Desktop[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Desktop.zip
Size

55.2MB
MD5

e993dce22ab7454fe5e98745737ef9db
SHA1

6e2e06c5707ce2b1f4e021075b46f37db969053f
SHA256

46844cde9676b0289d253d2c109911d4c7fc0f1e7878fae935129dd848ee0f11
SHA512

5ddb538b4e442a4550152af24d32d7518a7f5c63ee14528362b553940cadc9775d20d3f2db06a49de05356c4488105a66ece6824977ac44db347d035cca66a92
SSDEEP

1572864:F4mzJoeE6913cEE6T+KUTyltEsTjoKKWtEXdDWVPOrBpt4u/o:vzJpE8Rd7+2lSshKLDWg1ptY

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/Phasmophobia EULA (Ver 2).pdf	pdf_with_link_action

Files

Desktop.zip
.zip
GameAssembly.dll
.dll windows x64

cedb7c8d0328e5c981f3d8290526f1e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WakeAllConditionVariable
SleepConditionVariableCS
GetCurrentProcess
GetSystemTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
GetModuleHandleW
GetProcAddress
GetComputerNameW
GetStdHandle
CreateDirectoryW
CreateFileW
DeleteFileW
DeleteVolumeMountPointW
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetFileAttributesExW
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLogicalDrives
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
WriteFile
CloseHandle
DuplicateHandle
SetThreadErrorMode
CreatePipe
GetOverlappedResult
CancelIoEx
SetEvent
ResetEvent
CreateEventW
GetCurrentProcessId
GetNativeSystemInfo
FormatMessageW
CopyFileExW
MoveFileExW
ReplaceFileW
GetTimeZoneInformation
GetDynamicTimeZoneInformation
GetFileInformationByHandleEx
GetConsoleMode
GetLongPathNameW
GetTempPathW
GetModuleFileNameA
GetModuleFileNameW
WideCharToMultiByte
GetACP
GetLocaleInfoW
GetThreadLocale
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentDirectoryW
FindClose
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObjectEx
WaitForMultipleObjectsEx
Sleep
GetExitCodeProcess
SwitchToThread
OpenProcess
VirtualAlloc
VirtualQuery
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
InitializeConditionVariable
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureStackBackTrace
RaiseException
SetLastError
ReleaseSemaphore
ReleaseMutex
SleepEx
CreateMutexW
CreateSemaphoreW
QueueUserAPC
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
FreeLibrary
LoadLibraryW
GlobalAlloc
GlobalFree
SetFilePointer
SuspendThread
ResumeThread
GetThreadContext
VirtualFree
GetProcessHeap
GetCommandLineW
GetCommandLineA
SetStdHandle
HeapQueryInformation
HeapSize
GetOEMCP
QueryPerformanceFrequency
QueryPerformanceCounter
SetEnvironmentVariableW
GetEnvironmentVariableW
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
WriteConsoleW
IsValidLocale
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapReAlloc
HeapAlloc
HeapFree
ReadConsoleW
GetConsoleOutputCP
GetModuleHandleExW
ExitProcess
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLastError
TlsFree
TlsSetValue
RtlUnwindEx
TerminateProcess
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
InitializeCriticalSectionEx
RtlPcToFileHeader
TlsGetValue
K32GetProcessImageFileNameW
TlsAlloc

user32

MessageBoxA

advapi32

GetUserNameW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom

ole32

CoInitializeEx
CoGetContextToken
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

oleaut32

SafeArrayGetVartype
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreate
SafeArrayUnaccessData
SysStringLen
SysFreeString
SysAllocStringLen

shell32

SHGetKnownFolderPath
SHGetFolderPathW

ws2_32

inet_ntop
inet_pton
getnameinfo
freeaddrinfo
getaddrinfo
WSAPoll
WSASend
WSARecv
socket
shutdown
setsockopt
WSAStartup
gethostname
recvfrom
ntohs
ntohl
listen
inet_ntoa
inet_addr
htons
htonl
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
select
send
gethostbyaddr
WSAIoctl
WSAGetLastError

iphlpapi

GetIfEntry
GetAdaptersAddresses
GetNetworkParams

dbghelp

SymInitialize
SymFromAddr

baselib

?Baselib_Thread_YieldExecution@il2cpp_baselib@@YAXXZ
?Baselib_SystemSemaphore_TryTimedAcquire@il2cpp_baselib@@YA_NUBaselib_SystemSemaphore_Handle@1@I@Z
?Baselib_SystemSemaphore_TryAcquire@il2cpp_baselib@@YA_NUBaselib_SystemSemaphore_Handle@1@@Z
?Baselib_DynamicLibrary_Close@il2cpp_baselib@@YAXUBaselib_DynamicLibrary_Handle@1@@Z
?Baselib_DynamicLibrary_GetFunction@il2cpp_baselib@@YAPEAXUBaselib_DynamicLibrary_Handle@1@PEBDPEAUBaselib_ErrorState@1@@Z
?Baselib_DynamicLibrary_OpenUtf16@il2cpp_baselib@@YA?AUBaselib_DynamicLibrary_Handle@1@PEBGPEAUBaselib_ErrorState@1@@Z
?Baselib_ErrorState_Explain@il2cpp_baselib@@YAIPEBUBaselib_ErrorState@1@QEADIW4Baselib_ErrorState_ExplainVerbosity@1@@Z
?Baselib_SystemSemaphore_Release@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@I@Z
?Baselib_Thread_GetCurrentThreadId@il2cpp_baselib@@YA_JXZ
?Baselib_SystemSemaphore_FreeInplace@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@@Z
?Baselib_DynamicLibrary_FromNativeHandle@il2cpp_baselib@@YA?AUBaselib_DynamicLibrary_Handle@1@_KIPEAUBaselib_ErrorState@1@@Z
?Baselib_SystemSemaphore_Acquire@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@@Z
?Baselib_SystemSemaphore_CreateInplace@il2cpp_baselib@@YA?AUBaselib_SystemSemaphore_Handle@1@PEAX@Z

