Manalyze report for 789c6103e231bae86cc6e8f30e20391f2dd5179a44f304b0525071fa2036d0ff

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jan-27 10:58:40
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_MT_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb
FileVersion	`6000.3.6.12300304`
LegalCopyright	(c) 2005-2026 Unity Technologies. All rights reserved.
ProductVersion	`6000.3.6f1 (bbb010bdb8a3)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 84.5615% of the executable.`
Safe	VirusTotal score: 0/71 (Scanned on 2026-04-01 05:38:14)	`All the AVs think this file is safe.`

Hashes

MD5	`91a2ec026288d9cd85b1769c9b784bdf`
SHA1	`2e6a11ced621ac90a914550b3b993f345a7d1d3c`
SHA256	`789c6103e231bae86cc6e8f30e20391f2dd5179a44f304b0525071fa2036d0ff`
SHA3	`466807cbdd9049ba9103afbea47dfc70d10f16dea4528b998e03c0b7366a635c`
SSDeep	`12288:VtVwZpkheAvw5WIm0fvJSRv1+Oq+5t6Yyq4T7URLACPG:V/qKw5WG3gRvAOq+KxDT7mLACu`
Imports Hash	`a136217cdd3247ff6a8766561064ca0b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Jan-27 10:58:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xce00`
SizeOfInitializedData	`0x97000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001264 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa7000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`457fb5274ed18adc024e01b603e258a4`
SHA1	`159fdb99c377edc82c57d34217a711578edb0e63`
SHA256	`336709c08beca21a675f029c2d588ac0cae8cc8f42422039cbb827b6284374e5`
SHA3	`7d6db62af5f0503638e32b2c5a2ebd94056e5e490598ebed73cb0495875d3499`
VirtualSize	`0xcdb0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45019`

.rdata

MD5	`ba6da228d306604f2f28f462fd53b3de`
SHA1	`875b1b6ad74c7bfd47fa1523b369b70d38ea2f2b`
SHA256	`3617c1a7600bc6af2145f67c6d965ec38be879639e328a9f975e545f0dde8a26`
SHA3	`8abe1d48c5c57fc46b0c5c5841564f557547a2c90880f999e415a366220ee944`
VirtualSize	`0x977c`
VirtualAddress	`0xe000`
SizeOfRawData	`0x9800`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.69213`

.data

MD5	`0822db25bce65451a1219de812eea533`
SHA1	`bf4c918ff2184dfeba8cd4f98b21e11d75de05e7`
SHA256	`8987031a7fb9e9ffe2b44dad568693d86af933f2b44447b6f5c1159bd0750a79`
SHA3	`83fbc2d299cd2e5b71ce2f669f319b95fcab94178c620dd04d72a1071efde7b0`
VirtualSize	`0x1d88`
VirtualAddress	`0x18000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x16a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.90767`

.pdata

MD5	`017f81338461c6b246bdb8ce1bf5fc08`
SHA1	`aa79861d4dea94c5fd283f1359435734dfb03517`
SHA256	`d1cc88f6e981b629ad1f47d33507ac8b71f82346871b690375752ffc69c6063d`
SHA3	`e197cfb7530afb455ed4ebbd26984d4562c62ea8c9c65f07f5d04c80970ee830`
VirtualSize	`0xec4`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60208`

.rsrc

MD5	`29b6a34a817fadf619807f531011a37d`
SHA1	`84e93772e6bbd0af49b299018a9dfca088dc85af`
SHA256	`31c15e3376cfced940460c957e3ad2bebc445ea6d756bb6de4de8c9ccaed8025`
SHA3	`0e4eff299f9022e6a896a93445205260525941e39f55dd4899294b5171894d95`
VirtualSize	`0x8a018`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x18600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.85742`

.reloc

MD5	`3ab8a3a955e5040e25556085e21a2be2`
SHA1	`f29b173f0ea430d70ff0803cbaa89fa1d4d024d9`
SHA256	`119eed3c019ffdb0bba4cee06b80d85e78a679f1bb17317cbb6a352bb4102d7a`
SHA3	`a5c3cb0725d2fd68e14265c6e03629d6270e73c1f049eb78b3e40b7b2535d802`
VirtualSize	`0x658`
VirtualAddress	`0xa6000`
SizeOfRawData	`0x800`
PointerToRawData	`0xa2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.86735`

Imports

UnityPlayer.dll	`UnityMain2`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x18004`

