Manalyze report for a7e983677cbfc4b93165bed3e48ffb80ba7a956e70a8385b8224a9acbea20d82

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Dec-20 09:08:36
Detected languages	English - United States
FileVersion	`2022.3.17.5228416`
LegalCopyright	(c) 2005-2023 Unity Technologies. All rights reserved.
ProductVersion	`2022.3.17f1 (4fc78088f837)`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: crl.symauth.com http://pki-crl.symauth.com http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07 http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0 http://pki-ocsp.symauth.com0 pki-crl.symauth.com symauth.com`
Suspicious	The PE is possibly packed.	`Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey` `Possibly launches other programs: ShellExecuteA`
Info	The PE is digitally signed.	`Signer: Eisys Inc` `Issuer: GlobalSign GCC R45 CodeSigning CA 2020`
Malicious	VirusTotal score: 3/72 (Scanned on 2026-03-14 18:40:02)	`AhnLab-V3: Malware/Win.Generic.C5624675` `Cylance: Unsafe` `McAfeeD: ti!A7E983677CBF`

Hashes

MD5	`ba9a2c30ce1f01e693cf53dcc95a3ba5`
SHA1	`9258aa259c518e54fb97cd98ad8a763c6e56942b`
SHA256	`a7e983677cbfc4b93165bed3e48ffb80ba7a956e70a8385b8224a9acbea20d82`
SHA3	`b780012025105dcd63c440f178fed79ac0ebe1838652afa2ff6b893d10982417`
SSDeep	`98304:vvfck58cxIy10TVfiN91v8eCurnGXylXp0YW+wZTMTk6HR7Vv:V8c+dKND8eX6X2GzTOzv`
Imports Hash	`4bec1f56b28ab6a6614f6734e69744ca`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2023-Dec-20 09:08:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xca00`
SizeOfInitializedData	`0x97000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000113BFD0 (Section: )`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1142000`
SizeOfHeaders	`0x400`
Checksum	`0x425693`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x200000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

Section_1

MD5	`453313f403e3b4a152f580fb72ab31d6`
SHA1	`491a4a58943c4aaccbfff7d834c7f51b66e63c5c`
SHA256	`d0bbe0d83d41a25252cc03e905d1f47dbcbe9159e8ae8670f4cc9fc06c5b6e4b`
SHA3	`375105acd4f9666f2aca4d94724e02e22147495a0592c866bfa7c3a1abe667dc`
VirtualSize	`0xd000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.96899`

Section_2

MD5	`f73718cd1f5203a83c1fe4ebf6b650ee`
SHA1	`af9c319f50ccc4dbf1c6a967c061aa4e9bd20803`
SHA256	`45d91d64798cdfc80bfb632766e1d6bd5fe5b81c2152beef85b372330e289c23`
SHA3	`a5486b08a619623b7e1267a52aa24d636953a8c75584e94db03b8b9315ba3168`
VirtualSize	`0xa000`
VirtualAddress	`0xe000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.98671`

Section_3

MD5	`ef5a453a43e2ce829d44e32ec5199864`
SHA1	`b73f52a362317e3b2bec38d8e7458d592896f4c4`
SHA256	`d098dca7ce161e8a30912160d5ad510a6554d976d2a8a71a725808da5c072b67`
SHA3	`d951f00137840b1673dc74a0cf8e1baea831993cb8f3ac2f1851f66e8051d87a`
VirtualSize	`0x2000`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.69009`

Section_4

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x1a000`
SizeOfRawData	`0`
PointerToRawData	`0xb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

Section_5

MD5	`e46b23c27d7a84c82f051cf91d6de819`
SHA1	`78dc20884e0aa1fdac918f18c70dde345ae280a6`
SHA256	`9811f6e2cdbb6aa08f1455be126613e62959d344571a1b7ccfae0d2e1cb9b61f`
SHA3	`0e658ca736e2e84c027c3b71dfaefc6d9017ba6f3220c83786e5d9718f894b00`
VirtualSize	`0x1000`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.60454`

Section_6

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8b000`
VirtualAddress	`0x1c000`
SizeOfRawData	`0`
PointerToRawData	`0xb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

Section_7

MD5	`cc76b0d51a34d81fae44ff79bf5ce4cd`
SHA1	`d92b405b1940c3576b3186a1fa8734f93547670a`
SHA256	`79d8ce1d416996935b2b3731ebe3de8223fc167c809e035b03b275b90e2020d9`
SHA3	`0495b9cada96d86793abe2519b879824b2a0f79777e5be24afa54af2377047be`
VirtualSize	`0x1000`
VirtualAddress	`0xa7000`
SizeOfRawData	`0x600`
PointerToRawData	`0xb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.08647`

.rsrc

MD5	`7ff3e8c579a4059db142205118273146`
SHA1	`b80bf4b7271d4f01c702e3fd1c341caac81faa32`
SHA256	`7ba2f90c1fac3db6ff9a003b37d77daf7943933478c325d7eb61129771f327e6`
SHA3	`4745b7ffdd5ff70af8501de701aef33db60cb3ce4f33dc278316964ed2b7a872`
VirtualSize	`0x8b000`
VirtualAddress	`0xa8000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0xbe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.89997`

Section_9

MD5	`ee46abd7a822ac7b1a5bff368adae610`
SHA1	`5db2b66b4dae5754e3156fd9a7b8fdff95f26dd4`
SHA256	`8ecf2b08edd54c6f550648c289df4855492b97e734491e04b1342818a9066525`
SHA3	`4f910a12f03dbc5b557a11fcdb1d617726482852e748189978f755af2563b8fb`
VirtualSize	`0xcff000`
VirtualAddress	`0x133000`
SizeOfRawData	`0x71200`
PointerToRawData	`0x96000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.84931`

Section_10

MD5	`27a85bd31f58618871a2e9fb437ad6fc`
SHA1	`f9aded5a8b0cd6afec4f8b3e29cafee467eba3d5`
SHA256	`b155b84e44d5eaade8198f492728a36ac93b610f20e55f99ef28e27cb2a6acd5`
SHA3	`5ffdbc002d94c20d62ad102e70364a11995324e7a01ad2b50be9f6720dca45e6`
VirtualSize	`0x310000`
VirtualAddress	`0xe32000`
SizeOfRawData	`0x30fa00`
PointerToRawData	`0x107200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.96802`