Exports

Exports

BrotliDecoderCreateInstance
BrotliDecoderDecompress
BrotliDecoderDecompressStream
BrotliDecoderDestroyInstance
BrotliDecoderIsFinished
BrotliEncoderCompress
BrotliEncoderCompressStream
BrotliEncoderCreateInstance
BrotliEncoderDestroyInstance
BrotliEncoderHasMoreOutput
BrotliEncoderSetParameter
CloseZStream
CreateZStream
DllCanUnloadNow
DllGetActivationFactory
Flush
ReadZStream
WriteZStream
il2cpp_add_internal_call
il2cpp_alloc
il2cpp_allocation_granularity
il2cpp_array_class_get
il2cpp_array_element_size
il2cpp_array_get_byte_length
il2cpp_array_length
il2cpp_array_new
il2cpp_array_new_full
il2cpp_array_new_specific
il2cpp_array_object_header_size
il2cpp_assembly_get_image
il2cpp_bounded_array_class_get
il2cpp_capture_memory_snapshot
il2cpp_class_array_element_size
il2cpp_class_enum_basetype
il2cpp_class_for_each
il2cpp_class_from_il2cpp_type
il2cpp_class_from_name
il2cpp_class_from_system_type
il2cpp_class_from_type
il2cpp_class_get_assemblyname
il2cpp_class_get_bitmap
il2cpp_class_get_bitmap_size
il2cpp_class_get_data_size
il2cpp_class_get_declaring_type
il2cpp_class_get_element_class
il2cpp_class_get_events
il2cpp_class_get_field_from_name
il2cpp_class_get_fields
il2cpp_class_get_flags
il2cpp_class_get_image
il2cpp_class_get_interfaces
il2cpp_class_get_method_from_name
il2cpp_class_get_methods
il2cpp_class_get_name
il2cpp_class_get_namespace
il2cpp_class_get_nested_types
il2cpp_class_get_parent
il2cpp_class_get_properties
il2cpp_class_get_property_from_name
il2cpp_class_get_rank
il2cpp_class_get_static_field_data
il2cpp_class_get_type
il2cpp_class_get_type_token
il2cpp_class_get_userdata_offset
il2cpp_class_has_attribute
il2cpp_class_has_parent
il2cpp_class_has_references
il2cpp_class_instance_size
il2cpp_class_is_abstract
il2cpp_class_is_assignable_from
il2cpp_class_is_blittable
il2cpp_class_is_enum
il2cpp_class_is_generic
il2cpp_class_is_inflated
il2cpp_class_is_interface
il2cpp_class_is_subclass_of
il2cpp_class_is_valuetype
il2cpp_class_num_fields
il2cpp_class_set_userdata
il2cpp_class_value_size
il2cpp_current_thread_get_frame_at
il2cpp_current_thread_get_stack_depth
il2cpp_current_thread_get_top_frame
il2cpp_current_thread_walk_frame_stack
il2cpp_custom_attrs_construct
il2cpp_custom_attrs_free
il2cpp_custom_attrs_from_class
il2cpp_custom_attrs_from_method
il2cpp_custom_attrs_get_attr
il2cpp_custom_attrs_has_attr
il2cpp_debug_get_method_info
il2cpp_debugger_set_agent_options
il2cpp_domain_assembly_open
il2cpp_domain_get
il2cpp_domain_get_assemblies
il2cpp_exception_from_name_msg
il2cpp_field_get_flags
il2cpp_field_get_name
il2cpp_field_get_offset
il2cpp_field_get_parent
il2cpp_field_get_type
il2cpp_field_get_value
il2cpp_field_get_value_object
il2cpp_field_has_attribute
il2cpp_field_is_literal
il2cpp_field_set_value
il2cpp_field_set_value_object
il2cpp_field_static_get_value
il2cpp_field_static_set_value
il2cpp_format_exception
il2cpp_format_stack_trace
il2cpp_free
il2cpp_free_captured_memory_snapshot
il2cpp_gc_alloc_fixed
il2cpp_gc_collect
il2cpp_gc_collect_a_little
il2cpp_gc_disable
il2cpp_gc_enable
il2cpp_gc_foreach_heap
il2cpp_gc_free_fixed
il2cpp_gc_get_heap_size
il2cpp_gc_get_max_time_slice_ns
il2cpp_gc_get_used_size
il2cpp_gc_has_strict_wbarriers
il2cpp_gc_is_disabled
il2cpp_gc_is_incremental
il2cpp_gc_set_external_allocation_tracker
il2cpp_gc_set_external_wbarrier_tracker
il2cpp_gc_set_max_time_slice_ns
il2cpp_gc_set_mode
il2cpp_gc_start_incremental_collection
il2cpp_gc_wbarrier_set_field
il2cpp_gchandle_foreach_get_target
il2cpp_gchandle_free
il2cpp_gchandle_get_target
il2cpp_gchandle_new
il2cpp_gchandle_new_weakref
il2cpp_get_corlib
il2cpp_get_exception_argument_null
il2cpp_image_get_assembly
il2cpp_image_get_class
il2cpp_image_get_class_count
il2cpp_image_get_entry_point
il2cpp_image_get_filename
il2cpp_image_get_name
il2cpp_init
il2cpp_init_utf16
il2cpp_is_debugger_attached
il2cpp_is_vm_thread
il2cpp_method_get_class
il2cpp_method_get_declaring_type
il2cpp_method_get_flags
il2cpp_method_get_from_reflection
il2cpp_method_get_name
il2cpp_method_get_object
il2cpp_method_get_param
il2cpp_method_get_param_count
il2cpp_method_get_param_name
il2cpp_method_get_return_type
il2cpp_method_get_token
il2cpp_method_has_attribute
il2cpp_method_is_generic
il2cpp_method_is_inflated
il2cpp_method_is_instance
il2cpp_monitor_enter
il2cpp_monitor_exit
il2cpp_monitor_pulse
il2cpp_monitor_pulse_all
il2cpp_monitor_try_enter
il2cpp_monitor_try_wait
il2cpp_monitor_wait
il2cpp_native_stack_trace
il2cpp_object_get_class
il2cpp_object_get_size
il2cpp_object_get_virtual_method
il2cpp_object_header_size
il2cpp_object_new
il2cpp_object_unbox
il2cpp_offset_of_array_bounds_in_array_object_header
il2cpp_offset_of_array_length_in_array_object_header
il2cpp_override_stack_backtrace
il2cpp_profiler_install
il2cpp_profiler_install_allocation
il2cpp_profiler_install_enter_leave
il2cpp_profiler_install_fileio
il2cpp_profiler_install_gc
il2cpp_profiler_install_thread
il2cpp_profiler_set_events
il2cpp_property_get_flags
il2cpp_property_get_get_method
il2cpp_property_get_name
il2cpp_property_get_parent
il2cpp_property_get_set_method
il2cpp_raise_exception
il2cpp_register_debugger_agent_transport
il2cpp_register_log_callback
il2cpp_resolve_icall
il2cpp_runtime_class_init
il2cpp_runtime_invoke
il2cpp_runtime_invoke_convert_args
il2cpp_runtime_object_init
il2cpp_runtime_object_init_exception
il2cpp_runtime_unhandled_exception_policy_set
il2cpp_set_commandline_arguments
il2cpp_set_commandline_arguments_utf16
il2cpp_set_config
il2cpp_set_config_dir
il2cpp_set_config_utf16
il2cpp_set_data_dir
il2cpp_set_default_thread_affinity
il2cpp_set_find_plugin_callback
il2cpp_set_memory_callbacks
il2cpp_set_temp_dir
il2cpp_shutdown
il2cpp_start_gc_world
il2cpp_stats_dump_to_file
il2cpp_stats_get_value
il2cpp_stop_gc_world
il2cpp_string_chars
il2cpp_string_intern
il2cpp_string_is_interned
il2cpp_string_length
il2cpp_string_new
il2cpp_string_new_len
il2cpp_string_new_utf16
il2cpp_string_new_wrapper
il2cpp_thread_attach
il2cpp_thread_current
il2cpp_thread_detach
il2cpp_thread_get_all_attached_threads
il2cpp_thread_get_frame_at
il2cpp_thread_get_stack_depth
il2cpp_thread_get_top_frame
il2cpp_thread_walk_frame_stack
il2cpp_type_equals
il2cpp_type_get_assembly_qualified_name
il2cpp_type_get_attrs
il2cpp_type_get_class_or_element_class
il2cpp_type_get_name
il2cpp_type_get_name_chunked
il2cpp_type_get_object
il2cpp_type_get_type
il2cpp_type_is_byref
il2cpp_type_is_pointer_type
il2cpp_type_is_static
il2cpp_unhandled_exception
il2cpp_unity_install_unitytls_interface
il2cpp_unity_liveness_allocate_struct
il2cpp_unity_liveness_calculation_from_root
il2cpp_unity_liveness_calculation_from_statics
il2cpp_unity_liveness_finalize
il2cpp_unity_liveness_free_struct
il2cpp_value_box
jinfo_get_method
mini_get_interp_callbacks
mini_jit_info_table_find
mono_arch_clear_breakpoint
mono_arch_context_get_int_reg
mono_arch_context_set_int_reg
mono_arch_set_breakpoint
mono_arch_setup_resume_sighandler_ctx
mono_arch_skip_breakpoint
mono_arch_skip_single_step
mono_arch_start_single_stepping
mono_arch_stop_single_stepping
mono_array_element_size
mono_array_length
mono_assembly_get_image
mono_class_from_mono_type
mono_class_get_byref_type
mono_class_get_context
mono_class_get_element_class
mono_class_get_fields
mono_class_get_flags
mono_class_get_image
mono_class_get_interfaces
mono_class_get_method_from_name
mono_class_get_methods
mono_class_get_name
mono_class_get_namespace
mono_class_get_nested_types
mono_class_get_parent
mono_class_get_properties
mono_class_get_rank
mono_class_get_type
mono_class_get_type_token
mono_class_instance_size
mono_class_is_assignable_from
mono_class_is_enum
mono_class_is_valuetype
mono_class_num_fields
mono_class_num_methods
mono_class_num_properties
mono_class_value_size
mono_class_vtable
mono_debug_find_method
mono_debug_free_locals
mono_debug_il_offset_from_address
mono_debug_lookup_locals
mono_domain_foreach
mono_domain_get
mono_domain_get_assemblies_iter
mono_domain_get_corlib
mono_domain_set
mono_environment_exitcode_get
mono_environment_exitcode_set
mono_field_get_name
mono_field_get_offset
mono_field_get_parent
mono_field_get_type
mono_field_set_value
mono_field_static_set_value
mono_find_prev_seq_point_for_native_offset
mono_free_method_signatures
mono_gc_register_root
mono_gchandle_free
mono_gchandle_get_target
mono_gchandle_new_weakref
mono_get_lmf_addr
mono_get_root_domain
mono_get_runtime_build_info
mono_get_string_class
mono_image_get_assembly
mono_image_get_entry_point
mono_image_get_filename
mono_image_get_guid
mono_image_get_name
mono_image_is_dynamic
mono_jit_find_compiled_method_with_jit_info
mono_jit_info_get_method
mono_jit_info_table_find
mono_marshal_method_from_wrapper
mono_metadata_free_mh
mono_method_full_name
mono_method_get_class
mono_method_get_context
mono_method_get_declaring_generic_method
mono_method_get_flags
mono_method_get_generic_container
mono_method_get_header_checked
mono_method_get_name
mono_method_get_param_names
mono_method_get_token
mono_method_is_generic
mono_method_is_inflated
mono_method_signature
mono_object_get_class
mono_object_get_type
mono_object_get_virtual_method
mono_object_hash
mono_object_unbox
mono_property_get_get_method
mono_property_get_name
mono_property_get_parent
mono_property_get_set_method
mono_restore_context
mono_runtime_is_shutting_down
mono_runtime_quit
mono_set_is_debugger_attached
mono_set_lmf
mono_string_chars
mono_string_length
mono_string_new
mono_string_to_utf8_checked
mono_thread_attach
mono_thread_current
mono_thread_detach
mono_thread_get_main
mono_thread_state_init_from_current
mono_thread_state_init_from_monoctx
mono_thread_suspend_all_other_threads
mono_type_full_name
mono_type_generic_inst_is_valuetype
mono_type_get_attrs
mono_type_get_class
mono_type_get_name_full
mono_type_get_type
mono_type_is_byref
mono_type_is_reference
mono_type_is_struct

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

il2cpp
Size: 65.2MB - Virtual size: 65.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.9MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Launcher.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4b:f7:85:d7:f3:b3:b3:b3:e7:a6:92:77:8e:0d:ca:33:3f:6f:f4:4f
Certificate

Issuer

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Not Before

29-10-2020 16:31

Not After

29-11-2020 16:31

Subject

CN=OnlineFix,OU=OnlineFix,O=OnlineFix,L=OnlineFix,ST=OnlineFix,C=DE,1.2.840.113549.1.9.1=#0c166f6e6c696e65666978406f6e6c696e656669782e6d65

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e6
Certificate

Issuer

CN=Ascertia Root CA 2,O=Ascertia,C=GB

Not Before

21-04-2009 12:15

Not After

14-04-2028 23:59

Subject

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:48:bc:7e:cc:b2:b9:d0:c3:4c:02:40:08:f7:e6:b5:7e:7d:b1:70:fe:b6:81:1d:02:29:7b:80:7d:c1:1b:a2
Signer

Actual PE Digest

c0:48:bc:7e:cc:b2:b9:d0:c3:4c:02:40:08:f7:e6:b5:7e:7d:b1:70:fe:b6:81:1d:02:29:7b:80:7d:c1:1b:a2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OnlineFix,OU=OnlineFix,O=OnlineFix,L=OnlineFix,ST=OnlineFix,C=DE,1.2.840.113549.1.9.1=#0c166f6e6c696e65666978406f6e6c696e656669782e6d65

29-10-2020 16:32
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.of0
Size: - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.of1
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OnlineFix.ini
OnlineFix.json
OnlineFix.url
.url
OnlineFix64.dll
.dll windows x64

cf6e405258c3ddfda368fcfc399290b8

Code Sign

3d:78:81:50:95:64:b4:f4:2f:20:de:49:b7:42:21:6d:f9:5f:15:f0
Certificate

Issuer

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Not Before

12-08-2020 15:02

Not After

12-09-2020 15:02

Subject

CN=OnlineFix,OU=OnlineFix,O=OnlineFix,L=OnlineFix,ST=OnlineFix,C=UK,1.2.840.113549.1.9.1=#0c166f6e6c696e65666978406f6e6c696e656669782e6d65

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e6
Certificate

Issuer

CN=Ascertia Root CA 2,O=Ascertia,C=GB

Not Before

21-04-2009 12:15

Not After

14-04-2028 23:59

Subject

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:68:78:62:72:af:26:30:0a:10:4f:6e:39:2f:73:40:6a:6d:ce:69:f2:96:c3:d9:f2:b6:2f:9a:d1:60:3e:0b
Signer

Actual PE Digest

40:68:78:62:72:af:26:30:0a:10:4f:6e:39:2f:73:40:6a:6d:ce:69:f2:96:c3:d9:f2:b6:2f:9a:d1:60:3e:0b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OnlineFix,OU=OnlineFix,O=OnlineFix,L=OnlineFix,ST=OnlineFix,C=UK,1.2.840.113549.1.9.1=#0c166f6e6c696e65666978406f6e6c696e656669782e6d65

31-08-2020 21:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

shell32

ord680

ws2_32

ioctlsocket

wldap32

ord143

advapi32

RegisterEventSourceW

dbghelp

ImageDirectoryEntryToData

Exports

Exports

Breakpad_SteamMiniDumpInit
Breakpad_SteamSetAppID
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateInterface
OnlineFix
ShellExecuteA
ShellExecuteW
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_ReleaseThreadLocalMemory
Steam_ReleaseUser
Steam_SetLocalIPBinding
Steam_TerminateGameConnection
hid_close
hid_enumerate
hid_error
hid_exit
hid_free_enumeration
hid_get_feature_report
hid_get_indexed_string
hid_get_manufacturer_string
hid_get_product_string
hid_get_serial_number_string
hid_init
hid_open
hid_open_path
hid_read
hid_read_timeout
hid_send_feature_report
hid_set_nonblocking
hid_write
hid_write_output_report

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.of0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.of1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Phasmophobia EULA (Ver 2).pdf
.pdf
Phasmophobia.exe
.exe windows x64

5f74a5c747508e2822fdb9b687deaf42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

unityplayer

UnityMain

kernel32

WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
CloseHandle
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotonBridge.dll
.dll windows x64

071d0ff82630599e548715b81622ce84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Process32First
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxW

shell32

ShellExecuteA

Exports

Exports

OnlineFix

Sections

.text
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.of0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.of1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.of2
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDKVersion.txt
SteamOverlay64.dll
.dll windows x64

84c05da171a1008428be3b3075bdedd7

Code Sign

d5:4f:27:86:74:e8:2f:65:b0:ba:31:5a:3c:bc:24:7a:3d:f1:a5
Certificate

Issuer

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Not Before

16-09-2019 13:49

Not After

16-10-2019 13:49

Subject

CN=OnlineFix,OU=OnlineFix,O=OnlineFix,L=OnlineFix,ST=OnlineFix,C=UK,1.2.840.113549.1.9.1=#0c146f6e6c696e65666978406f6e6c696e652e666978

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e6
Certificate

Issuer

CN=Ascertia Root CA 2,O=Ascertia,C=GB

Not Before

21-04-2009 12:15

Not After

14-04-2028 23:59

Subject

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:74:03:ba:53:0a:71:14:de:20:59:8f:3e:b9:ca:b5:1d:b1:58:60:8b:7c:62:b0:b5:c6:e2:31:a0:ed:ad:2f
Signer

