdfb7`
SHA3	`8d2ac2fe282576084bbf040374a87d7463b1823d67bd0a65fab61f7d799a4557`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.56153`
MD5	`f3b6ef02094f50cc3386e007bfc1cdbd`
SHA1	`3d5b84d8c3606df71270dd5b656d0b215f7cac04`
SHA256	`1f6de4cd73aa3a113eb7ab1fc852334787999a017aa4960ce200a53c52b29100`
SHA3	`298fea9efdc7235f21c0da5ddd9323e1652edf097711a365842b1747b714bc24`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.56132`
MD5	`c35df7cde40aa99485f1a9ded1de9a81`
SHA1	`948190b8ad035088ad126277712676bf88044745`
SHA256	`c2a786103fed6c1251988c285b8c01be8729933fbcf0a7f1b500e932788d6aec`
SHA3	`10bcdbfbd6d64387fc0d6f8ffcb02ae466c876cafd3e3081bbc0589aa163ee28`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.51859`
MD5	`ac90ad8c06db120c0827bed47a43540c`
SHA1	`ecb90a9878c4aeaf41e636f822a978cfc1c2f01d`
SHA256	`b5be82ecc5667c01daf10021b9e8bd6f3731278ee0e2b70eb9751903abcf0f07`
SHA3	`e67dbf8aafd02ecd55b34fa4feee2affed38ceaddbf2be21a1aaf41a10df6825`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.55246`
MD5	`fd3ca6601e389040baf8b4cb265503e9`
SHA1	`bd0d2b642f1285ff19b96015373a9d96a8f58273`
SHA256	`1c6a2628378bd05dfcb96111860953de7f742935f35f28627098953cd8f128c0`
SHA3	`6f48cd75660f03d1a1653392c9c51818c99b1654441ff2a349f3c930f90a7ebd`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.45601`
MD5	`b525f89ff48a7e7c51cf6249af48d79f`
SHA1	`45913f8769ada722be3eb68257d5b1674965370a`
SHA256	`5cab1a466f4df7ae6e6b973008901dfc193c5aacb6cac52bfd8c7e3cbf5b1667`
SHA3	`3b8eec3b5f33033404e9d164495cba3b5a702d135cf0af65a3b3684e05ba2c6b`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.2283`
MD5	`5ef5af15ab5ce049443fefcae9a97f7c`
SHA1	`e51d5f5d78954001331618fad9023ea4eac1f62a`
SHA256	`203386afeecbe6b5c78693d54c5a9e00bcdd4a8a68cd1bebe4bfe7809084c608`
SHA3	`0f3ae094cfb7dbd30e00292746416f2e10420d1593eb4c9648fa7f5623543780`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44659`
MD5	`e177ee3abd26add570d31c2f66f2b6b8`
SHA1	`7f20c0dd1e49135b2f11c2dea8356b637c61c224`
SHA256	`d019a1a8361502c486f4bebe5b073284530db14e37be1039f9931ba5b5183365`
SHA3	`ce5a96212c5070519a895f3c03d55780dbb47fc3e5152e172bd9f901c2b56541`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2020.3.19.61751
ProductVersion	2020.3.19.61751
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2020.3.19.6877495
ProductVersion (#2)	2020.3.19.6877495
Unity Version	2020.3.19f1_68f137dc9bbe

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Sep-16 18:58:59
Version	`0.0`
SizeofData	`134`
AddressOfRawData	`0x13730`
PointerToRawData	`0x11d30`
Referenced File	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Sep-16 18:58:59
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x137b8`
PointerToRawData	`0x11db8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Sep-16 18:58:59
Version	`0.0`
SizeofData	`712`
AddressOfRawData	`0x137cc`
PointerToRawData	`0x11dcc`

TLS Callbacks

Load Configuration

Size	`0x130`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015030`

RICH Header

XOR Key	`0x69197163`
Unmarked objects	`0`
C objects (VS2017 v14.15 compiler 26715)	`10`
ASM objects (VS2017 v14.15 compiler 26715)	`5`
C++ objects (VS2017 v14.15 compiler 26715)	`136`
Imports (VS2017 v14.15 compiler 26715)	`2`
C++ objects (VS 2015/2017/2019 runtime 28427)	`37`
C objects (VS 2015/2017/2019 runtime 28427)	`16`
ASM objects (VS 2015/2017/2019 runtime 28427)	`8`
Imports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`3`
Total imports	`85`
C++ objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`2`
Exports (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Resource objects (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`
Linker (VS2019 Update 5 (16.5.4-5) compiler 28614)	`1`

Errors

Leave a comment

No comments yet.