D3D12SDKPath

Ordinal	`2`
Address	`0x18008`

D3D12SDKVersion

Ordinal	`3`
Address	`0xe320`

NvOptimusEnablement

Ordinal	`4`
Address	`0x18000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.64922`
MD5	`bde591168bc96ae335b787085d12386a`
SHA1	`46ba082c86fa349fd4016be748be5053ba5b2436`
SHA256	`f9562006f663c26be24ddf17e30d47c97390d1ba41c2df54d60a92aefb271211`
SHA3	`077cb89dce710c6c9b92827be51c91f29be1b8e592f0586a102276420714258d`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82026`
MD5	`63b03bfb5168c744e3bdf0c554ebbf47`
SHA1	`f30be8a280bdd280ac2ada167bf0e94e4a9a3c04`
SHA256	`95f4c7cef62bb885ff6a2b9090b832a3bf06127b6d5062c3933e50e7c15c3f18`
SHA3	`05812d913a3fa8b7f56eedf311eb569acfa14d142faed179321e76f067c3b662`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.91504`
MD5	`d1895b5a97f4ab7fadee41562d881839`
SHA1	`4633f7bc0f9781a099fbbf454073bb777c6d2001`
SHA256	`e1f9fcf4526b929fe0aab2733e5d0744e27b5619f67ca89f50b58fc023e2d4e2`
SHA3	`f646a1e0259d29b539cc64036dda30c70ac5366a37987e2ef8f8ed537b850235`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.90134`
MD5	`0009ed01b231e74b66bb1d64761acf21`
SHA1	`9576f36f045b30a869e974f7078b3848b40ba5e3`
SHA256	`13312861cb5f726a305eb438d3cc20f658c4fa3c0486db69e4cd4b46e2257012`
SHA3	`caad8e188ee1d045f6330252f98d7a54cfd5e8801cc4f48eba413b986d2f8124`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.93746`
MD5	`0d4355a5d9e5ce98cab0d5e1e8e677ad`
SHA1	`8ff1efc6b8e66e03e3b74ee9d25cb4027ada1eb4`
SHA256	`5b4b60050bdae75ef8e4ca7af44b1eba7e2045ea5a7b466663b70bab9e4b1671`
SHA3	`253dbfc3a67e1e51304e88a5bf8f8c6d6fd0e5dd0e6846c6a8b8b7b1d3065be7`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.90792`
MD5	`98d73b371e2d38a2ac86c7d0fcf986df`
SHA1	`88ec269c4731cc4b3ea0edc2cd8a22264cdd2757`
SHA256	`e116d5891c7755b2b210c9d22bde0ccae886f42ff552061c230cfcffeafeab0c`
SHA3	`c7d85e2b7dc48008481dcc625a737e0a3d8da015d7c7f2145c1017c7d753f01e`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.87943`
MD5	`7fb6bb377f9df374fa67f411bbe86e13`
SHA1	`4cc4334974254172a2e39e3e0810f26778ed9b6e`
SHA256	`9ff9b55a311095667faf224617b5055e21b05e0cd5e0a1f235c2ce932afc6f8d`
SHA3	`bf90197a407c05f0f5d5eb7253274f56d3985d936a8ef60eb8b7d4e9d4e519a6`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84682`
MD5	`dd8d744abbcfe2ce8be7345fb27c2a38`
SHA1	`1128651b79a192980dea1a2911dfe5b5569c637b`
SHA256	`94d1a98156ceeba73e9e7e03bd14429dd301329b261c10caf765d96a8a2bc6fb`
SHA3	`e99e764df75a13f4edecd9bf839e852e9647337c207f5d32990af2893262a0bf`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82526`
MD5	`a37b17a349824c33359edd1221c4e019`
SHA1	`84ef4ff5504a2b82a19b420e5f7876070cc24033`
SHA256	`49dd5f71ecb6a73784b375b5c5f85d1e873a6c85b290e039cc5a3a4798971400`
SHA3	`3f20d61e7a4b655a0c352de304e4c7c589a796e0fda737f4dde2cf29645346cd`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54695`
MD5	`c8ad85698efcd3c00f93dcf310cfe0bf`
SHA1	`4e110bce8503c79cde65d2c8b111aabb2173bd56`
SHA256	`230812cf46ee117031a1ea0f4af2f366b49bec309b44946126f1e8e661d9ee11`
SHA3	`95b3cf58478f115ad582d40c90091a88ae69c019ad6cf0a4215766ac044d394a`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x545`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24993`
MD5	`9df530c2f4fbe460da74e130d5d351a9`
SHA1	`f8719b6c74e0179556c1a18f214d6c1bbff8f823`
SHA256	`3c357bd1125971bda05bc59eaeca279da41715741e2535e9e75c94273b1c3a1f`
SHA3	`ce3dd46f87bd462f8730fca18daea6df444422f8d88b810aefbd7b2e62536dee`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6000.3.6.45072
ProductVersion	6000.3.6.45072
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	6000.3.6.12300304
LegalCopyright	(c) 2005-2026 Unity Technologies. All rights reserved.
ProductVersion (#2)	6000.3.6f1 (bbb010bdb8a3)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jan-27 10:58:40
Version	`0.0`
SizeofData	`149`
AddressOfRawData	`0x15d68`
PointerToRawData	`0x14f68`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_MT_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jan-27 10:58:40
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15e00`
PointerToRawData	`0x15000`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jan-27 10:58:40
Version	`0.0`
SizeofData	`836`
AddressOfRawData	`0x15e14`
PointerToRawData	`0x15014`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140018040`

RICH Header

XOR Key	`0x7914df52`
Unmarked objects	`0`
ASM objects (28900)	`5`
C++ objects (28900)	`138`
C objects (28900)	`10`
Imports (28900)	`2`
ASM objects (34321)	`9`
C objects (34321)	`16`
C++ objects (34321)	`40`
Imports (34433)	`3`
Total imports	`89`
C++ objects (34433)	`2`
Exports (34433)	`1`
Resource objects (34433)	`1`
Linker (34433)	`1`

Errors

Leave a comment

No comments yet.