Actual PE Digest

e1:74:03:ba:53:0a:71:14:de:20:59:8f:3e:b9:ca:b5:1d:b1:58:60:8b:7c:62:b0:b5:c6:e2:31:a0:ed:ad:2f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OnlineFix,OU=OnlineFix,O=OnlineFix,L=OnlineFix,ST=OnlineFix,C=UK,1.2.840.113549.1.9.1=#0c146f6e6c696e65666978406f6e6c696e652e666978

16-09-2019 17:23
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteConsoleW
LoadLibraryA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

OnlineFix

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UnityCrashHandler64.exe
.exe windows x64

5c64b8e3c52925909413e148f250e94c

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:7c:5a:5e:06:2a:bd:ba:fc:be:1e:c6:3d:4c:30:52
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-07-2021 00:00

Not After

18-07-2024 23:59

Subject

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f5:e8:08:00:39:96:82:1e:73:19:41:42:01:f5:ab:72:c9:71:d3:8a
Signer

Actual PE Digest

f5:e8:08:00:39:96:82:1e:73:19:41:42:01:f5:ab:72:c9:71:d3:8a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

09-02-2023 18:34
Valid: true

Chain 1

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

SetForegroundWindow
SetWindowTextW
InflateRect
UnionRect
SetWindowPos
LookupIconIdFromDirectoryEx
GetDlgItem
SendMessageW
SendDlgItemMessageA
GetWindowLongA
OffsetRect
AdjustWindowRect
EndDialog
CreateIconFromResourceEx
DialogBoxParamA
LoadImageA
GetIconInfo

kernel32

InterlockedPopEntrySList
DuplicateHandle
VirtualProtect
GetVersionExW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapQueryInformation
HeapSize
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapFree
HeapAlloc
FreeLibraryAndExitThread
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
GetFileType
SetStdHandle
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
WaitForSingleObjectEx
CloseHandle
RaiseException
GetLastError
GetCurrentThread
OpenThread
GetThreadTimes
GetModuleHandleA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
SwitchToThread
CreateThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
SuspendThread
ResumeThread
TlsGetValue
TlsSetValue
GetThreadContext
SetLastError
CreateEventW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindFirstFileExW
QueryDepthSList
FlushFileBuffers
GetFileAttributesA
GetFileAttributesW
ReadFile
SetFilePointerEx
WriteFile
GetEnvironmentVariableA
GetCurrentDirectoryA
OutputDebugStringA
GetSystemTime
ReadProcessMemory
VerSetConditionMask
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleHandleW
WaitForSingleObject
LocalFree
FormatMessageW
VerifyVersionInfoW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetStdHandle
GetFileSize
GetTempPathW
SetEvent
Sleep
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetProcessId
GetThreadId
OpenProcess
CopyFileExW
AllocConsole
SetErrorMode
GetCommandLineW
InitializeCriticalSection
CreateEventA
TerminateThread
GetExitCodeThread
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceA
EnumResourceNamesA
GetFileSizeEx
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
TlsAlloc
TlsFree
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
GetCPInfo
DecodePointer
EncodePointer
GetStringTypeW
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
UnregisterWaitEx
ResetEvent
FindNextFileW
WaitForMultipleObjectsEx

dbghelp

SymRegisterFunctionEntryCallback64
SymLoadModuleEx

shell32

CommandLineToArgvW
SHCreateDirectoryExW

ole32

CoCreateGuid
CoTaskMemFree
CoInitializeEx

psapi

GetModuleFileNameExW

advapi32

GetUserNameA

wininet

InternetOpenA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA

gdi32

GetObjectA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 530KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UnityPlayer.dll
.dll windows x64

c78ef9616df81fc5b735ce9cdb7ead26

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:7c:5a:5e:06:2a:bd:ba:fc:be:1e:c6:3d:4c:30:52
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-07-2021 00:00

Not After

18-07-2024 23:59

Subject

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5d:80:19:3e:60:b6:1c:15:74:4c:b2:a8:8e:9e:7b:71:99:03:e2:ce
Signer

Actual PE Digest

5d:80:19:3e:60:b6:1c:15:74:4c:b2:a8:8e:9e:7b:71:99:03:e2:ce

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

09-02-2023 18:34
Valid: true

Chain 1

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileW
GetFileAttributesW
GetTempFileNameW
GlobalAlloc
GlobalUnlock
GlobalLock
GetSystemTime
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFullPathNameW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SuspendThread
ResumeThread
LocalFree
CopyFileW
MoveFileExW
ReplaceFileW
SystemTimeToFileTime
Thread32First
Thread32Next
CreateMutexA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetEnvironmentVariableA
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
DebugBreak
SetUnhandledExceptionFilter
GetErrorMode
GetThreadContext
ReadProcessMemory
GetModuleFileNameA
LocalAlloc
GetOverlappedResult
CancelIo
ResetEvent
FormatMessageA
GetWindowsDirectoryW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateIoCompletionPort
GetQueuedCompletionStatus
DeleteCriticalSection
AttachConsole
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
ReleaseSemaphore
GetLocalTime
GetTimeZoneInformation
GetFileSizeEx
IsDebuggerPresent
CreateSemaphoreExW
TlsAlloc
TlsFree
GetNativeSystemInfo
VirtualQuery
GetFileSize
GetStdHandle
GetEnvironmentVariableW
VerifyVersionInfoW
SetThreadAffinityMask
VerSetConditionMask
SetConsoleCtrlHandler
GetStartupInfoA
TerminateProcess
GetCurrentProcess
WaitForSingleObject
SetLastError
GlobalMemoryStatusEx
GetThreadPriority
GetUserDefaultLocaleName
GetCurrentThreadId
CreateThread
SwitchToThread
GetModuleHandleA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetTimeFormatW
GetDateFormatW
GetProcessHeap
HeapAlloc
HeapFree
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetConsoleCP
ExitProcess
HeapQueryInformation
HeapSize
HeapReAlloc
RtlUnwind
RtlPcToFileHeader
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
DuplicateHandle
GetVersionExW
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
GetTickCount
GetSystemDirectoryW
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetFileType
GetModuleHandleExW
CreateWaitableTimerA
OpenEventA
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ExitThread
SetErrorMode
GetThreadTimes
OpenThread
GetCurrentThread
RaiseException
CreateWaitableTimerExW
SetWaitableTimer
SleepEx
GetSystemPowerStatus
GetComputerNameW
GetModuleFileNameW
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
GetProcessId
CreateProcessW
GetExitCodeProcess
WaitForMultipleObjects
CreateEventW
CreatePipe
OutputDebugStringA
CreateToolhelp32Snapshot
WriteConsoleW
LoadLibraryExW
TlsGetValue
CreateEventExW
K32GetProcessMemoryInfo
GetTempPathW
WriteFile
FlushFileBuffers
CreateFileA
GetCommandLineW
GetLogicalProcessorInformationEx
SetThreadPriority
GetSystemDirectoryA
WaitForMultipleObjectsEx
QueryPerformanceFrequency
GetModuleHandleW
QueryPerformanceCounter
CloseHandle
Sleep
CreateEventA
WaitForSingleObjectEx
SetEvent
FormatMessageW
SetHandleInformation
SetDllDirectoryW
LoadLibraryW
GetLastError
WideCharToMultiByte
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcessId
MultiByteToWideChar
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
TlsSetValue

