Manalyze report for b206d104f349fa79b405cbb0bb24ce83ae4e5ebdad63e3db6ea38486cef6cbfa

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Aug-25 14:38:12
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win32_nondev_m_r\WindowsPlayer_Master_mono_x86.pdb
FileVersion	`2019.4.41.16471359`
ProductVersion	`2019.4.41.16471359`
Unity Version	2019.4.41f1_fb553f8fdd6c

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 88.2633% of the executable.`
Suspicious	VirusTotal score: 2/68 (Scanned on 2026-04-05 01:59:35)	`Malwarebytes: MachineLearning/Anomalous.100%` `MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`ce046c894a5b0f812fbeb79757fefd4d`
SHA1	`1a80b5edbe0229a55ceef963d2f9d566be4d4dce`
SHA256	`b206d104f349fa79b405cbb0bb24ce83ae4e5ebdad63e3db6ea38486cef6cbfa`
SHA3	`3ed5089aba30f29b5b7d2648412277fac22247b17385d78200cb08d8ad59902f`
SSDeep	`3072:PVlAZX7pQWDRub+S1xZcrvV9GBSOvaebOF/GCs0:PVls9uQYlyebOpGCP`
Imports Hash	`93d7bb032e5b4ede025420a3defb9706`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-Aug-25 14:38:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xae00`
SizeOfInitializedData	`0x91e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000125D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa0000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`db1f15be09b789283a7850e61d3d2ed9`
SHA1	`3dc68d97a4b336170e796e7de67d9ed7406ca1a7`
SHA256	`39173c9dc8014fc31a05bf2b5a2403004e7946b3d1f00ea28644f708f7abee8b`
SHA3	`7ddd3e8ecae2eefe04d89c92d06533589dd4befb048f6f574d748661c48d3197`
VirtualSize	`0xac07`
VirtualAddress	`0x1000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59524`

.rdata

MD5	`ae7050c9153668f13d7cc5c58d145d7f`
SHA1	`e1cd81ec38134754cc7b51f6d954cf41e8030baf`
SHA256	`55a25289ce6a07e26ee500e36596c6eafa6d8f465b4d07f10e4e88e2c0f47886`
SHA3	`26b15bc297939daafe4b8d89c4702a0bcf42b1416d2e16f1b4ffd870556708d2`
VirtualSize	`0x593e`
VirtualAddress	`0xc000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0xb200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.85992`

.data

MD5	`1e19c674a19facad078a63ef812dda50`
SHA1	`65f38401a2b3fc61f41771c1e72e9aa73fd10799`
SHA256	`c4cf693f8d4d834aff4a4197177982ea8c0b8cb49af91fefe52400f22f4be1e2`
SHA3	`b01bb11e9989bb2c8315f2bb119c2fec9f66f8c08ab4350959948bc6b6f03bfb`
VirtualSize	`0x12b4`
VirtualAddress	`0x12000`
SizeOfRawData	`0x800`
PointerToRawData	`0x10c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.00867`

.rsrc

MD5	`32ca34d947569606b5a5800e37f94022`
SHA1	`bbca8e8a68d07f0e272676086a00bb03e440d97f`
SHA256	`1e15c930c98318b5de7f809914df46f0e6179dc5942ddb927f416e699d0b0b0d`
SHA3	`8e513a4fa3d34d15b6bb4dcd66d2a8ddbf6309bca3cd4b6f50a8630c46dc026a`
VirtualSize	`0x8a150`
VirtualAddress	`0x14000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x11400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.5145`

.reloc

MD5	`25e1753d72af594ac26f64810125b391`
SHA1	`7c0624cc0d5cc961ea96284928f1c1b04158e7d2`
SHA256	`2a418bf5f3798d42ded392bd99424322fa6065dbd2b03837f229a7f8ac14f2af`
SHA3	`dea2e06065ca3c2a46313e341e3ac93a3971a8e885926fed33373f60955f6dae`
VirtualSize	`0xdcc`
VirtualAddress	`0x9f000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x9b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4902`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcess` `TerminateProcess` `CloseHandle` `RtlUnwind` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `DecodePointer` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x12004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x12000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.2706`
MD5	`f1d2f013d3437d6906ecec3892d281fe`
SHA1	`5520deecbb258b8b820ae7fe98e2c187dc18b742`
SHA256	`50410863804fa14f8747a31c54e7a5492efd0291f77b9890d04d25ebbf88f0fd`
SHA3	`2b4c88fe1d9d50ba437a71082625d164fae74e21b7c4ca6d8e7e3e0ee2123b28`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.40023`
MD5	`8e20df621ce55513acc690d8d772a802`
SHA1	`e0d202c4c50ea926105655a2549fdaae42972407`
SHA256	`0a0efba288cf033a74d484d287f0ebebe18d7f234fb3f16619f29d184384381c`
SHA3	`296bc39b190b8ba499d0c34adf53f33b6b2cee3bf4f043ba76e447c43a91acfb`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.57738`
MD5	`a43fd4b6d15acb6ba377e36c4c587164`
SHA1	`6771a533c866080ba97626fa5ccef56f64956b32`
SHA256	`3bfede58d1a49f630a6ada3d8ab6850a191d5b5796e7883dd21d319bd857adfa`
SHA3	`557c54606ff78f03e71de6eb1a54ffe241cdf78e6cc3ce0df0ecd81c9065d668`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.76974`
MD5	`90b31836296f5e5e0f69c6c0ef6ace18`
SHA1	`8de049b2b034dc0656ecc5dbe0df1ed8c866ab14`
SHA256	`21092a9f03057a6d47fa0dc0f9110bd586dc9823fd4d3455d99ef804302f812e`
SHA3	`0dd043a4a22c2797159241a497f8ec04f38a301850a88c91cc9a9495038da7da`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02882`
MD5	`71f679ff83d3cc4a5f5a227adf86b06f`
SHA1	`efb4b8b6219ac6e643ce346d8b737ef38dfd6d06`
SHA256	`31239ec96d3839c471ce89c9e33aa0c58c465a1081aadb834fd6a71d239c8fdc`
SHA3	`be8362f4c989d804a42d2b7e76c870e3df9be90349e9f28ffdb350fc68308650`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.36431`
MD5	`73da131ced59a64d301094e8c9a8f2ab`
SHA1	`ab04a8639bd767d13d81505827fc528de6d991a6`
SHA256	`fe903344ffe99e4ac4830be7607dc2407b5914b7811a25bce41848899de3e5a3`
SHA3	`c05c1efdfdb5ae0567c9937f55bec4da84bcdc0857c03f8f546123496e8662c8`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74266`
MD5	`fa0b8a9f014d43c33c3ef5a9dddb922b`
SHA1	`e4d55c12c7aeea1a974580da22c6a9605a010c70`
SHA256	`a48509140376b519f80e556120dbbc19f8aae98b74216fb0d505d74b82c784e6`
SHA3	`4bd9e7ac449a17f9845c98e1123ab92348883947c6e56aa73223df8f5e15fc2a`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0813`
MD5	`52285b1b00d27581a69f1f3c7c00ffef`
SHA1	`0e962f7393e937ef5ce6c7d599eca4999f34209c`
SHA256	`c7a888b02d624cb6cd4d2637386d5ec875cf052a1fb6b4d416e3e27e6414397e`
SHA3	`790aae2c3f20a9b3ae162133a87a91e50f207721a4ded904008d6d3b0dcbb60f`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3808`
MD5	`cf6afc12b07928ec483893f29d9441a3`
SHA1	`fa20cd66e29d64a85ac5d1228344192d60ab0eb0`
SHA256	`63f74d6c1e8b6561f7be627ad3951240927fe5808aede19076c4633ff1323e86`
SHA3	`e94180ddc344e3722ae9ee5fbb3596bdf0bf90c14ccb481b3840ec270441b5f8`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40757`
MD5	`83b049cfe0ed9edc9a7715d86d7c3191`
SHA1	`df0a8851976e3bde6deefdd6891a38bd29fa64ae`
SHA256	`05751acc6cec2d84a8f5492a728b2ca96ee72d7684b9f6600ce7659489d9fe54`
SHA3	`3d8e03654e08de8ad13aeec4baa34103eec1b04162c2a5ff1de539fb39bd5652`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2019.4.41.21823
ProductVersion	2019.4.41.21823
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2019.4.41.16471359
ProductVersion (#2)	2019.4.41.16471359
Unity Version	2019.4.41f1_fb553f8fdd6c

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Aug-25 14:38:12
Version	`0.0`
SizeofData	`127`
AddressOfRawData	`0x10bbc`
PointerToRawData	`0xfdbc`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win32_nondev_m_r\WindowsPlayer_Master_mono_x86.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Aug-25 14:38:12
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x10c3c`
PointerToRawData	`0xfe3c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Aug-25 14:38:12
Version	`0.0`
SizeofData	`672`
AddressOfRawData	`0x10c50`
PointerToRawData	`0xfe50`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x412018`
SEHandlerTable	`0x410bb0`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x64797d74`
Unmarked objects	`0`
ASM objects (VS2015/2017 runtime 25711)	`10`
C++ objects (VS2015/2017 runtime 25711)	`144`
C objects (VS2015/2017 runtime 25711)	`18`
Imports (VS2015/2017 runtime 25711)	`2`
C++ objects (VS 2015/2017 runtime 26706)	`36`
C objects (VS 2015/2017 runtime 26706)	`17`
ASM objects (VS 2015/2017 runtime 26706)	`18`
Imports (VS 2015/2017 runtime 27012)	`3`
Total imports	`78`
C++ objects (VS 2015/2017 runtime 27012)	`2`
Exports (VS 2015/2017 runtime 27012)	`1`
Resource objects (VS 2015/2017 runtime 27012)	`1`
Linker (VS 2015/2017 runtime 27012)	`1`

Errors

Leave a comment

No comments yet.