Manalyze report for da62ca35a2dc451355c2e95128ea0ba8

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-May-04 02:38:24
Detected languages	English - United States
Debug artifacts	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb
FileVersion	`2019.4.39.7917901`
ProductVersion	`2019.4.39.7917901`
Unity Version	2019.4.39f1_78d14dfa024b

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to TEA`
Suspicious	The PE is possibly packed.	`Unusual section name found: .bind`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The file contains overlay data.	`496 bytes of data starting at offset 0xd7210.`
Suspicious	VirusTotal score: 1/71 (Scanned on 2026-01-21 15:47:55)	`Cylance: Unsafe`

Hashes

MD5	`da62ca35a2dc451355c2e95128ea0ba8`
SHA1	`58b9a35089e8d630876d8705817b6da7b9bf6c01`
SHA256	`62fe251f57d067b6fe271f11a76a7de77a40e5b3598c5663ecec59d4dcafbb86`
SHA3	`b92003286480f377bdf27c4920fd785075198a91ed0d0a7453db66d90f7d3065`
SSDeep	`12288:97qTURfT2Xqff1YSjOvc0Sd+exR9pVYA384mCpMTvGOkZ3yp:9qO6af70qNR9p6/CclkJy`
Imports Hash	`fd60dddc87379c239e8ac49516966c3e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2022-May-04 02:38:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9e00`
SizeOfInitializedData	`0x95e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xdc000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`396787b09c7084619fd353ed4d4aa25a`
SHA1	`10bbf1d12fd72a6f2490dae0fb34b3e3c37d0397`
SHA256	`84c4f4af681e7c55e04955e3244214c6a39406c9ff283dac14b45179c7344fd2`
SHA3	`2dbc41d4fcc7f9459799c1f273cc7d0b29a65a800004b70b2d8024daf74dfc23`
VirtualSize	`0x9d70`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39606`

.rdata

MD5	`e35cbeb09be5b3613cd3dc4530a3eaa2`
SHA1	`3752504fac5ba05ea2b5618ed16a6a4dfa6b2e03`
SHA256	`09625f4b13c999f6f9e723c9e93f3f1d31de392f263a3789cacc9ac3070b4937`
SHA3	`783a2e3531ff873e905bc5b65e1a2e3248ea05071292c51952a8b2251d53da3f`
VirtualSize	`0x88de`
VirtualAddress	`0xb000`
SizeOfRawData	`0x8a00`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72649`

.data

MD5	`db32eedebac3d09a8db683fdd7266183`
SHA1	`9d3ad2e8f784250c149bc0545875f3347c1e07d5`
SHA256	`63a977bb7df30209d66ab0ee3c2587394d2d84b87cfabab13902a80a9f8ac2bb`
SHA3	`f60fb1eaea0dc406d8fd8219c5b9519256c10cea02ce9801f2b262cdde729c42`
VirtualSize	`0x1bc8`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.81338`

.pdata

MD5	`3ce1bc4528abab2f9296f6de2d66eb13`
SHA1	`236a9014dd4163c9bea0d3216c4339b71336ac60`
SHA256	`846c816328ade2f569bd6d1755940b260f0c1dc44653c50fa0b693d81cdc395f`
SHA3	`78586f62c74b7328c23e5e427db6af1753665224f815fabb19547b4c15db1d67`
VirtualSize	`0xc18`
VirtualAddress	`0x16000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x13600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.30914`

.rsrc

MD5	`db9a51e81bc7d511581243ea48d07294`
SHA1	`1fdedae6a7b737faea6bcac8953bfa39a3b54ad9`
SHA256	`cd99c84d02980e3cb5b92c010871144e741d370dde582f7957371fbe4a99ebb7`
SHA3	`977912762da3316854dbc40e8c694e875ded6c65057abe396b1741d83d86b3bf`
VirtualSize	`0x8a148`
VirtualAddress	`0x17000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x14400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.43834`

.reloc

MD5	`15c60be0054361c5f282b9c542c4b5cd`
SHA1	`3414732e68613e7ee32812f73810341e1aa3c9b2`
SHA256	`1597710aaca61843fdb13da316d06290830148f7e34074bef548abcbffa3b72c`
SHA3	`dba1e0d3f98cd89e8c35eb26f42dfaa9d0746b81262aa44f970150cf3cd45691`
VirtualSize	`0x614`
VirtualAddress	`0xa2000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.75713`

