Manalyze report for 5f3238d44e4b1cd650fc5a18cccac868

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Dec-02 22:43:19
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x86_VS2022_VB_nondev_m_r\WindowsPlayer_player_Master_mono_x86.pdb
FileVersion	`6000.0.31.10618563`
LegalCopyright	(c) 2005-2024 Unity Technologies. All rights reserved.
ProductVersion	`6000.0.31f1 (a206c360e2a8)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 87.3078% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2025-09-29 13:56:13)	`All the AVs think this file is safe.`

Hashes

MD5	`5f3238d44e4b1cd650fc5a18cccac868`
SHA1	`ce2461dcadcd87eba165f670f11bfdea84d1a31c`
SHA256	`a9e4ce835628a2e35013e97064c3687432170e50d09e0279b283ca99b6b592ce`
SHA3	`c8ff27cdb5ff5516c295d0bdcbb52498d4472db16c12fc94f2f0905e9288fd68`
SSDeep	`3072:fKxDJXKqHwbtMwlJXjxx5Mt498lcYSh4jiI3GX6c/Qj8Ykn5eZl3DPB6ZnH:yBh6baIXGqYMwidQL25aonH`
Imports Hash	`5a8eaca2597eda714e0dcf5fae7d0a60`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2024-Dec-02 22:43:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xbe00`
SizeOfInitializedData	`0x92800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000125D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xd000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa1000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a8e502ba574e4d6f5177711273847622`
SHA1	`c9d184c07f03f711c5ca0ddf0c2d72c63e20c650`
SHA256	`3b8fe80f9c4228287824fb011e397d6a907522972e1be14bfffc8b319fa21949`
SHA3	`5779a6a6c8c3f340183c266d8f1eb4ae64edeb28c87b0c4f886e36953848b45c`
VirtualSize	`0xbdf3`
VirtualAddress	`0x1000`
SizeOfRawData	`0xbe00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60827`

.rdata

MD5	`0d856c8e12cd8fc2daa526e30d4824dd`
SHA1	`f711c521334d2954ce66ba802a71b50313c41283`
SHA256	`9be6e4c373e8a423f3100cb142ea86ed9e8fb4108aa2833212268584f1e21b63`
SHA3	`d1ed9c3dedd500cce9f5abf0a0723785c0d436adadc3ef3354669f7f208d9ee0`
VirtualSize	`0x5f88`
VirtualAddress	`0xd000`
SizeOfRawData	`0x6000`
PointerToRawData	`0xc200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.81995`

.data

MD5	`2121f20321b03cff6f6020d466eda9b5`
SHA1	`cb128d13b514b6f7bb0ad2e34a7ef1e96651593c`
SHA256	`42c65c08d59045823f390ac4a7d6c26f2b8b5017da97a3c47c8a54d42e17a0f6`
SHA3	`e275cb633dce1b4e8aee6fab7f19317d372dfb797d27d893ad7a66ce203bb786`
VirtualSize	`0x147c`
VirtualAddress	`0x13000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.05102`

.rsrc

MD5	`27cda64a3302626f2336857ebfa8c460`
SHA1	`6a6eb1927d2c36d3d29094ba5a77c80c17ac3818`
SHA256	`b3a57d5dfc5d47996bbc7c60b8fd90625cf8763ef18763161c2c987dba35d325`
SHA3	`3b1ac659ca35200c1e8c6926d34fb8cfe748adcb43fa7433e24a6ff01a614f40`
VirtualSize	`0x8a020`
VirtualAddress	`0x15000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x12c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.23582`

.reloc

MD5	`8e232addc3dbfa9438deeeeed002a260`
SHA1	`e84746613b846ba5a4bafd168816052e06f67915`
SHA256	`771d5ea0b9d8ab2bd7a7f3dfb0507578226abbfcb0859887e78f6598ac2fec19`
SHA3	`ceb34ddcec51b12fb2dd406fbf6999780400199c1300a4bb0ea91e6c7f062d54`
VirtualSize	`0xe9c`
VirtualAddress	`0xa0000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x9ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.27334`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcess` `TerminateProcess` `CloseHandle` `RtlUnwind` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `DecodePointer` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x13004`

