0ea5e55922e44880b9299427d947a91b

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2025-Aug-25 14:43:06
Detected languages English - United States
Debug artifacts C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb
FileVersion 2020.3.49.1582237
LegalCopyright (c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion 2020.3.49f1 (18249dd5551b)

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Suspicious The PE is possibly a dropper. Resources amount for 86.4081% of the executable.
Safe VirusTotal score: 0/72 (Scanned on 2025-11-24 16:29:44) All the AVs think this file is safe.

Hashes

MD5 0ea5e55922e44880b9299427d947a91b
SHA1 8179adfc66e56456c9d0279a4a0fec2753504a0a
SHA256 23ed391196b6e8cb99f5b140dd10ce04614c051862ae5f8813e209cb12f2d74b
SHA3 a8b53cd4815889e7b52a52a343a154d1ca72bb9d258cbfc9a3b4b5a9e8161850
SSDeep 12288:I4eCaTIvr13DMh+7x/CJsM55fukCCp5kxV4NhZlCMOUwaYFg3gzT1w2CWMma5Ds:3GT23DMh+7x/CJsMnp5kxV4NhZlCMka
Imports Hash 5f74a5c747508e2822fdb9b687deaf42

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2025-Aug-25 14:43:06
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xa200
SizeOfInitializedData 0x96600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001260 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xa5000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 dc34d9506ae9e3616b5265da7e35b1f6
SHA1 dce8f4d17ddc08b8460b046a362a27430cbe2e75
SHA256 e80b2c4dfacb7fab649683f679231937cf85d5498d6d4b5d3a3e61149f064124
SHA3 08b3146b697934b2f68c0ed66868b3c96973ed20c4a70245a96b304f456d0106
VirtualSize 0xa120
VirtualAddress 0x1000
SizeOfRawData 0xa200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.39574

.rdata

MD5 fd50d34644652afc96489cb13002a7a1
SHA1 4231ecf840820f1cda0ee83dc9d84c07a00f660a
SHA256 06f3d3b0885e60aee528b52e26f552eeb8d2d63e2cb79955bf653b55b540ea21
SHA3 5657d0867cb1d1efcfa37ead62093583f9795c3dcea024779d400161adc3c339
VirtualSize 0x8c6e
VirtualAddress 0xc000
SizeOfRawData 0x8e00
PointerToRawData 0xa600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.65239

.data

MD5 a9e79420695e9bc679ca784c3876e94f
SHA1 85d68049c56be1369a584c2cef1f26bece917c8f
SHA256 a64f2a1dd771a4ddc2a8b9ebecec8d75683a19da0fcb7c92b1ca380ca540a055
SHA3 902fec18ac997b92fb99b25384f1c089fc9ae1ab1d849e846fff2b3a4d2bd9fa
VirtualSize 0x1cd8
VirtualAddress 0x15000
SizeOfRawData 0xc00
PointerToRawData 0x13400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.67624

.pdata

MD5 789f36f907239c1ceca2f8ec3f79fcb5
SHA1 11b2d5522be4b2558a7e492c53b4d86184702c90
SHA256 5e2c8dede33e201308d3fabb30b57b487ba34d524537e56449f854c9d6e560e4
SHA3 0b06f78c7fe1c1611e2e7abfd4a78a87cf82474f2ac5b4a8daa9c07fbbf85778
VirtualSize 0xc48
VirtualAddress 0x17000
SizeOfRawData 0xe00
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.36097

_RDATA

MD5 1960efd573f3d23522c840210d59fb7e
SHA1 47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2
SHA256 ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4
SHA3 225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4
VirtualSize 0x94
VirtualAddress 0x18000
SizeOfRawData 0x200
PointerToRawData 0x14e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.08512

.rsrc

MD5 27796ddb8abccacf1e7f4fc9cca51daa
SHA1 e80689913d0577b1b43b6780c9222b41425d9ca0
SHA256 be72ac450e22b0fafe4f0ad1c7b458e57e742cf3c61377d9a2fdc3e19b7beb60
SHA3 6eaf5d1346e855f6f9feb547acdf433c1f500162d791de5dbf702f056665cce8
VirtualSize 0x8a198
VirtualAddress 0x19000
SizeOfRawData 0x8a200
PointerToRawData 0x15000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.37045

.reloc

MD5 a9c3cf69888151777a2a472fa85313df
SHA1 a5410c074ce059a802887d8ef48a198d601aa9e3
SHA256 02d5b365a568a1cfd46be8549a8fee9793a57a8d69c3544d8232330a87a3d7ad
SHA3 874351b3eea840f9c0337e4533e9a1b535fab5c0ccdeba911f149a1902c60a44
VirtualSize 0x634
VirtualAddress 0xa4000
SizeOfRawData 0x800
PointerToRawData 0x9f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.78467

Imports

UnityPlayer.dll UnityMain
KERNEL32.dll WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
CloseHandle
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal 1
Address 0x15004

NvOptimusEnablement

Ordinal 2
Address 0x15000

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.358
MD5 87a920c7d36d90f5bfb67727653be00c
SHA1 006793d80cd93eb4a7b50a739fded5b5aadd9f46
SHA256 4414987177270356e401ca595d92b759fde31942532c7e1fbc6128843de94700
SHA3 28d081523e1d0e64942af2eda9c3de9bb0e162dc94d0eed8f9719653383716f8

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.35687
MD5 cc28b3bc4ff5cd5e218f0f00e1926dc2
SHA1 57b928a088d100278214b8032a31a74113f38b95
SHA256 5ab4baf654e51a50049c76ba5110005cf305e67575b6d5dc7deab8f94e6b12d1
SHA3 bf4131258f3a6aaee6b07b55d39c50b3cc83bbd576ffe8369432517c8448a440

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.35725
MD5 23536e232c222c6c9e7b8ac3924614de
SHA1 1d7aea9cf18797794c61b8ed63d45c74c1311db8
SHA256 4366c24e756f240df1adcc1a41f5c2e0f7a4c6d5c367f22f0382862837856248
SHA3 c0fab412e217b1427acdd926136a194d16ab29d632f4a155cf96f31535e76f03

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.35658
MD5 29856c80e3f5cbd7014eb46678132611
SHA1 f3616bb98513d71b24880215e0b40b6afff2dd33
SHA256 a8952ccb9962af5ad2589dfe8dc0e9952c403901e1dd6b1d3b958dd493e39aa6
SHA3 9f7da03fb74f35b8d04293ae34bd48cabad5ff143ab015ddc03cd42cab916df4

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.88582
MD5 f184053839c5ba7eac958e96608f52c9
SHA1 ba34eec8dfb87757fa6bcec0cc046ec855b2fc60
SHA256 c2b8265f2a46e911001c9b49ce9fa34d377f5d60c7f2461e7f45c909aec12164
SHA3 4465c7783f92bfd1019036a5814bc6d1c7f646f553b492999c8a846153d23340

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.31046
MD5 9a338a173c69620d6f086d3a28c34369
SHA1 1a2525ffaedd57606aa003537cae6db1681fe70b
SHA256 38bb0cf28d785c09612f7935430da7e313124f2c1cfd7e1c90e4b44bf4ce8e3b
SHA3 1c553a44a483692428ca499079196a1d22f690e93d8cdb6bcd0c150fedcc7381

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.33467
MD5 751225aee7baed1dae3c7454e29cb8b1
SHA1 96f9c7dd2c48f005473106ae38f5c1600dc7c236
SHA256 7322a2284a494fbd7c661da273017fb7298543d5fa3681c038ae0858c74cbb9c
SHA3 caccacc866f2c0a41b6a98bcefe28ad4a9019a73863cb59852dc47089dd6db6b

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.29155
MD5 5ad900bc9e7f797197c33fed0ddee4e6
SHA1 84e3aa42a748dbaa1563628b4786fe33b089d6a5
SHA256 4735309fe1c7ea8bd2f6f5f4f5918f4e66bb5078a17caa0d51ef2c8f858d993d
SHA3 ae7c781bd319e57a3fb60a57def229ff1debecbf24aa937d7ba89933af08728c

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.14027
MD5 a88d35d0069f734e506f38cfdb411783
SHA1 3c04a9a9f6b77391169d6022963b7c50b203a0b0
SHA256 d8099c313268d1b4f73ae348ae8dac62e120e5a482e07ad22f2becfc1cb5100c
SHA3 4da4021100cafee4c769bad70ad7a690f21232672d2c056f0e30f1c7d6d541e6

103

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x84
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04448
Detected Filetype Icon file
MD5 f7731730720cfe035cf030b40d0e2eb6
SHA1 d046e23f2ee2b93ad96be8e1dc9120ecf3915091
SHA256 5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500
SHA3 6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x210
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.55571
MD5 24d472b8ccfbf48d968007f3fe0abfca
SHA1 bd463f8847feee03043383ab3091867e4dc7f3e6
SHA256 151ab5555765453cce16a040b223790424c646394cd9d04562e5076e4f2e2e9c
SHA3 858468608fd2f145c96c81c097d4e54c7e512de1e53589cbaa468cc598acd739

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x6c1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.37708
MD5 aab7e8aafe7b06ab3d003b54ab5e18ed
SHA1 dccf0408f43059df37b755f3241a8b4b35c728af
SHA256 fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8
SHA3 a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2020.3.49.9373
ProductVersion 2020.3.49.9373
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - United States
FileVersion (#2) 2020.3.49.1582237
LegalCopyright (c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion (#2) 2020.3.49f1 (18249dd5551b)
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2025-Aug-25 14:43:06
Version 0.0
SizeofData 134
AddressOfRawData 0x13730
PointerToRawData 0x11d30
Referenced File C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2025-Aug-25 14:43:06
Version 0.0
SizeofData 20
AddressOfRawData 0x137b8
PointerToRawData 0x11db8

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Aug-25 14:43:06
Version 0.0
SizeofData 712
AddressOfRawData 0x137cc
PointerToRawData 0x11dcc

TLS Callbacks

Load Configuration

Size 0x130
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140015030

RICH Header

XOR Key 0x69197163
Unmarked objects 0
C objects (VS2017 v14.15 compiler 26715) 10
ASM objects (VS2017 v14.15 compiler 26715) 5
C++ objects (VS2017 v14.15 compiler 26715) 136
Imports (VS2017 v14.15 compiler 26715) 2
C++ objects (VS 2015/2017/2019 runtime 28427) 37
C objects (VS 2015/2017/2019 runtime 28427) 16
ASM objects (VS 2015/2017/2019 runtime 28427) 8
Imports (VS2019 Update 5 (16.5.4-5) compiler 28614) 3
Total imports 85
C++ objects (VS2019 Update 5 (16.5.4-5) compiler 28614) 2
Exports (VS2019 Update 5 (16.5.4-5) compiler 28614) 1
Resource objects (VS2019 Update 5 (16.5.4-5) compiler 28614) 1
Linker (VS2019 Update 5 (16.5.4-5) compiler 28614) 1

Errors