user32

GetCaretBlinkTime
SetTimer
MsgWaitForMultipleObjects
PeekMessageA
GetDoubleClickTime
KillTimer
MessageBoxA
GetMessageA
SendMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
UnregisterClassW
GetUserObjectInformationW
GetProcessWindowStation
CreateWindowExW
SetDlgItemTextA
SetDlgItemTextW
SendDlgItemMessageW
CopyRect
OffsetRect
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
LoadIconA
MessageBoxW
EnumDisplaySettingsW
LoadIconW
SetWindowLongA
AdjustWindowRectEx
GetWindowPlacement
GetDC
EnumDisplaySettingsA
GetRawInputDeviceList
RegisterRawInputDevices
GetRawInputBuffer
GetRawInputDeviceInfoW
GetRawInputData
SystemParametersInfoW
GetWindowLongA
PtInRect
ScreenToClient
GetCursorPos
GetSystemMetrics
IsWindowVisible
IsIconic
SetFocus
GetActiveWindow
GetFocus
DragDetect
ValidateRect
SetWindowTextW
GetClientRect
GetWindowRect
ShowCursor
SetCursorPos
ClientToScreen
ClipCursor
GetWindowLongPtrW
SetWindowLongPtrA
SetWindowLongPtrW
GetParent
EnumDisplayDevicesA
MonitorFromRect
MonitorFromWindow
GetMonitorInfoA
GetMonitorInfoW
EnumDisplayMonitors
UpdateWindow
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
GetDesktopWindow
ReleaseDC
AllowSetForegroundWindow
TrackMouseEvent
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
SetCursor
LoadCursorA
DestroyCursor
DestroyIcon
LoadImageW
GetThreadDesktop
GetUserObjectInformationA
RegisterWindowMessageA
SendMessageTimeoutA
SetForegroundWindow
EnumWindows
RegisterClassExW
DialogBoxParamW
ReleaseCapture
SetCapture
MapVirtualKeyExA
MapVirtualKeyW
MapVirtualKeyA
ToUnicode
GetKeyNameTextW
GetAsyncKeyState
GetKeyState
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetMessageExtraInfo
DispatchMessageA
TranslateMessage
GetKeyboardLayout
GetKeyboardLayoutNameW
EndDialog

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ole32

CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateFreeThreadedMarshaler
PropVariantCopy
CoCreateInstance
PropVariantClear

shlwapi

PathCanonicalizeW
SHDeleteKeyW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo

advapi32

CryptAcquireContextA
GetUserNameA
GetTokenInformation
GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExW
RegDeleteValueA
RegCreateKeyW
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
DeregisterEventSource
RegisterEventSourceW
CryptEnumProvidersW

gdi32

GetDeviceCaps
SetPixelFormat
SwapBuffers
ChoosePixelFormat

shell32

SHFileOperationW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

opengl32

wglCreateContext
wglMakeCurrent
wglGetCurrentDC
wglDeleteContext
wglGetProcAddress
wglGetCurrentContext

winmm

waveInStart
waveOutGetDevCapsW
waveOutGetDevCapsA
waveOutGetNumDevs
timeGetTime
waveOutPrepareHeader
timeBeginPeriod
timeEndPeriod
waveInReset
waveOutWrite
waveOutReset
waveOutGetPosition
waveInGetNumDevs
waveInGetDevCapsA
waveInGetDevCapsW
waveInOpen
waveInClose
waveInPrepareHeader
waveOutUnprepareHeader
waveOutClose
waveInUnprepareHeader
waveInAddBuffer
waveOutOpen

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit
SysFreeString

imm32

ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetConversionStatus
ImmNotifyIME
ImmGetContext

winhttp

WinHttpGetIEProxyConfigForCurrentUser

bcrypt

BCryptGenRandom

hid

HidP_SetUsageValue
HidP_SetUsages
HidP_GetData
HidP_MaxDataListLength
HidP_GetValueCaps
HidP_GetButtonCaps
HidP_GetCaps
HidD_GetHidGuid
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetAttributes

crypt32

CertAddEncodedCertificateToStore
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

ws2_32

WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
gethostname
socket
shutdown
setsockopt
sendto
send
select
WSASocketA
recv
ntohs
listen
inet_addr
htons
htonl
getsockname
ioctlsocket
closesocket
bind
accept
__WSAFDIsSet
getaddrinfo
freeaddrinfo
getnameinfo
ntohl
getpeername
gethostbyname
getprotobyname
WSARecvFrom
getsockopt
WSACloseEvent
WSACreateEvent
WSASocketW
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAIoctl
WSAEventSelect
WSAResetEvent
WSASetEvent
gethostbyaddr
WSASendDisconnect
WSAAsyncGetHostByName
WSACancelAsyncRequest
recvfrom
connect

dwmapi

DwmGetWindowAttribute

Exports

Exports

UnityMain

Sections

.text
Size: 22.6MB - Virtual size: 22.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 408KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
baselib.dll
.dll windows x64

0cd66d5908e9ad864cdc5a032a7889e5

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:7c:5a:5e:06:2a:bd:ba:fc:be:1e:c6:3d:4c:30:52
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-07-2021 00:00

Not After

18-07-2024 23:59

Subject

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

23:e7:78:9d:82:bc:0c:30:07:0a:67:0a:76:d6:46:77:f4:80:69:be
Signer

Actual PE Digest

23:e7:78:9d:82:bc:0c:30:07:0a:67:0a:76:d6:46:77:f4:80:69:be

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

09-02-2023 18:34
Valid: true

Chain 1

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

accept
WSAWaitForMultipleEvents
WSASocketW
WSAIoctl
WSACreateEvent
WSACloseEvent
WSAGetLastError
shutdown
setsockopt
sendto
send
select
recvfrom
recv
listen
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
__WSAFDIsSet

kernel32

IsProcessorFeaturePresent
WriteConsoleW
GetStringTypeW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapQueryInformation
RaiseException
GetLastError
CreateFileW
FlushFileBuffers
GetFileAttributesW
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
IsDebuggerPresent
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
CreateSemaphoreExW
SwitchToThread
CreateThread
GetCurrentThreadId
ResumeThread
TlsAlloc
TlsFree
GetThreadId
GetNativeSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
FormatMessageW
Sleep
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetTickCount
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
TerminateProcess
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualProtect
DuplicateHandle
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
HeapSize
RtlUnwindEx
RtlPcToFileHeader
GetModuleHandleExW
ExitProcess
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
HeapReAlloc

Exports

Exports

??0AbortShim@il2cpp_baselib@@QEAA@P6A_NW4Baselib_ErrorCode@1@PEAX@Z1@Z
??0Thread@il2cpp_baselib@baselib@@QEAA@$$QEAV012@@Z
??0Thread@il2cpp_baselib@baselib@@QEAA@XZ
??1Thread@il2cpp_baselib@baselib@@QEAA@XZ
??4AbortShim@il2cpp_baselib@@QEAAAEAV01@$$QEAV01@@Z
??4AbortShim@il2cpp_baselib@@QEAAAEAV01@AEBV01@@Z
??4Thread@il2cpp_baselib@baselib@@QEAAAEAV012@$$QEAV012@@Z
??6il2cpp_baselib@@YAAEAVomemstream@0@AEAV10@AEBW4Baselib_ErrorCode@0@@Z
?Baselib_Debug_IsDebuggerAttached@il2cpp_baselib@@YA_NXZ
?Baselib_DynamicLibrary_Close@il2cpp_baselib@@YAXUBaselib_DynamicLibrary_Handle@1@@Z
?Baselib_DynamicLibrary_FromNativeHandle@il2cpp_baselib@@YA?AUBaselib_DynamicLibrary_Handle@1@_KIPEAUBaselib_ErrorState@1@@Z
?Baselib_DynamicLibrary_GetFunction@il2cpp_baselib@@YAPEAXUBaselib_DynamicLibrary_Handle@1@PEBDPEAUBaselib_ErrorState@1@@Z
?Baselib_DynamicLibrary_OpenProgramHandle@il2cpp_baselib@@YA?AUBaselib_DynamicLibrary_Handle@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_DynamicLibrary_OpenUtf16@il2cpp_baselib@@YA?AUBaselib_DynamicLibrary_Handle@1@PEBGPEAUBaselib_ErrorState@1@@Z
?Baselib_DynamicLibrary_OpenUtf8@il2cpp_baselib@@YA?AUBaselib_DynamicLibrary_Handle@1@PEBDPEAUBaselib_ErrorState@1@@Z
?Baselib_ErrorState_Explain@il2cpp_baselib@@YAIPEBUBaselib_ErrorState@1@QEADIW4Baselib_ErrorState_ExplainVerbosity@1@@Z
?Baselib_ErrorState_FormatAndStoreExtraInformation@il2cpp_baselib@@YA_KPEBDPEAD@Z
?Baselib_FileIO_AsyncClose@il2cpp_baselib@@YAXUBaselib_FileIO_AsyncFile@1@@Z
?Baselib_FileIO_AsyncOpen@il2cpp_baselib@@YA?AUBaselib_FileIO_AsyncFile@1@UBaselib_FileIO_EventQueue@1@PEBD_KW4Baselib_FileIO_Priority@1@@Z
?Baselib_FileIO_AsyncRead@il2cpp_baselib@@YAXUBaselib_FileIO_AsyncFile@1@QEAUBaselib_FileIO_ReadRequest@1@_K2W4Baselib_FileIO_Priority@1@@Z
?Baselib_FileIO_EventQueue_Create@il2cpp_baselib@@YA?AUBaselib_FileIO_EventQueue@1@XZ
?Baselib_FileIO_EventQueue_Dequeue@il2cpp_baselib@@YA_KUBaselib_FileIO_EventQueue@1@QEAUBaselib_FileIO_EventQueue_Result@1@_KI@Z
?Baselib_FileIO_EventQueue_Free@il2cpp_baselib@@YAXUBaselib_FileIO_EventQueue@1@@Z
?Baselib_FileIO_EventQueue_Shutdown@il2cpp_baselib@@YAXUBaselib_FileIO_EventQueue@1@I@Z
?Baselib_FileIO_SyncClose@il2cpp_baselib@@YAXUBaselib_FileIO_SyncFile@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_FileIO_SyncFileFromNativeHandle@il2cpp_baselib@@YA?AUBaselib_FileIO_SyncFile@1@_KI@Z
?Baselib_FileIO_SyncFlush@il2cpp_baselib@@YAXUBaselib_FileIO_SyncFile@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_FileIO_SyncGetFileSize@il2cpp_baselib@@YA_KUBaselib_FileIO_SyncFile@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_FileIO_SyncOpen@il2cpp_baselib@@YA?AUBaselib_FileIO_SyncFile@1@PEBDIPEAUBaselib_ErrorState@1@@Z
?Baselib_FileIO_SyncRead@il2cpp_baselib@@YA_KUBaselib_FileIO_SyncFile@1@_KPEAX1PEAUBaselib_ErrorState@1@@Z
?Baselib_FileIO_SyncSetFileSize@il2cpp_baselib@@YAXUBaselib_FileIO_SyncFile@1@_KPEAUBaselib_ErrorState@1@@Z
?Baselib_FileIO_SyncWrite@il2cpp_baselib@@YA_KUBaselib_FileIO_SyncFile@1@_KPEBX1PEAUBaselib_ErrorState@1@@Z
?Baselib_Memory_AlignedAllocate@il2cpp_baselib@@YAPEAX_K0@Z
?Baselib_Memory_AlignedFree@il2cpp_baselib@@YAXPEAX@Z
?Baselib_Memory_AlignedReallocate@il2cpp_baselib@@YAPEAXPEAX_K1@Z
?Baselib_Memory_Allocate@il2cpp_baselib@@YAPEAX_K@Z
?Baselib_Memory_AllocatePages@il2cpp_baselib@@YA?AUBaselib_Memory_PageAllocation@1@_K00W4Baselib_Memory_PageState@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_Memory_Free@il2cpp_baselib@@YAXPEAX@Z
?Baselib_Memory_GetPageSizeInfo@il2cpp_baselib@@YAXPEAUBaselib_Memory_PageSizeInfo@1@@Z
?Baselib_Memory_Reallocate@il2cpp_baselib@@YAPEAXPEAX_K@Z
?Baselib_Memory_ReleasePages@il2cpp_baselib@@YAXUBaselib_Memory_PageAllocation@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_Memory_SetPageState@il2cpp_baselib@@YAXPEAX_K1W4Baselib_Memory_PageState@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_NetworkAddress_Decode@il2cpp_baselib@@YAXPEBUBaselib_NetworkAddress@1@PEAW4Baselib_NetworkAddress_Family@1@QEADIPEAGPEAUBaselib_ErrorState@1@@Z
?Baselib_NetworkAddress_Encode@il2cpp_baselib@@YAXPEAUBaselib_NetworkAddress@1@W4Baselib_NetworkAddress_Family@1@QEBDGPEAUBaselib_ErrorState@1@@Z
?Baselib_Process_Abort@il2cpp_baselib@@YAXW4Baselib_ErrorCode@1@@Z
?Baselib_RegisteredNetwork_BufferSlice_Create@il2cpp_baselib@@YA?AUBaselib_RegisteredNetwork_BufferSlice@1@UBaselib_RegisteredNetwork_Buffer@1@II@Z
?Baselib_RegisteredNetwork_BufferSlice_Empty@il2cpp_baselib@@YA?AUBaselib_RegisteredNetwork_BufferSlice@1@XZ
?Baselib_RegisteredNetwork_Buffer_Deregister@il2cpp_baselib@@YAXUBaselib_RegisteredNetwork_Buffer@1@@Z
?Baselib_RegisteredNetwork_Buffer_Register@il2cpp_baselib@@YA?AUBaselib_RegisteredNetwork_Buffer@1@UBaselib_Memory_PageAllocation@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Endpoint_Create@il2cpp_baselib@@YA?AUBaselib_RegisteredNetwork_Endpoint@1@PEBUBaselib_NetworkAddress@1@UBaselib_RegisteredNetwork_BufferSlice@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Endpoint_Empty@il2cpp_baselib@@YA?AUBaselib_RegisteredNetwork_Endpoint@1@XZ
?Baselib_RegisteredNetwork_Endpoint_GetNetworkAddress@il2cpp_baselib@@YAXUBaselib_RegisteredNetwork_Endpoint@1@PEAUBaselib_NetworkAddress@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Socket_UDP_Close@il2cpp_baselib@@YAXUBaselib_RegisteredNetwork_Socket_UDP@1@@Z
?Baselib_RegisteredNetwork_Socket_UDP_Create@il2cpp_baselib@@YA?AUBaselib_RegisteredNetwork_Socket_UDP@1@PEBUBaselib_NetworkAddress@1@W4Baselib_NetworkAddress_AddressReuse@1@IIPEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Socket_UDP_DequeueRecv@il2cpp_baselib@@YAIUBaselib_RegisteredNetwork_Socket_UDP@1@QEAUBaselib_RegisteredNetwork_CompletionResult@1@IPEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Socket_UDP_DequeueSend@il2cpp_baselib@@YAIUBaselib_RegisteredNetwork_Socket_UDP@1@QEAUBaselib_RegisteredNetwork_CompletionResult@1@IPEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Socket_UDP_GetNetworkAddress@il2cpp_baselib@@YAXUBaselib_RegisteredNetwork_Socket_UDP@1@PEAUBaselib_NetworkAddress@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Socket_UDP_ProcessRecv@il2cpp_baselib@@YA?AW4Baselib_RegisteredNetwork_ProcessStatus@1@UBaselib_RegisteredNetwork_Socket_UDP@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Socket_UDP_ProcessSend@il2cpp_baselib@@YA?AW4Baselib_RegisteredNetwork_ProcessStatus@1@UBaselib_RegisteredNetwork_Socket_UDP@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Socket_UDP_ScheduleRecv@il2cpp_baselib@@YAIUBaselib_RegisteredNetwork_Socket_UDP@1@PEBUBaselib_RegisteredNetwork_Request@1@IPEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Socket_UDP_ScheduleSend@il2cpp_baselib@@YAIUBaselib_RegisteredNetwork_Socket_UDP@1@PEBUBaselib_RegisteredNetwork_Request@1@IPEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Socket_UDP_WaitForCompletedRecv@il2cpp_baselib@@YA?AW4Baselib_RegisteredNetwork_CompletionQueueStatus@1@UBaselib_RegisteredNetwork_Socket_UDP@1@IPEAUBaselib_ErrorState@1@@Z
?Baselib_RegisteredNetwork_Socket_UDP_WaitForCompletedSend@il2cpp_baselib@@YA?AW4Baselib_RegisteredNetwork_CompletionQueueStatus@1@UBaselib_RegisteredNetwork_Socket_UDP@1@IPEAUBaselib_ErrorState@1@@Z
?Baselib_Socket_Bind@il2cpp_baselib@@YAXUBaselib_Socket_Handle@1@PEBUBaselib_NetworkAddress@1@W4Baselib_NetworkAddress_AddressReuse@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_Socket_Close@il2cpp_baselib@@YAXUBaselib_Socket_Handle@1@@Z
?Baselib_Socket_Create@il2cpp_baselib@@YA?AUBaselib_Socket_Handle@1@W4Baselib_NetworkAddress_Family@1@W4Baselib_Socket_Protocol@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_Socket_GetAddress@il2cpp_baselib@@YAXUBaselib_Socket_Handle@1@PEAUBaselib_NetworkAddress@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_Socket_Poll@il2cpp_baselib@@YAXPEAUBaselib_Socket_PollFd@1@IIPEAUBaselib_ErrorState@1@@Z
?Baselib_Socket_TCP_Accept@il2cpp_baselib@@YA?AUBaselib_Socket_Handle@1@U21@PEAUBaselib_ErrorState@1@@Z
?Baselib_Socket_TCP_Connect@il2cpp_baselib@@YAXUBaselib_Socket_Handle@1@PEBUBaselib_NetworkAddress@1@W4Baselib_NetworkAddress_AddressReuse@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_Socket_TCP_Listen@il2cpp_baselib@@YAXUBaselib_Socket_Handle@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_Socket_TCP_Recv@il2cpp_baselib@@YAIUBaselib_Socket_Handle@1@PEAXIPEAUBaselib_ErrorState@1@@Z
?Baselib_Socket_TCP_Send@il2cpp_baselib@@YAIUBaselib_Socket_Handle@1@PEAXIPEAUBaselib_ErrorState@1@@Z
?Baselib_Socket_UDP_Recv@il2cpp_baselib@@YAIUBaselib_Socket_Handle@1@QEAUBaselib_Socket_Message@1@IPEAUBaselib_ErrorState@1@@Z
?Baselib_Socket_UDP_Send@il2cpp_baselib@@YAIUBaselib_Socket_Handle@1@QEAUBaselib_Socket_Message@1@IPEAUBaselib_ErrorState@1@@Z
?Baselib_SystemFutex_Notify@il2cpp_baselib@@YAXPEAHIW4Baselib_WakeupFallbackStrategy@1@@Z
?Baselib_SystemFutex_Wait@il2cpp_baselib@@YAXPEAHHI@Z
?Baselib_SystemSemaphore_Acquire@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@@Z
?Baselib_SystemSemaphore_Create@il2cpp_baselib@@YA?AUBaselib_SystemSemaphore_Handle@1@XZ
?Baselib_SystemSemaphore_CreateInplace@il2cpp_baselib@@YA?AUBaselib_SystemSemaphore_Handle@1@PEAX@Z
?Baselib_SystemSemaphore_Free@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@@Z
?Baselib_SystemSemaphore_FreeInplace@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@@Z
?Baselib_SystemSemaphore_Release@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@I@Z
?Baselib_SystemSemaphore_TryAcquire@il2cpp_baselib@@YA_NUBaselib_SystemSemaphore_Handle@1@@Z
?Baselib_SystemSemaphore_TryTimedAcquire@il2cpp_baselib@@YA_NUBaselib_SystemSemaphore_Handle@1@I@Z
?Baselib_TLS_Alloc@il2cpp_baselib@@YA_KXZ
?Baselib_TLS_Free@il2cpp_baselib@@YAX_K@Z
?Baselib_Thread_Create@il2cpp_baselib@@YAPEAUBaselib_Thread@1@UBaselib_Thread_Config@1@PEAUBaselib_ErrorState@1@@Z
?Baselib_Thread_GetCurrentThreadId@il2cpp_baselib@@YA_JXZ
?Baselib_Thread_GetId@il2cpp_baselib@@YA_JPEAUBaselib_Thread@1@@Z
?Baselib_Thread_Join@il2cpp_baselib@@YAXPEAUBaselib_Thread@1@IPEAUBaselib_ErrorState@1@@Z
?Baselib_Thread_SupportsThreads@il2cpp_baselib@@YA_NXZ
?Baselib_Thread_YieldExecution@il2cpp_baselib@@YAXXZ
?Baselib_Timer_GetHighPrecisionTimerTicks@il2cpp_baselib@@YA_KXZ
?Baselib_Timer_GetTicksToNanosecondsConversionRatio@il2cpp_baselib@@YA?AUBaselib_Timer_TickToNanosecondConversionRatio@1@XZ
?Baselib_Timer_GetTimeSinceStartupInSeconds@il2cpp_baselib@@YANXZ
?Baselib_Timer_TickToNanosecondsConversionFactor@il2cpp_baselib@@3NB
?Baselib_Timer_WaitForAtLeast@il2cpp_baselib@@YAXI@Z
?Call@AbortShim@il2cpp_baselib@@QEAA_NW4Baselib_ErrorCode@2@@Z
?CreateThread@Thread@il2cpp_baselib@baselib@@CAPEAUBaselib_Thread@2@P6AXPEAX@Z0@Z
?Detail_Baselib_EventSemaphore_SemaphoreBased_AcquireNonSet@il2cpp_baselib@@YAXHPEAUBaselib_EventSemaphore@@@Z
?Detail_Baselib_EventSemaphore_SemaphoreBased_TryTimedAcquireNonSet@il2cpp_baselib@@YA_NHPEAUBaselib_EventSemaphore@@I@Z
?Empty@AbortShim@il2cpp_baselib@@SA?AV12@XZ
?GetCurrentId@Thread@il2cpp_baselib@baselib@@SA_JXZ
?GetId@Thread@il2cpp_baselib@baselib@@QEAA_JXZ
?SetAbortShim@il2cpp_baselib@@YA?AVAbortShim@1@V21@@Z
?ShimmableAbort@il2cpp_baselib@@YAXW4Baselib_ErrorCode@1@@Z
?SupportsThreads@Thread@il2cpp_baselib@baselib@@SA_NXZ
?TryJoin@Thread@il2cpp_baselib@baselib@@QEAA_NV?$duration@IU?$ratio@$00$0DOI@@std@@@chrono@std@@@Z
?YieldExecution@Thread@il2cpp_baselib@baselib@@SAXXZ
?detail_AssertLog@il2cpp_baselib@@YAXPEBDZZ
?detail_AssertLogMute@il2cpp_baselib@@YAX_N@Z

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dlllist.txt
winmm.dll
.dll windows x64

d35c16c95a55a75561ea1d764e139684

Code Sign

3f:3e:1f:61:f6:ef:5c:6c:cd:4a:23:d6:9a:ca:97:3d:ce:16:2c:51
Certificate

Issuer

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Not Before

16-02-2021 23:11

Not After

16-03-2021 23:11

Subject

CN=OnlineFix,OU=OnlineFix,O=OnlineFix,L=OnlineFix,ST=OnlineFix,C=CA,1.2.840.113549.1.9.1=#0c166f6e6c696e65666978406f6e6c696e656669782e6d65

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e6
Certificate

Issuer

CN=Ascertia Root CA 2,O=Ascertia,C=GB

Not Before

21-04-2009 12:15

Not After

14-04-2028 23:59

Subject

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:25:bc:4a:5e:45:b3:90:07:31:d1:83:bd:88:ae:5f:dd:02:c3:ca:a5:78:f0:3e:be:49:f5:a7:10:c5:ec:52
Signer

Actual PE Digest

71:25:bc:4a:5e:45:b3:90:07:31:d1:83:bd:88:ae:5f:dd:02:c3:ca:a5:78:f0:3e:be:49:f5:a7:10:c5:ec:52

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OnlineFix,OU=OnlineFix,O=OnlineFix,L=OnlineFix,ST=OnlineFix,C=CA,1.2.840.113549.1.9.1=#0c166f6e6c696e65666978406f6e6c696e656669782e6d65

04-03-2021 01:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameW
GetSystemDirectoryW
GetLastError
LoadLibraryW
GetProcAddress
ExitProcess
SetEndOfFile
WriteConsoleW
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapFree
CloseHandle
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
HeapAlloc
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
ReadConsoleW
CreateFileW
HeapSize
RtlUnwind

user32

MessageBoxW

Exports

Exports

CloseDriver
DefDriverProc
DriverCallback
DrvGetModuleHandle
GetDriverModuleHandle
NotifyCallbackData
OnlineFix
OpenDriver
PlaySound
PlaySoundA
PlaySoundW
SendDriverMessage
WOW32DriverCallback
WOW32ResolveMultiMediaHandle
WOWAppExit
aux32Message
auxGetDevCapsA
auxGetDevCapsW
auxGetNumDevs
auxGetVolume
auxOutMessage
auxSetVolume
joy32Message
joyConfigChanged
joyGetDevCapsA
joyGetDevCapsW
joyGetNumDevs
joyGetPos
joyGetPosEx
joyGetThreshold
joyReleaseCapture
joySetCapture
joySetThreshold
mci32Message
mciDriverNotify
mciDriverYield
mciExecute
mciFreeCommandResource
mciGetCreatorTask
mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
mciGetDriverData
mciGetErrorStringA
mciGetErrorStringW
mciGetYieldProc
mciLoadCommandResource
mciSendCommandA
mciSendCommandW
mciSendStringA
mciSendStringW
mciSetDriverData
mciSetYieldProc
mid32Message
midiConnect
midiDisconnect
midiInAddBuffer
midiInClose
midiInGetDevCapsA
midiInGetDevCapsW
midiInGetErrorTextA
midiInGetErrorTextW
midiInGetID
midiInGetNumDevs
midiInMessage
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInStop
midiInUnprepareHeader
midiOutCacheDrumPatches
midiOutCachePatches
midiOutClose
midiOutGetDevCapsA
midiOutGetDevCapsW
midiOutGetErrorTextA
midiOutGetErrorTextW
midiOutGetID
midiOutGetNumDevs
midiOutGetVolume
midiOutLongMsg
midiOutMessage
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutSetVolume
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPause
midiStreamPosition
midiStreamProperty
midiStreamRestart
midiStreamStop
mixerClose
mixerGetControlDetailsA
mixerGetControlDetailsW
mixerGetDevCapsA
mixerGetDevCapsW
mixerGetID
mixerGetLineControlsA
mixerGetLineControlsW
mixerGetLineInfoA
mixerGetLineInfoW
mixerGetNumDevs
mixerMessage
mixerOpen
mixerSetControlDetails
mmDrvInstall
mmGetCurrentTask
mmTaskBlock
mmTaskCreate
mmTaskSignal
mmTaskYield
mmioAdvance
mmioAscend
mmioClose
mmioCreateChunk
mmioDescend
mmioFlush
mmioGetInfo
mmioInstallIOProcA
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRead
mmioRenameA
mmioRenameW
mmioSeek
mmioSendMessage
mmioSetBuffer
mmioSetInfo
mmioStringToFOURCCA
mmioStringToFOURCCW
mmioWrite
mmsystemGetVersion
mod32Message
mxd32Message
sndPlaySoundA
sndPlaySoundW
tid32Message
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetSystemTime
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
waveInGetErrorTextW
waveInGetID
waveInGetNumDevs
waveInGetPosition
waveInMessage
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutBreakLoop
waveOutClose
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutGetErrorTextA
waveOutGetErrorTextW
waveOutGetID
waveOutGetNumDevs
waveOutGetPitch
waveOutGetPlaybackRate
waveOutGetPosition
waveOutGetVolume
waveOutMessage
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutSetPitch
waveOutSetPlaybackRate
waveOutSetVolume
waveOutUnprepareHeader
waveOutWrite
wid32Message
wod32Message

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cedb7c8d0328e5c981f3d8290526f1e0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shell32

ws2_32

iphlpapi

dbghelp

baselib

Exports

Exports

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

il2cpp Size: 65.2MB - Virtual size: 65.2MB

.rdata Size: 10.2MB - Virtual size: 10.2MB

.data Size: 3.9MB - Virtual size: 6.7MB

.pdata Size: 3.3MB - Virtual size: 3.3MB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 1.1MB - Virtual size: 1.1MB

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4b:f7:85:d7:f3:b3:b3:b3:e7:a6:92:77:8e:0d:ca:33:3f:6f:f4:4fCertificate

Extended Key Usages

Key Usages

e6Certificate

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c0:48:bc:7e:cc:b2:b9:d0:c3:4c:02:40:08:f7:e6:b5:7e:7d:b1:70:fe:b6:81:1d:02:29:7b:80:7d:c1:1b:a2Signer

Signature Validations

Verification

29-10-2020 16:32 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: - Virtual size: 8.6MB

.of0 Size: - Virtual size: 8.8MB

.of1 Size: 6.4MB - Virtual size: 6.4MB

.rsrc Size: 126KB - Virtual size: 125KB

.reloc Size: 512B - Virtual size: 12B

cf6e405258c3ddfda368fcfc399290b8

Code Sign

3d:78:81:50:95:64:b4:f4:2f:20:de:49:b7:42:21:6d:f9:5f:15:f0Certificate

Extended Key Usages

Key Usages

e6Certificate

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

40:68:78:62:72:af:26:30:0a:10:4f:6e:39:2f:73:40:6a:6d:ce:69:f2:96:c3:d9:f2:b6:2f:9a:d1:60:3e:0bSigner

Signature Validations

Verification

31-08-2020 21:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

.text
Size: 4.0MB - Virtual size: 4.0MB

il2cpp
Size: 65.2MB - Virtual size: 65.2MB

.rdata
Size: 10.2MB - Virtual size: 10.2MB

.data
Size: 3.9MB - Virtual size: 6.7MB

.pdata
Size: 3.3MB - Virtual size: 3.3MB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 1.1MB - Virtual size: 1.1MB

4b:f7:85:d7:f3:b3:b3:b3:e7:a6:92:77:8e:0d:ca:33:3f:6f:f4:4f
Certificate

e6
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c0:48:bc:7e:cc:b2:b9:d0:c3:4c:02:40:08:f7:e6:b5:7e:7d:b1:70:fe:b6:81:1d:02:29:7b:80:7d:c1:1b:a2
Signer

29-10-2020 16:32
Valid: false

.text
Size: - Virtual size: 8.6MB

.of0
Size: - Virtual size: 8.8MB

.of1
Size: 6.4MB - Virtual size: 6.4MB

.rsrc
Size: 126KB - Virtual size: 125KB

.reloc
Size: 512B - Virtual size: 12B

3d:78:81:50:95:64:b4:f4:2f:20:de:49:b7:42:21:6d:f9:5f:15:f0
Certificate

e6
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

40:68:78:62:72:af:26:30:0a:10:4f:6e:39:2f:73:40:6a:6d:ce:69:f2:96:c3:d9:f2:b6:2f:9a:d1:60:3e:0b
Signer

31-08-2020 21:34
Valid: false

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 509KB

.data
Size: - Virtual size: 305KB

.pdata
Size: - Virtual size: 76KB

_RDATA
Size: - Virtual size: 148B

.of0
Size: - Virtual size: 1.6MB

.of1
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 512B - Virtual size: 192B

.rsrc
Size: 1024B - Virtual size: 652B

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 552KB - Virtual size: 552KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 78KB

.rdata
Size: - Virtual size: 40KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 5KB

_RDATA
Size: - Virtual size: 348B

.of0
Size: - Virtual size: 1.6MB

.of1
Size: 2KB - Virtual size: 1KB

.of2
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 512B - Virtual size: 232B

.rsrc
Size: 1024B - Virtual size: 660B

d5:4f:27:86:74:e8:2f:65:b0:ba:31:5a:3c:bc:24:7a:3d:f1:a5
Certificate

e6
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

e1:74:03:ba:53:0a:71:14:de:20:59:8f:3e:b9:ca:b5:1d:b1:58:60:8b:7c:62:b0:b5:c6:e2:31:a0:ed:ad:2f
Signer