Imports

kernel32.dll	`GetModuleHandleA` `GetProcAddress` `ExitProcess` `LoadLibraryA`
user32.dll	`MessageBoxA`
advapi32.dll	`RegCloseKey`
oleaut32.dll	`SysFreeString`
gdi32.dll	`CreateFontA`
shell32.dll	`ShellExecuteA`
version.dll	`GetFileVersionInfoA`
ole32.dll	`OleInitialize`
UnityPlayer.dll	`UnityMain`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x18004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x18000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.60311`
MD5	`a8790b33c96956b65f550626ca189164`
SHA1	`caa366452a3e57ffec5d56e5c7fae74abd451e4c`
SHA256	`fa3e2b67aa24929677711783d41c146f1550ecb7b584bf2196b7ce0a7298c37c`
SHA3	`4d96f37271551c7efdd5bc0d52c9be78e66979bacd1a34db0c728da3a5d7d5a2`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.96079`
MD5	`41835423699b404f040587e71ad19692`
SHA1	`ea6524b678fc30cefd140010a4c4c797062c63df`
SHA256	`647642f7157ff9b804396a893121449f455d6949398f230a84f62f6c177a9f64`
SHA3	`6aac5282e220e228309d4fe4df941f39626d5151d0b47c8583b5851aeaf0dffa`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.0195`
MD5	`15605e962651f5ea9c1bb3d39cd118cf`
SHA1	`6c2bc64fdd8bafe48ac5945f02346667dd3e08ed`
SHA256	`93833f89248a722aa9eb590ff6c3e76847fb7513581624b2158f192125865a51`
SHA3	`4baba6c55f57ea9d2fa5e3b2fb711eaccf5f334cedde8066544a54e5eee021a1`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.05109`
MD5	`038c240ed5a34fd91a4fd17188535521`
SHA1	`31481e72a7337079db7a0df62347da24798b585f`
SHA256	`ff5444c31f9632e308171317d324b2c90376b24506ff4b3399f61cd3e61e4071`
SHA3	`a88b684a725893c50e0f834bf152922b6b64ad2c79d0538272158f55a8b09bf6`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.08856`
MD5	`5641305181528b673b1cd0f2fda7b860`
SHA1	`c70b5dede34580d1a88d5fd3fd7e91000f40b451`
SHA256	`d4e15c03eb90f7261476109778bb621ca9750850c3dfef2246e1f36c18f51f20`
SHA3	`0efa403b2b02dd6e7984c39563e5f5363a8267deb4a32a67fd4a4e2ad21793be`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.09505`
MD5	`22faeb082b92e6c82ce7570c5acd1491`
SHA1	`3d1bac239c1b4bbb0fbd222c7428ef2c36c6756c`
SHA256	`ac39d957d48a7a2e1b5b6f3ed4792441c57ee07e36eac69e6df379489ef243ca`
SHA3	`290cc21a876aac8b8c31b74bc6c9a9f9e6809f821a1bdc623bc8ac5c13e5eeeb`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.14617`
MD5	`71e799f5bb1a62ff53a9cae7ee00f692`
SHA1	`b439e14a448545d9a17936e9e520c03d9b141794`
SHA256	`c4ddeca7d485d208b5135ad9550ce553c22b15b18536ba4a1cd5c8070a75d945`
SHA3	`892d721754edbb64641433172b021edbcd8eb5264c9e703f4046e3b436247fd8`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.1124`
MD5	`edf061a433586d8be2dbdd409df4227a`
SHA1	`f92c47456e31f41b007731f1d565b2cc9829f217`
SHA256	`11e7c56d5a67c512961c42218061f3743823f6e745b9db034810f9279b7f6953`
SHA3	`c718ee48d5545f2483cf7ce95da3b85f0f158eb32856e419d44f8ef9f7ae5802`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.98998`
MD5	`4f0284b5d891af15cc3d6167184a6c98`
SHA1	`f2da675c93e1bd62513ff5d081156035bab9b798`
SHA256	`4bb04f65ca6d04ed3000274e86be72611e634870654bcd81ecca92a35fe683ff`
SHA3	`c73a1f444ea69c8c846a6813fa21541ec10288661062e97e002d79e9ae33113c`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x210`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.57296`
MD5	`2922451362d93de84916d7769a26992b`
SHA1	`aaa621c5501682e585abb2e53be2fea04e8be428`
SHA256	`b614c3ca6b2bbc5787e09118d0624c22c479a03ef0b0264b0fdaa2233ffc2130`
SHA3	`566ffeb0ff79bf058b31a176d4e85423b0646d77598d4aef121462aad761480a`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2022.3.17.51072
ProductVersion	2022.3.17.51072
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2022.3.17.5228416
LegalCopyright	(c) 2005-2023 Unity Technologies. All rights reserved.
ProductVersion (#2)	2022.3.17f1 (4fc78088f837)

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xe5e06b0d`
Unmarked objects	`0`
ASM objects (28900)	`5`
C++ objects (28900)	`138`
C objects (28900)	`10`
Imports (28900)	`2`
C++ objects (VS 2015/2017/2019 runtime 29118)	`39`
C objects (VS 2015/2017/2019 runtime 29118)	`16`
ASM objects (VS 2015/2017/2019 runtime 29118)	`9`
Imports (VS2019 Update 8 (16.8.0-1) compiler 29333)	`3`
Total imports	`89`
C++ objects (VS2019 Update 8 (16.8.0-1) compiler 29333)	`3`
Exports (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`
Resource objects (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`
Linker (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`

Errors

[*] Warning: Section  has a size of 0!
[*] Warning: Section  has a size of 0!

Leave a comment

No comments yet.