2477aa79523dc0b1fa207b805013bbddac69a4e7b2f3682dfbfd18799847c40e

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Nov-23 03:45:01
Detected languages English - United States
Debug artifacts C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb
FileVersion 2021.3.15.15263878
LegalCopyright (c) 2022 Unity Technologies ApS. All rights reserved.
ProductVersion 2021.3.15f1 (e8e88683f834)

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Suspicious The PE is possibly a dropper. Resources amount for 86.4081% of the executable.
Safe VirusTotal score: 0/71 (Scanned on 2026-06-01 02:56:49) All the AVs think this file is safe.

Hashes

MD5 5672c3333aa5c9b34d1c009f768f8f80
SHA1 949e0bd89b0fe6db97874d8c84710e832d2ccd9e
SHA256 2477aa79523dc0b1fa207b805013bbddac69a4e7b2f3682dfbfd18799847c40e
SHA3 858370e21949275279cf92257cc17cb69292d0a4a44f91b970c025d809838666
SSDeep 6144:oEbaWnBUCG0hhhihWSUTMOSMi87iEIiESp94ReJAShh2m6P2z/FUwtZx17OJhhD:ooCCPTMOSMimkM4WWsd/t2fZ6
Imports Hash 5f74a5c747508e2822fdb9b687deaf42

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x118

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2022-Nov-23 03:45:01
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xa200
SizeOfInitializedData 0x96600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001260 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xa5000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4190b7be9f5f4eb52c040a688e61a250
SHA1 ee3a1c75987c1b0e5e4ed015cbe0c92530bdad11
SHA256 7d92c29b88ce9a3c69a11f70fbc73e302f5d8d66766589406274d31e97ed920b
SHA3 0e04178fbb1a5d03ab267f800a38d342bb9f4a2bb6441604af8a9b52ecb4c4c6
VirtualSize 0xa140
VirtualAddress 0x1000
SizeOfRawData 0xa200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.39724

.rdata

MD5 48c25ae4c39d567a8b4e1bf986d02198
SHA1 cba8258bbbbf297da77bb4379a404d89ce5f4778
SHA256 2f81d27b9648b410c8b05e5f9c03ff500b63f958252bfa62b82e514757034cad
SHA3 1b1c33bc60f2b1ba031f0b641aee345b21cff302034a10fc08a5823fe595b34b
VirtualSize 0x8cce
VirtualAddress 0xc000
SizeOfRawData 0x8e00
PointerToRawData 0xa600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.6533

.data

MD5 2e9924c581c86e57e2e2b0ac87e1aa45
SHA1 a1a176fc5c54e8c996a328e810c15c16cdb5b73d
SHA256 90b0d83be28bc06320f7b2ce10f056ecd17badc2e84e2b1533c0454096a1e5a0
SHA3 8c3bb6dfd1204e833639461f26a41ad45e7fa68dcdc97aa4908992d272dc2237
VirtualSize 0x1ce8
VirtualAddress 0x15000
SizeOfRawData 0xc00
PointerToRawData 0x13400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.6801

.pdata

MD5 2717431295e555cdae3fb602e2bd957e
SHA1 408d09336a1192e50edb78d3e7795fbc547ac381
SHA256 d927fd3b2aebd7b714861d2fede4d4929f356363e518385fd3c95e3262524631
SHA3 bbf9f4f071095b27e2349d9a28e1c01b5066c00143b8c5f7a393d2267f8178a5
VirtualSize 0xc54
VirtualAddress 0x17000
SizeOfRawData 0xe00
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.34687

_RDATA

MD5 1960efd573f3d23522c840210d59fb7e
SHA1 47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2
SHA256 ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4
SHA3 225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4
VirtualSize 0x94
VirtualAddress 0x18000
SizeOfRawData 0x200
PointerToRawData 0x14e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.08512

.rsrc

MD5 cf7988dfd15fc222d82f9d01f7b09229
SHA1 7ce1925c7dc46657d7b0cad378ab051c094af428
SHA256 04ff15d9af7a33f48adedc192b978b75d450803c2562e5f9e72d9d54d79b2697
SHA3 812406edd2891fac02fdfb7f3aa954b9fa09ec4d6ac5b1a36e6757ddc741fc69
VirtualSize 0x8a198
VirtualAddress 0x19000
SizeOfRawData 0x8a200
PointerToRawData 0x15000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.26933

.reloc

MD5 687aa942cda2e64adc67a829f1587240
SHA1 26058e365b4fef9cae39c529017700cd0ccfedb7
SHA256 e5b51406ab27a5065a374454ac72e242a50072d670957430f820af90f479b506
SHA3 8a51aae6ca0ea13d9513cba0336e2446957914c5ba6561a337c3afdf42f3c689
VirtualSize 0x638
VirtualAddress 0xa4000
SizeOfRawData 0x800
PointerToRawData 0x9f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.79086

Imports

UnityPlayer.dll UnityMain
KERNEL32.dll WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
CloseHandle
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal 1
Address 0x15004

NvOptimusEnablement

Ordinal 2
Address 0x15000

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.27516
MD5 74fefae4bfe83decf711ad9f3d31b2fb
SHA1 255147f4d308f69860706df099c27063d538a660
SHA256 27a6a2c9f7e5a57dcfb21629ea76302a8df544e355db703cbf83e9fddbf64706
SHA3 52cb9973d69243efff61413be754734568e8264eaac5f021d8f52be1c73d7561

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.27414
MD5 f3bdc48761120cd033b1b6d49b24f5ee
SHA1 53be9e03bdaeda90a40f24edaf86c8ba72283149
SHA256 ecb57236d0e88a70f9fbf490bdf5e9c7f38cca8c0155c5a5dc115b5db3e148eb
SHA3 ea33244e7557b14d30104f6bf847d39aa0f0fc6c971a811be07f733f1f5473d7

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.82928
MD5 6566305afd49c8c2faad78fc8742c978
SHA1 163c4bcd632a80e2e4f5cfde48d9d58c8ace65dd
SHA256 c64d756469242d7706ff6d540bb5f8b17b301483532c355621d9591f2f11a7a1
SHA3 c5ab1c942ec80de1d6928bd0374311117750da0584cd9fecb0d4611d3927119a

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.27377
MD5 b3e273df30c8bdebc40975565760b362
SHA1 28d4f0ae77e93925a970ef6623c94b26e3127e49
SHA256 b4d5979274ff67bce16f5f1d81a06c1846942e66f3707d363f30ec7fbe042d0a
SHA3 fa3a271aab9f4652d7c519394a551ddfae69fa99ac9655605cc2ff76d14a1c66

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.25266
MD5 0de5049b80d4e2fe9c3c3a6ddf88f3bf
SHA1 8f8c7caab55bf116f96019dd529c9ad8d15ddf9e
SHA256 c38f67c7b1d554acd89014f7aa0148fafed8577862047d901ad02c507769bc70
SHA3 8a6ea00d13b64728914a1698c175dcf780026fe6e8e3055e6c2470d49671c3d1

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.19296
MD5 72dfec17d2058238ea17a76ed7b0d9d0
SHA1 013b92cd6c50813c36855e153986ffcc5a5749f3
SHA256 71102830142c89e95585e0c9ff8ef28c4ed3afd7b34227c69b9b0623c95872fa
SHA3 8bc662af0f518f280df50317b51545f450a1a8c59f1f96c23a786cc4eb7c01d5

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.18189
MD5 ff3877d1228aca7d2255d779a9a684a2
SHA1 ee4ffd6e0ae63d8dbca932bf6d620da651cb8291
SHA256 27e94f17070dd6ae4da7f45bb5a34e6f26129d56d5b79054f95a1c1ca078be05
SHA3 8607ff6dfdd9e73613795e64ed5e0122165f14d72748ee5eb83c949055b58351

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.07697
MD5 845fc95c792a9a4e436e6bafa68acf4e
SHA1 583175434c568d6468825d28136d9d9e495205f3
SHA256 20d92f3d1cd433c9319a8604bb9a5143124e362e80bb22769cbcd014a2f397ee
SHA3 bcd9c7a2bb728f2f6393748e9d36e350373273f3e1133b253757f6c4c1656d49

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.86227
MD5 1ff9ee7dab9641254bc7ecf523177187
SHA1 7bed3a231a596d9981c7cbc3420cfdbd97a94569
SHA256 87f1c41acfda2c5868a59e346ab00f19a20806796713c62fa24adae90ccff9b2
SHA3 a372cee6b9000f9f2103bcb40ddb5ea8cfc67eca30294e28008388a09223aad8

103

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x84
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04448
Detected Filetype Icon file
MD5 f7731730720cfe035cf030b40d0e2eb6
SHA1 d046e23f2ee2b93ad96be8e1dc9120ecf3915091
SHA256 5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500
SHA3 6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x210
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.57253
MD5 3a940e1050baf30b07a1d942894ac7ab
SHA1 9f400a251a061384bf29c3c2204ad6b657397811
SHA256 dec8ea440b1ad6d544a232badbff511cc2b4ceceb8e5ff4237caca686ea3e8b2
SHA3 2a804ae7b3e378a8f04c0b1824a9fc3bc2f3e6f7bfc01ae088847bdc4f516a90

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x6c1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.37708
MD5 aab7e8aafe7b06ab3d003b54ab5e18ed
SHA1 dccf0408f43059df37b755f3241a8b4b35c728af
SHA256 fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8
SHA3 a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2021.3.15.59526
ProductVersion 2021.3.15.59526
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - United States
FileVersion (#2) 2021.3.15.15263878
LegalCopyright (c) 2022 Unity Technologies ApS. All rights reserved.
ProductVersion (#2) 2021.3.15f1 (e8e88683f834)
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2022-Nov-23 03:45:01
Version 0.0
SizeofData 141
AddressOfRawData 0x13780
PointerToRawData 0x11d80
Referenced File C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2022-Nov-23 03:45:01
Version 0.0
SizeofData 20
AddressOfRawData 0x13810
PointerToRawData 0x11e10

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2022-Nov-23 03:45:01
Version 0.0
SizeofData 712
AddressOfRawData 0x13824
PointerToRawData 0x11e24

TLS Callbacks

Load Configuration

Size 0x138
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140015030

RICH Header

XOR Key 0x735735a6
Unmarked objects 0
C objects (VS2017 v14.15 compiler 26715) 10
ASM objects (VS2017 v14.15 compiler 26715) 5
C++ objects (VS2017 v14.15 compiler 26715) 136
Imports (VS2017 v14.15 compiler 26715) 2
C++ objects (VS 2015/2017/2019 runtime 29118) 37
C objects (VS 2015/2017/2019 runtime 29118) 16
ASM objects (VS 2015/2017/2019 runtime 29118) 9
Imports (VS2019 Update 8 (16.8.0-1) compiler 29333) 3
Total imports 85
C++ objects (VS2019 Update 8 (16.8.0-1) compiler 29333) 3
Exports (VS2019 Update 8 (16.8.0-1) compiler 29333) 1
Resource objects (VS2019 Update 8 (16.8.0-1) compiler 29333) 1
Linker (VS2019 Update 8 (16.8.0-1) compiler 29333) 1

Errors

Leave a comment

No comments yet.