Manalyze report for b5269e5b7d44ac1d7e62e81cff79083b8637c36b81044100f37e5fca5430a9b3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-May-31 22:51:02
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb
FileVersion	`2022.3.1.15830540`
LegalCopyright	(c) 2005-2023 Unity Technologies. All rights reserved.
ProductVersion	`2022.3.1f1 (f18e0c1b5784)`

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to TEA`
Suspicious	The PE is possibly packed.	`Unusual section name found: .bind`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The file contains overlay data.	`232 bytes of data starting at offset 0xd5118.`
Suspicious	VirusTotal score: 2/73 (Scanned on 2025-03-21 00:44:27)	`Cylance: Unsafe` `Trapmine: malicious.moderate.ml.score`

Hashes

MD5	`0875f4ac9881a8b585bb8297c1b94e0c`
SHA1	`88761dbda3242c4192eb208203f4ea6f9491f712`
SHA256	`b5269e5b7d44ac1d7e62e81cff79083b8637c36b81044100f37e5fca5430a9b3`
SHA3	`96cf7430d90397a3005d25770dc70ce4b7a1b3a108ce947898173fe3a23c5f73`
SSDeep	`12288:q/744aOD821yOgIGhGf7HRD3Li5bLi64kS71NS:g9aO5yqGhy7HRq5akcS`
Imports Hash	`ce1183cc150987a99aef5749f22af81e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2023-May-31 22:51:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xca00`
SizeOfInitializedData	`0x97000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xdb000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c908b9c0303dc1f82726ca4dae00b772`
SHA1	`e81e70cb017880d2883f88a85d9a5ba6176ebcc1`
SHA256	`6e577d9deae653a5181b5a961bc5d68133d0e0c5371dc8bf2e7a30f6ef4d5cb2`
SHA3	`deefbce421cada627162918879ac6eda8099d036762180ad5ebfb4cbd66be7e2`
VirtualSize	`0xc8b0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xca00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41078`

.rdata

MD5	`0dac1f5ef1014603816ed0514dff7e93`
SHA1	`012a2f9aa699b9ec0c45e7bc4ddc2f8a20ff7f65`
SHA256	`3b1c65d00df3e4812b7e8c7c6bf8124ea79992beed8a70355714de71461ee787`
SHA3	`2618b9b0cb82373d09627122a6d1584333bbdb9844eb4672f86fffbd06eb0de7`
VirtualSize	`0x948a`
VirtualAddress	`0xe000`
SizeOfRawData	`0x9600`
PointerToRawData	`0xce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65306`

.data

MD5	`90815aa5dc65a7dd3f93bad1bd78a77e`
SHA1	`608f3e69047b216dda6b0df73c30912e2fef5544`
SHA256	`435cb9af1df25f501f68a9700182c4d25de99c3f8e8c1ba6b16c0ca98911ff87`
SHA3	`e5ea90d4dd767bfa3d88e3fa2e107c2e40cac10f43498d5abd74f15888477d18`
VirtualSize	`0x1d38`
VirtualAddress	`0x18000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x16400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.87032`

.pdata

MD5	`c69bce38ac69d0b835120a5590e69f0c`
SHA1	`c063139b665bfd43ee632f0741b4b5279a71f404`
SHA256	`1d79cfdb10b0e6f61968ed084c55a6ae07421354bf9072b12d090926728f3852`
SHA3	`5b320838ebff98a9e30dc5b9258ca4079fcb7cde4304c61cfe2dd57bb750842e`
VirtualSize	`0xef4`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.62843`

_RDATA

MD5	`f87f407c2a1cab208757ad1d23a2de6f`
SHA1	`cd739c36958f9ba7505883ae868f1a6ca71e880f`
SHA256	`6e4ba525d12ef66132e0738191d3a928ba74c0091a6f82bc48f892a41e2fc242`
SHA3	`0611ad194d9c623281cb358dbc2f2d28bb01b6eab682677ec8d16136d74414ab`
VirtualSize	`0x94`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x18000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.11888`

.rsrc

MD5	`13dcd4690ea4fe3320ede484e7f2f982`
SHA1	`5e81fb2fddc8d5ca54096692d30e6696ccd72ee0`
SHA256	`58e255b88c64b1d69e1535a7efdbdd4717f16ac6a013e6064eec43c4bb48c877`
SHA3	`3278a945ac9b92d7a0a98cd1ed5e013d26be2a2d98df8f7ce638e1e27fd188ff`
VirtualSize	`0x8a198`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x18200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.97342`

.reloc

MD5	`ef1e558d46106d87320dd822be1ddc48`
SHA1	`10f7b05d107451bd01cf446da512c619fc35bf50`
SHA256	`34d7b771018e478ba05cd24ec377fd34919d65ec63c43f49e1ab319785368929`
SHA3	`cc295f58e62efe5c59cad1febf1ce620404450135f442c20ba55235b492ddac9`
VirtualSize	`0x654`
VirtualAddress	`0xa7000`
SizeOfRawData	`0x800`
PointerToRawData	`0xa2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.84209`

.bind

MD5	`51148c0c39cf7bff411c0f455ebd9ef9`
SHA1	`59fd31ef13768c7a53b5f1030f6cb963bb1e93bf`
SHA256	`7ebd1ae4a2c1aa066045a8eddf924333a820e06bcae76b48594c5dd6e4ebeaee`
SHA3	`6921c1bfe00f13eab9200ad501dfce283420dae34b7ac4de143833f9f2b6f3ba`
VirtualSize	`0x32518`
VirtualAddress	`0xa8000`
SizeOfRawData	`0x32518`
PointerToRawData	`0xa2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.95426`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x18004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x18000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.67368`
MD5	`344f3c83575233467d54ec43865b9a27`
SHA1	`832f3e6b0340915cc9d03203477685f84f453042`
SHA256	`95f416aa804c86b6c50c416bc7891aa45447fc8399745bce3c39fbb10feb77cf`
SHA3	`3edfa5f8e0f62fe7e68971af82d00cc2f78832a68703141ae027d7f3690ec174`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06119`
MD5	`43dc2c2ad78b3ce3d662435061afc510`
SHA1	`bd674e96b383148d205b7e00da49fa5ab1048286`
SHA256	`1436d9663868fe9be8b2c4db49fc14f7e5f01759dab651f0fc71c117ba06a979`
SHA3	`441e0f97605d2199e7c466b341834cfcb76adb1b5fc06da02f6899ff3b94b012`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12739`
MD5	`6a2fd9d28e8c58e69c06e6080122a828`
SHA1	`ae60d22f7fa8237e90b9c7d9c6e9c4c8164da071`
SHA256	`ad426711c01a8342337bac5291321726d1661b222898a67f093db8838b511dc7`
SHA3	`6d3e23b834f9d52b9e798010cdc298d162a7dbebaeb269df03412c5d2817d62e`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.16454`
MD5	`542ebc92dc848f49a17ede001b2389e2`
SHA1	`1a1d4399d135271e97055479c095e6de9162bd12`
SHA256	`f2418a595316c753950953af54554f2c513c9733a636d7c8c8282bc33fa9d4bc`
SHA3	`0e9ab962debc13cd09e6b88f2fefcd5690d86f02a18b101070f3ace059324d94`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.17136`
MD5	`1dfde60fb5c879dcd9a9f000dd2286e8`
SHA1	`6fbe3ade455365a6567c051c9e26126a985275ea`
SHA256	`1c578206fac8258a42c1039f806dbd63ae0ac346cc6db5cb97fff7704ab25a02`
SHA3	`e6bb35a58345dfb231d180e74663a76512646cbaf938984ac5331228d54e4ba7`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.13864`
MD5	`16ca701af5b17f4a9a089e64bd118334`
SHA1	`5b3968985022a4c4bb139eb304b34592f6aab9c7`
SHA256	`6eaa0c9b876ff2f9765eb61e7167718452d1ac979e927ce6cf9d9dc2c1c931b3`
SHA3	`f86ab8fc7a7031a8a92f1b5f4e5aab9d2fc494562d7f1173dcc6d417baceb59e`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.16652`
MD5	`3d8b829cdee5d4e961419b0192359c0e`
SHA1	`36640aeb213b4437ced7b7b983f680fada617050`
SHA256	`fba66f883f3cdff9824b5341cba4f845378c14e760435c39f07ba33a1cb9cc1b`
SHA3	`fd58b6060a0e1f3eb2875e873ca68b5742647d628c27c190d2bbbbc194d4b66f`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.08699`
MD5	`f185e6ab794ec5d505483a34d694b687`
SHA1	`160776154f15a28f66e6b321249a667702f45b31`
SHA256	`40ca455edb096bcaefc9eb207cb9d942cff0270c82c4d4147198cf09a99e21b4`
SHA3	`6e7729f395e3fe54c53e06f9f0fb34ec4f0b1d436b8ff5159016a636790be235`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85586`
MD5	`59df427d680ee315856cdc58573d7868`
SHA1	`2d53ab7116ad3a6c8f24d1c87e200c9d8e5bf4da`
SHA256	`2ee61b4a6a5129df995ae4c320eff6ec8954308cb226a615e6542e5fc5843c00`
SHA3	`4bd808fb6cc36a2e9f835e2d3a5f0c1ef1350dbdbc82e83d16d0d0f28a97e02b`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55461`
MD5	`019544b8db35d58748501be89b69988b`
SHA1	`f4b20147799788844b3a23055f00814ca0f0f712`
SHA256	`7690579a4a79052294f0ed62761fea17b056abe9d82919cd78f9da88203d7432`
SHA3	`6f1e9e5d0b353c7b6599dea854f9b1ae5b4161e7a3ba5c4a3a5eaab3330497d1`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2022.3.1.36364
ProductVersion	2022.3.1.36364
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2022.3.1.15830540
LegalCopyright	(c) 2005-2023 Unity Technologies. All rights reserved.
ProductVersion (#2)	2022.3.1f1 (f18e0c1b5784)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-May-31 22:51:02
Version	`0.0`
SizeofData	`141`
AddressOfRawData	`0x15aec`
PointerToRawData	`0x148ec`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-May-31 22:51:02
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15b7c`
PointerToRawData	`0x1497c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-May-31 22:51:02
Version	`0.0`
SizeofData	`768`
AddressOfRawData	`0x15b90`
PointerToRawData	`0x14990`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140018030`

RICH Header

Errors

Leave a comment

No comments yet.