D3D12SDKPath

Ordinal	`2`
Address	`0x13008`

D3D12SDKVersion

Ordinal	`3`
Address	`0xd160`

NvOptimusEnablement

Ordinal	`4`
Address	`0x13000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98089`
MD5	`541b45d35628feb5a23fb41a5d5b3a2b`
SHA1	`f2f38f3ed6e1ea23ab0d81651ce694859f8afaad`
SHA256	`205592abdefddd1ad2d754208405cb28d714a1c77e80161b5cacba9bf124ebbe`
SHA3	`d4a000fd0ed479a89605ad674256e304858edc64a20a33a7726429cd485dd5f2`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7342`
MD5	`e3036dfcb3017401e512a27fcce75b05`
SHA1	`0f9bc79d103d03909228259015191b7006482a04`
SHA256	`8336b553e87b89ca855bafbafa445e5664d442fb6b23d02584af1510407afd74`
SHA3	`3a98a1a24c0580b2202a15a2cafa4198c31f93f048d36c9f6d1e81a0ecc87741`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6348`
MD5	`c0b019d124da256baf67e97d67bff167`
SHA1	`63d2dec4a890f2d59ab6f0b2fec1cd732318a402`
SHA256	`c0954b808000ebbf61e7dae7e24dd0ac45e53fd04e315416c339daaca8f37b4a`
SHA3	`2114973ae2c92fe7c385b138b6475881ae859204bd0c82d0da3751fce553b32c`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46694`
MD5	`5e4c3c217a9b63805b6418fe1ed2a908`
SHA1	`dee34997b985090c2fd2e7e2a042ec1ee032db65`
SHA256	`13eceabb0e839b1cc95a01db97aa5827bf63ebb39f089dc2d633c65cb4572555`
SHA3	`2b3f1f41fb6c8714763891e3aa8aed7ba240754f33c628608f9b7d1a09feb3b8`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38374`
MD5	`e9fcb2808857968e370520dca0a52f1a`
SHA1	`262d869fab23a1f5487a72b2fb2c0ba5ce4a2a46`
SHA256	`72bd0a074e2a6a21bbcff77bb0cf7167db26243258a5ca1f83fb6f2182ceeebf`
SHA3	`6f9a4ba2daaf7a8cb38239030a0aa75f8ed89ecbfa55411f7515bc5483439d5d`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.29525`
MD5	`025daec43839bc1670c2dcaacb00b1dd`
SHA1	`14fabb1d479ad7b0b49fef66edfae54dcb86effd`
SHA256	`bea06701d7f089478d71daab456d092678aa2dfcb830793c6e799ae763be7225`
SHA3	`7cb4765c1315e7a709515f619365ba774cfa0c7e157d0004ef065bb7a5857fdb`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.24359`
MD5	`1e629d8db247d9200c96bfc54cf70a2e`
SHA1	`5fb3ad6389de21f0bf32dc3941295c15e6b39d51`
SHA256	`0281bb86ac2ced7d0676177ab19eb1c556a7b9b67fa3797716bed81de1f69d7e`
SHA3	`a4fdabd5f21e8d4b1694a1ab5cba2980dcb156f01cf329a306adbb0a7ffa3071`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.19188`
MD5	`db09b7eee35a38d938037b72461387cc`
SHA1	`a379704a6f4d116d48171da4d728b4ea59fe51a6`
SHA256	`715128dfbe8bc0e2c667f8b0002b991efd602ec193722e526c67d6fb92f58026`
SHA3	`23563fad0035afe1c0c74c9b340f03b1e1c657a1c12c87580c53c6f84003bc0c`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.15492`
MD5	`19e5a2700306636c51b0a7fcbcbfeabf`
SHA1	`d31fc12ffef0adf1628a4c78abdbc3e783e1a85d`
SHA256	`00c7abf44fab3ce3568a808d4a4494780bbfc8a7c00fd40915ee24ac68e5aeb8`
SHA3	`cf7ce63ea8864960d8f004c00f2e5a1998679f66111c01eeb4ce64859c4f5c4a`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x214`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49068`
MD5	`69dcea127718cd731dea745bea11bae8`
SHA1	`25ba6e412283d93b0bcda0f215f184f80321f814`
SHA256	`c9161335b8d9c151b69899430123d49f262d40cc94784e3a6a5e2a1e3a6515bc`
SHA3	`1ac5c42831b174ed0a7fd64ce6e6c8a56e1bdf72ac9163f599de0c3afc6ee569`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x545`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24993`
MD5	`9df530c2f4fbe460da74e130d5d351a9`
SHA1	`f8719b6c74e0179556c1a18f214d6c1bbff8f823`
SHA256	`3c357bd1125971bda05bc59eaeca279da41715741e2535e9e75c94273b1c3a1f`
SHA3	`ce3dd46f87bd462f8730fca18daea6df444422f8d88b810aefbd7b2e62536dee`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6000.0.31.1731
ProductVersion	6000.0.31.1731
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	6000.0.31.10618563
LegalCopyright	(c) 2005-2024 Unity Technologies. All rights reserved.
ProductVersion (#2)	6000.0.31f1 (a206c360e2a8)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Dec-02 22:43:19
Version	`0.0`
SizeofData	`146`
AddressOfRawData	`0x11f5c`
PointerToRawData	`0x1115c`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x86_VS2022_VB_nondev_m_r\WindowsPlayer_player_Master_mono_x86.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Dec-02 22:43:19
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x11ff0`
PointerToRawData	`0x111f0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Dec-02 22:43:19
Version	`0.0`
SizeofData	`768`
AddressOfRawData	`0x12004`
PointerToRawData	`0x11204`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x413040`
SEHandlerTable	`0x411e9c`
SEHandlerCount	`10`

RICH Header

XOR Key	`0xb80cc5d4`
Unmarked objects	`0`
ASM objects (28900)	`10`
C++ objects (28900)	`141`
C objects (28900)	`20`
Imports (28900)	`2`
C++ objects (33218)	`38`
C objects (33218)	`18`
ASM objects (33218)	`18`
Imports (33523)	`3`
Total imports	`81`
C++ objects (33523)	`2`
Exports (33523)	`1`
Resource objects (33523)	`1`
Linker (33523)	`1`

5f3238d44e4b1cd650fc5a18cccac868

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

D3D12SDKPath

D3D12SDKVersion

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors