Manalyze report for 83496cc9c8dc260e5fb8a24425019199

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Oct-24 11:11:06
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb
FileVersion	`2022.3.62.9860879`
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion	`2022.3.62f3 (96770f904ca7)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 84.749% of the executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`83496cc9c8dc260e5fb8a24425019199`
SHA1	`3153b4513463c23d54c35741cbea120843992c41`
SHA256	`c1df4939224ed139ff7d9c273ccc4b8537a2baeb33dcdcd41574eb07ace4458a`
SHA3	`85cc3c498f5e0e0fadc04b04340aaa68c91f710598453a379c02d48d10a07a4b`
SSDeep	`12288:9/7g4aOD8V53MtnyavaCmHiUwlO8oENKHP0QeKoYc4k:9FaOi5CnyavaiUitWP0eC4k`
Imports Hash	`a136217cdd3247ff6a8766561064ca0b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Oct-24 11:11:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xca00`
SizeOfInitializedData	`0x97000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001264 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa8000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e1ace82cc0f3d159779f5c95aa7e575b`
SHA1	`e4a5358996f267c921e5d996de44f3525bb042ed`
SHA256	`bec109031034001337c9be3c07e16f6fab9c862313fc1f8fb0699672e09c63a4`
SHA3	`449bef44a9ee4a68767a70da31c7ceb6aa3d1da49237a84227bbfb02c7e428a2`
VirtualSize	`0xc8b0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xca00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41019`

.rdata

MD5	`d70b2ddbfeb95da00930b91e68599514`
SHA1	`350472061d5a6c8d322298399cd5b20dfaea8eda`
SHA256	`6340660908af8cc3cde7478ee400cc2b9f37ed1a360ea8f0e5e20a4d68bede54`
SHA3	`80874b5ffc06e7dd7643664c5db56a570fd0b6f471885989e1f90ba81f0fedf2`
VirtualSize	`0x948c`
VirtualAddress	`0xe000`
SizeOfRawData	`0x9600`
PointerToRawData	`0xce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65465`

.data

MD5	`90815aa5dc65a7dd3f93bad1bd78a77e`
SHA1	`608f3e69047b216dda6b0df73c30912e2fef5544`
SHA256	`435cb9af1df25f501f68a9700182c4d25de99c3f8e8c1ba6b16c0ca98911ff87`
SHA3	`e5ea90d4dd767bfa3d88e3fa2e107c2e40cac10f43498d5abd74f15888477d18`
VirtualSize	`0x1d38`
VirtualAddress	`0x18000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x16400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.87032`

.pdata

MD5	`6e619149c26d436c6f07193ff1e8032b`
SHA1	`70aea7c26eff6d7619bd6a5a97ab259d68dd24f5`
SHA256	`48cb5fb202e79c0b8da5091cb440a9068502b37c8e4200eb78df617ae99fd024`
SHA3	`196183a21caf69a7292ff77b288d707ce7d63e2b887053ae1bc258b99d1e36f0`
VirtualSize	`0xef4`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.62125`

_RDATA

MD5	`f87f407c2a1cab208757ad1d23a2de6f`
SHA1	`cd739c36958f9ba7505883ae868f1a6ca71e880f`
SHA256	`6e4ba525d12ef66132e0738191d3a928ba74c0091a6f82bc48f892a41e2fc242`
SHA3	`0611ad194d9c623281cb358dbc2f2d28bb01b6eab682677ec8d16136d74414ab`
VirtualSize	`0x94`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x18000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.11888`

.rsrc

MD5	`ffe68fe237b29a86d558308b26441cce`
SHA1	`90099024c1eb2d2258344156afe29e4a403dcd57`
SHA256	`b443da17c0a1f2001076c916e0288f82fcafbb68b502567ff9f0480ee9a671a9`
SHA3	`5b610ec91f37b1bcea1dea41bc88494740b175926b77cdf8833610c8bb9a246a`
VirtualSize	`0x8a198`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x18200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.98311`

.reloc

MD5	`ef1e558d46106d87320dd822be1ddc48`
SHA1	`10f7b05d107451bd01cf446da512c619fc35bf50`
SHA256	`34d7b771018e478ba05cd24ec377fd34919d65ec63c43f49e1ab319785368929`
SHA3	`cc295f58e62efe5c59cad1febf1ce620404450135f442c20ba55235b492ddac9`
VirtualSize	`0x654`
VirtualAddress	`0xa7000`
SizeOfRawData	`0x800`
PointerToRawData	`0xa2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.84209`

Imports

UnityPlayer.dll	`UnityMain2`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x18004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x18000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.91738`
MD5	`648ac21f8c0d212f12829052e2e178b3`
SHA1	`1202ee3302fd72071173bd519b28cf0ef970dd72`
SHA256	`25c3b9cc64587eabd6bc712b1b38ea3a37e90f4484a49cec8186072b12edb394`
SHA3	`80f53d6b4273df927b4fa0fea68cd175ee7e68f2e1edd14abdb03085211e06eb`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.95838`
MD5	`2b99185ebbc84e727f7631c26600803b`
SHA1	`68f1bd34e95c0db6e41b174c4128fd6c2dc6ec75`
SHA256	`751a10c32831010c5a49df4fc2bee8ff8b10630d5ff0f2946c17b38960c951a0`
SHA3	`f5d77942c7b6f8fc622d6c89258abd43bc0a7784a51f95fbf43fc6f7a0d5dcce`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.00093`
MD5	`15a9c2a9caca9a17517431d8312876c5`
SHA1	`592b668a68e0a75800eee1173ec36a3776f196b9`
SHA256	`7ec9fcbb514f87f0243aedececff0db8deacc5d4dce22b7d2b0ae86cd1513ef6`
SHA3	`3bd650837d5b1a6602c57622aa186f17aa70b7f1b02479f9f656b3adde223835`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.04811`
MD5	`09175b011dd4469daf76511610c36ee7`
SHA1	`3d5c57c7ef59c7be3ed67a86cc532aba3cbb4feb`
SHA256	`520a108d71bc96eba2a35abd483c5ccce75da9c3587b8266d9dcf8490271324c`
SHA3	`6b37443a9d9ae2c61d138c2e99ba59bf00f2b9a319dde8903bf187db4fe9126d`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12464`
MD5	`7df3aebc042b7e723bcbe0060eb950a3`
SHA1	`7a84e4eda8fb0494b189ca3c25420a67d0108d68`
SHA256	`99c7250b1019c4ea139c57642edc73109dd0b0f25fd26f385b8623ab11ab93d5`
SHA3	`a39538480971756776fcc0b46d8985777c0a16f7b48d58cde61fe4a84a6e27ad`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06408`
MD5	`52025ebf02d6c45bfc5d543b5f64fc54`
SHA1	`f24835d2d5bb2bb346f8f36836918cda65d9980c`
SHA256	`51ec853364ff2d6f87ba437345cdeac03ad947a69dbabe72e386942c84663bee`
SHA3	`143b8fd76bcf8630209487621dcb1c4c4686527f0a17810e1c1b99044163033f`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.33131`
MD5	`bccd8bbbfaf6f9883f35235ea38657a2`
SHA1	`6cb1683ca687bc2c90eb59d48648113dd679c851`
SHA256	`3a0524d264292a5106dce603c3be5af85267e5e5bb8de7f9ed1a489bb8a3aeb5`
SHA3	`1fd0aa54e733a597e897498bb37d413145fa6836fa8b8ce7d7f0ff670078be55`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.41625`
MD5	`b000eef85a6a22176d435766d0abcdaa`
SHA1	`b9efc456e14882d7e6e8ef8e642bf85d1086f14d`
SHA256	`026911e568849b9ec7a9d7a9b4fc148fb05aa77f4c911d3c019020b7d7408718`
SHA3	`a2dad1c060b174b74870507df1ff4775643c6edd6d0fca34fa2bbab620c5af6b`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.25571`
MD5	`4d9779d3044c95f62fd12b42ad134c22`
SHA1	`d0cf23a34865be05996db2befd04d7ae3586f69d`
SHA256	`69cbad1cfd5b0d151aeafea95a0d53e8026aab6285b9b9c5d20971f279e05e08`
SHA3	`c0241c36930b8d282eb4abbdb3f4b9125ee6468b1b3f90bd4152e7e393748394`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x210`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5636`
MD5	`b1896eb56c83e3d5bda752f7877f6007`
SHA1	`97f0feebce60693f5e9fedc0b6315e05d622c812`
SHA256	`d47790db30a8476cc148d07cdf009ad8cd39e133770a6ef588406deb63b5abb0`
SHA3	`8b4890a75f1d58cb0c54ebf85722125e36d0219bb82586dba8fe638d54362119`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2022.3.62.30479
ProductVersion	2022.3.62.30479
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2022.3.62.9860879
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion (#2)	2022.3.62f3 (96770f904ca7)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Oct-24 11:11:06
Version	`0.0`
SizeofData	`143`
AddressOfRawData	`0x15aec`
PointerToRawData	`0x148ec`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Oct-24 11:11:06
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15b7c`
PointerToRawData	`0x1497c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Oct-24 11:11:06
Version	`0.0`
SizeofData	`768`
AddressOfRawData	`0x15b90`
PointerToRawData	`0x14990`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140018030`

RICH Header

83496cc9c8dc260e5fb8a24425019199

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors