Manalyze report for 4bb5369e3a6d97f7ba63d7d2a7f22b47aa936623473598316653f08a644cec9a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Sep-26 10:54:37
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb
FileVersion	`2021.3.45.8976527`
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion	`2021.3.45f2 (88f88f591b2e)`

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to TEA`
Suspicious	The PE is possibly packed.	`Unusual section name found: .bind`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Info	The PE's resources present abnormal characteristics.	`Resource 7 is possibly compressed or encrypted.` `Resource 8 is possibly compressed or encrypted.`
Suspicious	The file contains overlay data.	`440 bytes of data starting at offset 0xd8a48.`
Malicious	VirusTotal score: 3/71 (Scanned on 2026-05-08 18:09:59)	`Cylance: Unsafe` `Trapmine: suspicious.low.ml.score` `Webroot: W32.Malware.Gen`

Hashes

MD5	`66b225bff0b0acd646de6575c921313c`
SHA1	`74f29517532615499b1bb3b1f707a27a41f89d34`
SHA256	`4bb5369e3a6d97f7ba63d7d2a7f22b47aa936623473598316653f08a644cec9a`
SHA3	`feb3930f48086cdd54dd86534ccfe74fc2aff6b3fee4dde2fb3451bda93f8a59`
SSDeep	`12288:poCCuB5ObrZhBlFpty5hh7yegUjxPoJLgPE04XSaVo3ot97:uG/srBPpQ5DyxwxPoq8GaVyW`
Imports Hash	`5f74a5c747508e2822fdb9b687deaf42`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2025-Sep-26 10:54:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa200`
SizeOfInitializedData	`0x96600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xdf000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4190b7be9f5f4eb52c040a688e61a250`
SHA1	`ee3a1c75987c1b0e5e4ed015cbe0c92530bdad11`
SHA256	`7d92c29b88ce9a3c69a11f70fbc73e302f5d8d66766589406274d31e97ed920b`
SHA3	`0e04178fbb1a5d03ab267f800a38d342bb9f4a2bb6441604af8a9b52ecb4c4c6`
VirtualSize	`0xa140`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39724`

.rdata

MD5	`8388c7e1ca3e51981078cbe1b5369019`
SHA1	`ed285c90127619546de2e7211e366c24649b3c43`
SHA256	`d64626d4638ba6fbb3a42f9938d890dedaa05810f8136489022753db88f0d09f`
SHA3	`d354f796cd0598ae4947661a3628674f27160de62a2776f79f3050fc5172665c`
VirtualSize	`0x8cce`
VirtualAddress	`0xc000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65368`

.data

MD5	`2e9924c581c86e57e2e2b0ac87e1aa45`
SHA1	`a1a176fc5c54e8c996a328e810c15c16cdb5b73d`
SHA256	`90b0d83be28bc06320f7b2ce10f056ecd17badc2e84e2b1533c0454096a1e5a0`
SHA3	`8c3bb6dfd1204e833639461f26a41ad45e7fa68dcdc97aa4908992d272dc2237`
VirtualSize	`0x1ce8`
VirtualAddress	`0x15000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.6801`

.pdata

MD5	`2717431295e555cdae3fb602e2bd957e`
SHA1	`408d09336a1192e50edb78d3e7795fbc547ac381`
SHA256	`d927fd3b2aebd7b714861d2fede4d4929f356363e518385fd3c95e3262524631`
SHA3	`bbf9f4f071095b27e2349d9a28e1c01b5066c00143b8c5f7a393d2267f8178a5`
VirtualSize	`0xc54`
VirtualAddress	`0x17000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.34687`

_RDATA

MD5	`1960efd573f3d23522c840210d59fb7e`
SHA1	`47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2`
SHA256	`ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4`
SHA3	`225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4`
VirtualSize	`0x94`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.08512`

.rsrc

MD5	`0fd3768c398780ab71257a71d72df92e`
SHA1	`d40aa106dee4a65f5447f0fcf2b895c746d6e0a9`
SHA256	`2e1991cc09f42f9391acb464911e4aed537226600f03974273956ace79ebbc37`
SHA3	`e84c74485c4e0bc4efe22756e778847a026f552638a48a0d45140267b07f722a`
VirtualSize	`0x8a198`
VirtualAddress	`0x19000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.12074`

.reloc

MD5	`687aa942cda2e64adc67a829f1587240`
SHA1	`26058e365b4fef9cae39c529017700cd0ccfedb7`
SHA256	`e5b51406ab27a5065a374454ac72e242a50072d670957430f820af90f479b506`
SHA3	`8a51aae6ca0ea13d9513cba0336e2446957914c5ba6561a337c3afdf42f3c689`
VirtualSize	`0x638`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x9f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.79086`

.bind

MD5	`1b978d228a76fdaf6ad6117365f9ba4d`
SHA1	`51d06cd03fc5357ac6c915ae96f41fd773b1356a`
SHA256	`d0305af6141708dbe24a3e1554914d6fc8570276dca8d9b5a4e6fde8919eaadf`
SHA3	`146629a43701f4d7e52cd156344d53094c28d7444ccea2cba0e89ad2ae9027dc`
VirtualSize	`0x39048`
VirtualAddress	`0xa5000`
SizeOfRawData	`0x39048`
PointerToRawData	`0x9fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.95872`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x15004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x15000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.95335`
MD5	`edbfec87ba3c6b25c9fd39351bb14262`
SHA1	`b7cc25f0e9395594c93b2d87c706295fc2bfbd5c`
SHA256	`3c9269d97115328e8d0f3c8eeb001079c53b334720911eeaf800466f3e825647`
SHA3	`2c32c170f1a4a8bc512254e9440f623c0665d59ceec0ae078a587d1d8417fb71`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.04188`
MD5	`d70270c9f32c1833c0e4a5815b2d23f7`
SHA1	`ed303fe1db20b041efbd0052de6abacb131f16e9`
SHA256	`783d21bf64258d1aa234101808bbf1ebb4e6977a4a6fd8d355fb44c65250c1e6`
SHA3	`b7ee59da139a81817b751f6de92a75891b1844539be5c19063f8747a50a033de`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.21124`
MD5	`3cbde0c77db8ec46d3aa0f6371c39b3f`
SHA1	`8e92e1b1599dd2af81da84315c76f65cacd78184`
SHA256	`cc59092c1e8e5260196ea417951d2ee8697ee6065631c23cd63c14a5682555cf`
SHA3	`69cc49a26d1a5edfb09a6d796909e1aaa0ac54deb7c66d25470ba5c240f028fd`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40026`
MD5	`0ecc8fea87d16ee2f4d6197673049c5d`
SHA1	`bba9bd0efe9e5acb8f99599bcb3c17766c8d9cec`
SHA256	`83aa7e1ff26e8bf40e058c6680b6efa3e1e58bf7e6479207f1f0afeca94fa522`
SHA3	`d5276aae6c34ce4373b0aa9fb118de55f7e1cda21e3068fcc965934e1658b7c2`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.66571`
MD5	`01ff0cb8a5ec58b1248135437c81cc92`
SHA1	`e4d6300ba4ca7efddbf6034de9174809cf66aafc`
SHA256	`b1862dfdab767f21167624700b21e8614c7977230d70ec453ac52aa270c04916`
SHA3	`9722a14e5f176bd1fdf26026a86d4fb7d65bb1e34fa38ae881e948c65be5ee2a`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.82018`
MD5	`1b33a6e9d4e9393add70f69f6d9eb0be`
SHA1	`267812d69a1f1a638f40a7aa66c3cfb64c9c252c`
SHA256	`3cd3ab8a6b099e7a2980f11eb73574c2be330ae203cb0ee0c0e449c0ac242a50`
SHA3	`0fde8bfe0e9b4d167183190d252077b3d93edf3cbcab2f48ac5b41dba52e6a55`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.03625`
MD5	`ceb573d3983cdb8fcf29d4233a392dc3`
SHA1	`eca44b0ab500fbc713b0e946b44fb145e5db3a73`
SHA256	`eaa4627e874e5a82338c448245ea08d1af21b86b98fc8965c9f0946fbef35fe7`
SHA3	`5555bff27e5ef8d98b4802193f7fa25d9e1e497fdeca1cbf1eb2510e139b321b`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.05945`
MD5	`f95e793019c1eaad19f8898b5bac9847`
SHA1	`2aceab594256d1e020ccfbc04c08c8934b9c9a7f`
SHA256	`c6313c8e76248789e6b1243ba77f8e38f3397d5a3d0df40f029a0a0f37fa8a29`
SHA3	`3066db6546ff1733ed1a61526265b79d560037836ad9e4875da81a2a5895fc2a`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.94603`
MD5	`560e25d471ae16cffe4c5300de463644`
SHA1	`5a3ed44bde022386b40100ac30ef7c9fc191435a`
SHA256	`aa0e83aa51373e36afc4c62738403c1fd2106316d5279e9b8d501ea53948db5c`
SHA3	`8517c24a7c182bc8c2ca41ee53ace638ed982ed77eb722b47ce37716e831c17b`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x210`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.57464`
MD5	`8832c4fe974774a03e7bea2333fa8d5b`
SHA1	`bb7a7828c0d29bef02eb761904bb06196464bc91`
SHA256	`43b4067bdabb28ff16028db2af7e5b702aa96472d7b1e4119e90bd6d84a77fb8`
SHA3	`ec1047157ab26041e94597b78569cb8385e518d6b1ef7c34dae19f3ae238a9c7`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2021.3.45.63631
ProductVersion	2021.3.45.63631
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2021.3.45.8976527
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion (#2)	2021.3.45f2 (88f88f591b2e)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Sep-26 10:54:37
Version	`0.0`
SizeofData	`143`
AddressOfRawData	`0x13780`
PointerToRawData	`0x11d80`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Sep-26 10:54:37
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x13810`
PointerToRawData	`0x11e10`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Sep-26 10:54:37
Version	`0.0`
SizeofData	`712`
AddressOfRawData	`0x13824`
PointerToRawData	`0x11e24`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015030`

RICH Header

Errors

Leave a comment

No comments yet.