Manalyze report for e221f51b865018f394bfa0f0a99fa083

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Dec-12 20:33:58
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_dev_m_ut_r\WindowsPlayer_player_Release_mono_x64.pdb
FileVersion	`2021.3.16.4200023`
LegalCopyright	(c) 2022 Unity Technologies ApS. All rights reserved.
ProductVersion	`2021.3.16f1 (4016570cf34f)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.4075% of the executable.`
Safe	VirusTotal score: 0/73 (Scanned on 2024-09-28 22:35:48)	`All the AVs think this file is safe.`

Hashes

MD5	`e221f51b865018f394bfa0f0a99fa083`
SHA1	`5cd088aa656892178f6914bbaee57264e43f9b7a`
SHA256	`390586fde194b9b38eb0e96bbd53ba7bb69bfc1e0c7019e73f7e80433aef00da`
SHA3	`89976c460362b8067c4229e8997d956046696eb52c1f71ac5a069960870a8316`
SSDeep	`6144:IEbaWnBUCGJQo+ZZdK+l7WhUJKoCx79K2LDl+pVV5PlZRxEY1+1hc:IoCCEQ5ZdN7+kcK2L4VPPlf1Uc`
Imports Hash	`5f74a5c747508e2822fdb9b687deaf42`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2022-Dec-12 20:33:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa200`
SizeOfInitializedData	`0x96600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa5000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4190b7be9f5f4eb52c040a688e61a250`
SHA1	`ee3a1c75987c1b0e5e4ed015cbe0c92530bdad11`
SHA256	`7d92c29b88ce9a3c69a11f70fbc73e302f5d8d66766589406274d31e97ed920b`
SHA3	`0e04178fbb1a5d03ab267f800a38d342bb9f4a2bb6441604af8a9b52ecb4c4c6`
VirtualSize	`0xa140`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39724`

.rdata

MD5	`2a50a2d7c9a5b6e90214cead4ce14e14`
SHA1	`a831a05bb65728816d6b448aa056ee0b47179c00`
SHA256	`a02070eae6515ed5834fad4e9841127b880500f9b70ba410ed14bdd5dd162291`
SHA3	`e7a5c7bb5ea74e3f2798373c5e2a41fb95e70d77570f9e086d8e918b7e798c70`
VirtualSize	`0x8cce`
VirtualAddress	`0xc000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65323`

.data

MD5	`2e9924c581c86e57e2e2b0ac87e1aa45`
SHA1	`a1a176fc5c54e8c996a328e810c15c16cdb5b73d`
SHA256	`90b0d83be28bc06320f7b2ce10f056ecd17badc2e84e2b1533c0454096a1e5a0`
SHA3	`8c3bb6dfd1204e833639461f26a41ad45e7fa68dcdc97aa4908992d272dc2237`
VirtualSize	`0x1ce8`
VirtualAddress	`0x15000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.6801`

.pdata

MD5	`2717431295e555cdae3fb602e2bd957e`
SHA1	`408d09336a1192e50edb78d3e7795fbc547ac381`
SHA256	`d927fd3b2aebd7b714861d2fede4d4929f356363e518385fd3c95e3262524631`
SHA3	`bbf9f4f071095b27e2349d9a28e1c01b5066c00143b8c5f7a393d2267f8178a5`
VirtualSize	`0xc54`
VirtualAddress	`0x17000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.34687`

_RDATA

MD5	`1960efd573f3d23522c840210d59fb7e`
SHA1	`47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2`
SHA256	`ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4`
SHA3	`225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4`
VirtualSize	`0x94`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.08512`

.rsrc

MD5	`e46a8432e202f09e163bd1d415eb9b0f`
SHA1	`ac7ac278b58eb5f30f7af49abd569b09dc1ec190`
SHA256	`36077f35d399477389291fc98cc44744e772a1be7857efdcfebdaee7e2c8f535`
SHA3	`7f4a7fa684d44854181a1a0560dd703b58f5e2c85e6932d055f12f049415225a`
VirtualSize	`0x8a198`
VirtualAddress	`0x19000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.48659`

.reloc

MD5	`687aa942cda2e64adc67a829f1587240`
SHA1	`26058e365b4fef9cae39c529017700cd0ccfedb7`
SHA256	`e5b51406ab27a5065a374454ac72e242a50072d670957430f820af90f479b506`
SHA3	`8a51aae6ca0ea13d9513cba0336e2446957914c5ba6561a337c3afdf42f3c689`
VirtualSize	`0x638`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.79086`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x15004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x15000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.3705`
MD5	`01d73085235364978ec6cf0d348ae159`
SHA1	`c8061d58f388293953a1e824cbf5b6a819020240`
SHA256	`aed510e1dd26decbbb406f572984f4c6aae14d187d7591ac2e9ab34d57778321`
SHA3	`d2304d0166e451c6b06fb61d42cdc3d2b49434582b2e36dad8539d3eba8aa09f`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.43483`
MD5	`556a701d36c82b92f419725bb1a51ddb`
SHA1	`1ee2a7194be8320ac79f69b288f0e1934ddbf93c`
SHA256	`6f7378824e50b659551fb2631bf41e7a6658f3144f65a02c0f41922c3790e415`
SHA3	`882b8b2254755a83b9ded8613f18063e806999096021aa6d311789ac86135af3`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.54127`
MD5	`ba1d7a11da760f31203e94fa5f3a9b34`
SHA1	`1b5281592ba33a0c9169eb97d2bb9a75162c929e`
SHA256	`952decaf826924a210fc87158f405302f900f89e4a8806ebd51df98fa05eec25`
SHA3	`b2cfe1af8e84fa0a81b09ae9aa027c92da8a52ed9fa4c6ce825547cb2d1ceb97`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.6348`
MD5	`866a0605ed0c681a4e6b9919e4731a47`
SHA1	`b4b8bc36befeb105b604f07aaaf8006ea5c812b8`
SHA256	`6256731f1331df1469fe86452324aa6aecc77a5a4692bdd25d1bd20644a35d87`
SHA3	`f0bb84599e2c47685bd6ddc156763ee054f7c402da7c3f0a7b729b60af6f4b65`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.82746`
MD5	`a576bbf3fc92a2b2d0665c9894d2f940`
SHA1	`e81f80a60334b25a742d3360e42ac985b1bdf04c`
SHA256	`c69f21243a418c114baf37afa190db2824e8a5dfa959bb0651d4a2a8a174a650`
SHA3	`72f24e6b3df46fa4452490f8cb3a3cc45fc50738a29b2910d0e1bb046d3bfa16`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.96562`
MD5	`f07f2612b1208ed3b9068240c12b9961`
SHA1	`30f3d64014e79b8e00f5d3204f6c0792be09c31f`
SHA256	`77fa8ce864242db28390560bad69678a6e0829f346c7bcc59812084da1711c00`
SHA3	`9e9ce7c2b2cf09052b7dcf717dc3e4268a5237eb56feeaafb21dbb23061fea2c`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.2349`
MD5	`43a1b28eb5e315d2f7329296005f7804`
SHA1	`3edf9c1bc50d84431ba89143895007eef605d948`
SHA256	`9d1f607baf63e1fdcd2e5817abaf846549874c336f9962cdc819e56be0ae8187`
SHA3	`9425e961e8db2d5f4b1185bf871550711a2403cca1f2640fe3059e38fd6fcb6a`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.36425`
MD5	`a8f3ae84e37c0289dae2da0885541f49`
SHA1	`0eb1aa651a9d5bde9dd16242458a65c0e58ef2d5`
SHA256	`3e009ec80f333e59ab67eaea250b538daa60baef0bf2e6d0878c33b79613bb33`
SHA3	`01e80d776634a58ef89dc270250f06e79cf7d4c6c08857fcf5e3b2d0f9940d27`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.50673`
MD5	`537be36af70078b59bac2de764a2080e`
SHA1	`0576456b98fd38c1f10e994a6edc75b2c72ed3e1`
SHA256	`9177f3be640e0ea33fd13179ff694ecce45ff00aa9ebee653f9fca9ec2139a16`
SHA3	`47df6592be52008069ef8b304dcfb9aab4dbf30b6863bcdb70f27453b175a62e`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56571`
MD5	`8f91a1c87ec861f536ff8ec9ee475551`
SHA1	`d37b0264834abf0251b6bdd5979239525c3db0fe`
SHA256	`e653e4b49d16d7ccee7f513f08511acf175566846525cc7a9efdbac2fbd4fe6b`
SHA3	`30f2ccc1fa35e4f994acf216f66d0757135f4e36806d4615975c933966619b91`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2021.3.16.5719
ProductVersion	2021.3.16.5719
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2021.3.16.4200023
LegalCopyright	(c) 2022 Unity Technologies ApS. All rights reserved.
ProductVersion (#2)	2021.3.16f1 (4016570cf34f)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Dec-12 20:33:58
Version	`0.0`
SizeofData	`142`
AddressOfRawData	`0x13780`
PointerToRawData	`0x11d80`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_dev_m_ut_r\WindowsPlayer_player_Release_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Dec-12 20:33:58
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x13810`
PointerToRawData	`0x11e10`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Dec-12 20:33:58
Version	`0.0`
SizeofData	`712`
AddressOfRawData	`0x13824`
PointerToRawData	`0x11e24`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015030`

RICH Header

XOR Key	`0x735735a6`
Unmarked objects	`0`
C objects (VS2017 v14.15 compiler 26715)	`10`
ASM objects (VS2017 v14.15 compiler 26715)	`5`
C++ objects (VS2017 v14.15 compiler 26715)	`136`
Imports (VS2017 v14.15 compiler 26715)	`2`
C++ objects (VS 2015/2017/2019 runtime 29118)	`37`
C objects (VS 2015/2017/2019 runtime 29118)	`16`
ASM objects (VS 2015/2017/2019 runtime 29118)	`9`
Imports (VS2019 Update 8 (16.8.0-1) compiler 29333)	`3`
Total imports	`85`
C++ objects (VS2019 Update 8 (16.8.0-1) compiler 29333)	`3`
Exports (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`
Resource objects (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`
Linker (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`

e221f51b865018f394bfa0f0a99fa083

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors