df1c18e8aa71f13aa2640656966f950a

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-May-26 15:14:19
Detected languages English - United States
Debug artifacts D:\dev\factoryio2.5\_buildProj\build\bin\x86\Master\Factory IO_x86_Master_mono.pdb
FileVersion 2019.3.14.2831115
ProductVersion 2019.3.14.2831115
Unity Version 2019.3.14f1_2b330bf6d2d8

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Info The PE is digitally signed. Signer: Real Games Unipessoal Lda
Issuer: DigiCert EV Code Signing CA (SHA2)
Suspicious VirusTotal score: 1/73 (Scanned on 2020-07-04 20:05:42) Ikarus: Trojan-Ransom.FileCrypter

Hashes

MD5 df1c18e8aa71f13aa2640656966f950a
SHA1 ab35d767b9174c07639add7d2eeda34299dee0cd
SHA256 e4b2c14ebd804bff0f737782f498bb1e4e23b2ab0c73dbad97b471e14f74dc45
SHA3 9fe36d0ba7a4dd24503d1b83a7d08c2c4ab636bdfb385c148c0d0666aa44d5c2
SSDeep 6144:X2JsZfWaNkBVwueCtmyAkyPuIIghAObvCo8bSlz:X2JmWaNkBVwunrATuIIghBCrSlz
Imports Hash 9dedcd99794a7ca6116b18d81305fb5a

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2020-May-26 15:14:19
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x1c800
SizeOfInitializedData 0x18000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00005B19 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1e000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x37000
SizeOfHeaders 0x400
Checksum 0x3ae11
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6eca1aa232e31da4702e2359c47af7cc
SHA1 4e5e746a11735628e17b4be5d450004a2bb9e76d
SHA256 51ba926890c6d10f079b316c625f40cf643ffee592fb398c91415b871964b815
SHA3 67f6e35c7f55f262a55e36968248267a455f78fa4372e227ec8cf17482d2270c
VirtualSize 0x1c605
VirtualAddress 0x1000
SizeOfRawData 0x1c800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.62117

.rdata

MD5 5fcd19dfda4941eede3377d5adfadb21
SHA1 5d1670ab92334f229fbc656394f3aad9dce5bde8
SHA256 67b95d9fe5e1e6e09a6517794b0b58f762b2593081388726e00d72f6c3e2ada4
SHA3 fba0d5451649d55c55553dc9f0da72caf22071b58c9d19eaf1e5a7bf9500134d
VirtualSize 0xdc7e
VirtualAddress 0x1e000
SizeOfRawData 0xde00
PointerToRawData 0x1cc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.38263

.data

MD5 034f5d1d833164ff757800077905c692
SHA1 95069eb8cc8ac5b7c074a5edd01d3a6f02413328
SHA256 1131f162d0724a3b7caef8352523e9f7e147ba9730378f383dbe4d60f46c4baf
SHA3 e7565382387b55d6865d71ffe4f9fa5b628a26760716534e8e25cef1bf813cd6
VirtualSize 0x1cbc
VirtualAddress 0x2c000
SizeOfRawData 0xe00
PointerToRawData 0x2aa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.29821

.rsrc

MD5 96675a1d677c8f23909227a782c0adea
SHA1 4f221ffb9910490234013fe3cd9bf89eec8f4ae4
SHA256 dfce655807a47c3b992be5b24cf5588b967e36c5376f21543039d01cda2fa5eb
SHA3 6657c0c869c2dda086c6daf7ec664b6f4f0107e448265ea1d27547b04b3509c4
VirtualSize 0x6238
VirtualAddress 0x2e000
SizeOfRawData 0x6400
PointerToRawData 0x2b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.71103

.reloc

MD5 7b81dcf6067104bfd6a35c64fa2f9baf
SHA1 fb522a6c5ddf0b133edf364556e4074774abef02
SHA256 730c450d2609836eace43349fa53527865255a8df12ee1b934b2377fbe71d0ca
SHA3 7d053242d3a913f1871820ba2215402566dbcbb42daa8cf24c72275c2ac3cfd7
VirtualSize 0x1eb0
VirtualAddress 0x35000
SizeOfRawData 0x2000
PointerToRawData 0x31c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.44257

Imports

KERNEL32.dll GetModuleFileNameW
WriteConsoleW
HeapSize
CreateFileW
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
CloseHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
SetEndOfFile
UnityPlayer.dll UnityMain

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal 1
Address 0x2c004

NvOptimusEnablement

Ordinal 2
Address 0x2c000

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x1827
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.70485
Detected Filetype PNG graphic file
MD5 b6328d8d59159c588fae3259a4468666
SHA1 fa1ef88b77f7a51fe6fc443911f0545d3f6c001f
SHA256 41a0b4afe06c71540cbf556a9e1168cc1a948b565c1e1ceadda6865e7e7ede02
SHA3 253cde03c5503f9cda5424cd0112ef64520289450ff68b336a83ac01a3d20561

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xb81
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.80915
Detected Filetype PNG graphic file
MD5 5bbe0a85a9994652116e595c84dbaf9a
SHA1 62d75c96b125e802cc86477493bf546fc8a71445
SHA256 089e4d006ceb562fce264a41187d1a23778d1877415d54f112467f702e6698b8
SHA3 db917ac2ea4f88eddc158f0b01870f8d3ff455631ae999ebb1106ee4590a85bc

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x11ed
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.92024
Detected Filetype PNG graphic file
MD5 851b9b07c0bf0a940b6236dea38ae16d
SHA1 b6e1a448308ddfb726ebd8ca0cea10761e3a5142
SHA256 57c7009661bfc0d62fcf6ca31bac18edfe66db4f66bb5de6655e1249370dd03e
SHA3 b2c38a719d192a60ce0769d8ca297cc69bf9a2ec55c6c170cbb7b90459e90709

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x6b9
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.83801
Detected Filetype PNG graphic file
MD5 86810f4be4e82df92c1a8830765d7677
SHA1 447eea86993a9a1fc511f4537bbca4c540b01796
SHA256 627ae097652a689c7e227f823d5ac942235e51116e7c317fd6b015fa4241d4ae
SHA3 9476569f20f9f5a6b0dca19c59d77ff9af3c77c9d4396dc7ef0954474d968728

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x50c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.77891
Detected Filetype PNG graphic file
MD5 9436e6de05f66d844a2fee5de9b094d4
SHA1 14139e99ccb812686e014b5658551b32baf371f8
SHA256 cc244e264dcc1923e95f10fc7cca5bf6f7f227398bff63d62d97cefe4bb01005
SHA3 971e9fc241da6b8b6fc51d6456a2f07af4a027cdd0d1bd917b9d7e14e7545001

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x76a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.85709
Detected Filetype PNG graphic file
MD5 51399a8bfa4042d410d5291d6d0bc8cb
SHA1 b9ffe803c89abdb2d7674f57b598eaf0669cd7cb
SHA256 d23e774345b6ffdbc386a03491327651bfc5fc6a21e96ae71b25b12ecbf13cc5
SHA3 9969364de448b421cb42526fe052fa42d162db15b5b0e849c35166482c02447b

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x415
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.77267
Detected Filetype PNG graphic file
MD5 60d0e594687b3c1621633a7b63ec0b9e
SHA1 db5fa2db770a5898008a345b9249bcd5bad9dec3
SHA256 38187860d74c08dd5d53767bd552c7f4b87b87ddab8aec664bb6c1bf97a27710
SHA3 e6109f3674dae2acea2ad1afbd63812b9c91dd1026da0ae94c1bde9b4c7a572e

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x42c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.74291
Detected Filetype PNG graphic file
MD5 5313da1903263d527c15a082163ea523
SHA1 addf0388fc732790424678960be32cdd41fda05e
SHA256 017e3b30ccaaef69607349a2fa6887c26c8ddf438cb423ec6d54e44fe844d56d
SHA3 aaa85833fbba39e6101d14180f39d7df0e02c1c9b106df56666cf838de0308cb

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x342
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.72794
Detected Filetype PNG graphic file
MD5 c99d8e7789700f3879f729aa4b71f657
SHA1 5958ef13818fc36351a95bd59b93b93e18037b52
SHA256 72383b3d67c64b907140957e2e1e86ef4a9e6546685c247aedb59a289aef1ad0
SHA3 c67a96bb57535cc51360cb2e230132b7185bea790b0975f7e3c958fb16afea23

10

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x233
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.5407
Detected Filetype PNG graphic file
MD5 a1397b9363458ca1c0d348e211406468
SHA1 836e3df4b5de4b4d17b848fd8d141f5b6e3df139
SHA256 db03cac2bf2e7d393b9c27fb8fcb866158670e76567caffa3f305270ecaffabb
SHA3 b816d28de0b6c175e0ca9b77cc0ef065c3f3440664fb2c46f2aab6eebb7fed0c

103

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x92
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.10495
Detected Filetype Icon file
MD5 0ab69ae57a963fd006fb1763b8623206
SHA1 e4c391ad0a75f0b9cc29925349931a1be02d5c10
SHA256 205146e3719cc27bacda0ec842f2e685617cad4ff17c60db2e318bc108cbef82
SHA3 4099edd518b8de46b9d137c703c047330508ef5677a6156775a436e87f569e97

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x1c0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.40997
MD5 c563c2d739cfcf21b74de530b2b587b0
SHA1 6f307dd9e94e5f387b9edf7f35296d1cea1c2095
SHA256 35c967c0847f378b5bb1d13a231f45652e91c9c6f6dd88a577bb67be27aa8020
SHA3 16a163400bcf0f62b168674f58415541ec6a2ea732fab365966100e778bdf9e2

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x655
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.37545
MD5 e64f0e3051453730fcd59e3487fff82c
SHA1 881f9506d98c7244ee2e6cc48de59fb5fe9394a0
SHA256 cc5206d924557aebbb34ea990bff63d51f03f95c9618f11ba16f5bd0d969f3b2
SHA3 e68e9754b0692216d6b7991ec0b28f737203d4f0979404b4bfd5728ed3214e3d

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2019.3.14.13067
ProductVersion 2019.3.14.13067
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - United States
FileVersion (#2) 2019.3.14.2831115
ProductVersion (#2) 2019.3.14.2831115
Unity Version 2019.3.14f1_2b330bf6d2d8
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2020-May-26 15:14:19
Version 0.0
SizeofData 107
AddressOfRawData 0x2a474
PointerToRawData 0x29074
Referenced File D:\dev\factoryio2.5\_buildProj\build\bin\x86\Master\Factory IO_x86_Master_mono.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2020-May-26 15:14:19
Version 0.0
SizeofData 20
AddressOfRawData 0x2a4e0
PointerToRawData 0x290e0

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-May-26 15:14:19
Version 0.0
SizeofData 804
AddressOfRawData 0x2a4f4
PointerToRawData 0x290f4

TLS Callbacks

Load Configuration

Size 0xa4
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x42c038
SEHandlerTable 0x42a410
SEHandlerCount 25

RICH Header

XOR Key 0xdf80878d
Unmarked objects 0
ASM objects (26715) 13
C++ objects (26715) 172
C objects (26715) 22
C objects (VS 2015/2017/2019 runtime 28117) 17
ASM objects (VS 2015/2017/2019 runtime 28117) 20
C++ objects (VS 2015/2017/2019 runtime 28117) 77
Imports (VS2019 Update 4 (16.4.0-2) compiler 28314) 2
Imports (26715) 3
Total imports 87
C++ objects (VS2019 Update 4 (16.4.0-2) compiler 28314) 2
Exports (VS2019 Update 4 (16.4.0-2) compiler 28314) 1
Resource objects (VS2019 Update 4 (16.4.0-2) compiler 28314) 1
Linker (VS2019 Update 4 (16.4.0-2) compiler 28314) 1

Errors

<-- -->