.bind

MD5	`334326dcbbe3f67148e13fc63a1e611f`
SHA1	`4e58b402d8627707a217bd71be42876e79e9011f`
SHA256	`462275c356ff1478ccd391d179b6f3d649eb618af30002aa6cb7387ac441a6e3`
SHA3	`df84e87d905570770312d22f6cd0838e458996e8e0df79f80801c9cdfc3cbe18`
VirtualSize	`0x38410`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x38410`
PointerToRawData	`0x9ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.95858`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`GetModuleHandleExW` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x14004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x14000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39639`
MD5	`fec439a5eb46261a6854252ed937a6f5`
SHA1	`c986c6edfddbe008d0af825193822ff02ef9f864`
SHA256	`12bd7852956f7366b062ac7a672bfdda31cb75c33d5b395cd5638c19c522934b`
SHA3	`9d9de75f4c9ea9cff0a61f4cbf7b1f5be761a36b108b117c16a0ca82f5e7279f`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.4729`
MD5	`5a0f4dddc13977b01b937755b7f18cf7`
SHA1	`41dcb88300c590a38165f9ccaebc6da95f42853d`
SHA256	`4bc06606e18a4ef1407121a0b03cb5feaa4ff985f8dde909af30422ae04997e7`
SHA3	`8e4ec112bc004234a67b22e12c889d5013a3d6c3e59afb3cde798d7c6bed5caf`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.47604`
MD5	`d4ae8c8d32559632a57b7062d3965ded`
SHA1	`4a3fca9e34cd47deec9aa3f7366a7ba190599809`
SHA256	`e19f119f8a6e031a0751d5294afa8d6bc6a9c87212827361111c413c9122c60a`
SHA3	`a5a0a8ee61ac3b104027478a31082b760f6d6620d92b07defae4999ad4fea0b8`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.59982`
MD5	`d16b34b636532177a6206d63caaee4ea`
SHA1	`7e2fdc9df53b871db4ab934429ceca8a6534fa3e`
SHA256	`5c90d4f1d631111868f7046825fbdc3a810993a961e5dd226312e093c3a0ccd0`
SHA3	`c3f9e93b7d879ef055fba4e94a9cecc191a42b8e1c1119ea23b17f97eb7bd92e`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.65747`
MD5	`c89c6ca8c9b27f34631da9a427215d72`
SHA1	`ba30f693de40b9d7bad94fe42ddc6407d80a7114`
SHA256	`25d731da93df9efb78dceed4b317c150ffb2d29eb40a057f29af5d7fc2469884`
SHA3	`2b931d46ab0108c4dc557e38db36d97c21598164dd74a1fc2e56e510a5a8af57`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.80428`
MD5	`0eae61d8f4562b5588bd6b4004df2190`
SHA1	`cd3f50b9d1b3c4ea3ec16bb6c2f9e4559f6435a6`
SHA256	`45bec09880fba3bc130b49acaa0b95729fedbf928c2b982ab7a2153042e69971`
SHA3	`8e62d61d68d640007f50a5938e9f7acb1dd265e775e60d50e263fd1c39aeade6`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.20873`
MD5	`c704efb7af983c81adcedc8397dc6ecd`
SHA1	`ca762a26e6b1535d9f84d32e809ac1c987727a09`
SHA256	`8b231aaa9e1ae894380cac7f6586f87c1a228396d221d75ada1dc24082602c5a`
SHA3	`9ea683445fa7baed8f240a853787856318d983add6805df9a38f5fc17d2cd694`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.44969`
MD5	`427dca8509587547697b394513162fe0`
SHA1	`492bd5edf33cf39db5b40cfa73976132a7bf93d1`
SHA256	`29fd766475f0a63f2e909030be3e8bc8e038817d4cdb961a63d46fe9f60b3249`
SHA3	`4db1aa02dc10ae514da8d8ed1f491549108211d89ede319d0ed1890fff8fdabd`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.48496`
MD5	`a11b5b8c62f582556699e1dd9c8093f8`
SHA1	`9f01785063a82fd5787d80322ea99ff14b49efd4`
SHA256	`191da60ba94b2ea3c49e675bd7c1bdb7deadcd438de81d24db55760cb1de7cb3`
SHA3	`288e8d3c18ea1d654c9849d316b8ccbd0e636a49f52296f792560f1c41b4bfc1`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39625`
MD5	`ed667ebf67066f0fda0ca0c4d78468a8`
SHA1	`5058f0dcd1bf779465f8f8e49521723b14923996`
SHA256	`7d812e6461e4a3ab0b1f309673668d7646096ffec96516e9079cfecaf84ca06e`
SHA3	`24eefcd0adf889334b7cfa46175723debc1dfd400e3f90eab8860eaa202766ef`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2019.4.39.53581
ProductVersion	2019.4.39.53581
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2019.4.39.7917901
ProductVersion (#2)	2019.4.39.7917901
Unity Version	2019.4.39f1_78d14dfa024b

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-May-04 02:38:24
Version	`0.0`
SizeofData	`125`
AddressOfRawData	`0x123d0`
PointerToRawData	`0x115d0`
Referenced File	C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-May-04 02:38:24
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x12450`
PointerToRawData	`0x11650`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-May-04 02:38:24
Version	`0.0`
SizeofData	`696`
AddressOfRawData	`0x12464`
PointerToRawData	`0x11664`

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140014028`

RICH Header

da62ca35a2dc451355c2e95128ea0ba8

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

.bind

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors