Manalyze report for 863b3c7fc28959ac6130810eba07fc128bd02ce07943380a3164f799a5b956f1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-11 17:46:59
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb
FileVersion	`6000.0.68.14805434`
LegalCopyright	(c) 2005-2026 Unity Technologies. All rights reserved.
ProductVersion	`6000.0.68f1 (e1e9baaf294b)`

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to TEA`
Suspicious	The PE is possibly packed.	`Unusual section name found: .bind`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The file contains overlay data.	`440 bytes of data starting at offset 0xdd248.`
Malicious	VirusTotal score: 3/70 (Scanned on 2026-03-19 17:35:43)	`Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Trapmine: suspicious.low.ml.score`

Hashes

MD5	`09803a42a0cf185db8ca5ce3f52a1af1`
SHA1	`d946044b6fadd4ebc7833673a452379fe37f103c`
SHA256	`863b3c7fc28959ac6130810eba07fc128bd02ce07943380a3164f799a5b956f1`
SHA3	`48606635f7272100c39474fb2dc932471ca438d5bee4bb46729b02da476dd911`
SSDeep	`24576:zjtD8WKRCjmavASifk+D8LvxooQ3bBCqH:HtDFQwvASifk+D8Lv/IbUq`
Imports Hash	`a136217cdd3247ff6a8766561064ca0b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2026-Feb-11 17:46:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xde00`
SizeOfInitializedData	`0x97200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001264 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xe3000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2775a5a7c1fa856e6a29a4f5a5229c31`
SHA1	`3e9ae8fdb588fe4aae22d549f8569008c887c898`
SHA256	`195697288171c6371920514965e3625060b55abd960ee1903baa797ef5e0bbfb`
SHA3	`fb39403bbfb970d14fc395dd6c3593ca3d0aec333b14d9249010a0924d269e75`
VirtualSize	`0xdc70`
VirtualAddress	`0x1000`
SizeOfRawData	`0xde00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46162`

.rdata

MD5	`9dbdd460e74f1bc36f99c4c0a765b520`
SHA1	`ea76121814b4164e8f011830dfc560dd970ab816`
SHA256	`7b966fa04de684e1bbe7d0f695ef77f70824b910a6ed11508852459dd439eb6b`
SHA3	`e8cee42d1c36d47729e8e36ade99ac2747e2bfd8dbc8e9303fcc2bbe231ad2e6`
VirtualSize	`0x977c`
VirtualAddress	`0xf000`
SizeOfRawData	`0x9800`
PointerToRawData	`0xe200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70199`

.data

MD5	`d284f7b260ed119794375a6998c5083c`
SHA1	`0944c690e2b7841e681f55d2a731910f8019f2ef`
SHA256	`79ebad17e73900bd4dd43a932cc832e1d907346973e16ac0af549524fa4b88b3`
SHA3	`0c023444d7239a9582798618879cf6e165fcae6d6eec1051c77592814b4894ad`
VirtualSize	`0x1d78`
VirtualAddress	`0x19000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x17a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.89847`

.pdata

MD5	`d67581e7561b613930fcc4c3ee52cdc5`
SHA1	`a43e835342a8235efb9f656bba5c170d21641a61`
SHA256	`4eaf2a70ebe02f5f76d3b133d8a74d7c7eee9267519fd6a6951de4bcb2ad617b`
SHA3	`0ccfeafaf338d1bcb9c719ffca72875595bea8d6aea16bd26baa2a4685e84170`
VirtualSize	`0xf24`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x18600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.67172`

_RDATA

MD5	`dd297010ea596c9b749ddc72fe421330`
SHA1	`3213e7a4b99366f1367f1b5dc97aa4853369a784`
SHA256	`420a70f17663b392f63eb448853ebc800a3f7cf9c6e0b78b7e421d671dd927fd`
SHA3	`f4660bd566f5561530bb0e40a752616d5a8180b7180fcf869790d48f9fb6e9bf`
VirtualSize	`0x1f4`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x19600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.71477`

.rsrc

MD5	`a41684fe2d48985e90566549dc11d07f`
SHA1	`77995e0433c3af9709ee3c46baadfb57af5259c0`
SHA256	`72369a29dcef51f662726787f1987faaffd84e5da5931fbbcef3e6dd68340d8d`
SHA3	`67330486fe712241c2fc16c8a34e3c599bd7b40a720ff0fac0efb5ff9a6a348b`
VirtualSize	`0x8a020`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x19800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.16437`

.reloc

MD5	`79918e2814a23b917e4a5494067a35d5`
SHA1	`eab8dd05e160cbff9fa1c348b6c35e7f161cf459`
SHA256	`cccb376562c958fee6ec06051a48d2c5c0232065e1000ce2d4b0775e46737238`
SHA3	`0fcd95a99b9b4e77c2e23089f450965a4028a243ef56d1928fdcfcebcc4b7120`
VirtualSize	`0x658`
VirtualAddress	`0xa8000`
SizeOfRawData	`0x800`
PointerToRawData	`0xa3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.87002`

.bind

MD5	`0b34e818392ed18615a8e4fc54851155`
SHA1	`1bd2aad3297cb534ebf1122588e34342a58ceee9`
SHA256	`6499dcd8291b993408eddf6de60404c059f47c854daae81dbf1e4b045c2f83c2`
SHA3	`ca5c7f8dbda7141dfe85f7329da533afde77949da03354029b6a30368095c7c6`
VirtualSize	`0x39048`
VirtualAddress	`0xa9000`
SizeOfRawData	`0x39048`
PointerToRawData	`0xa4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.95961`

Imports

UnityPlayer.dll	`UnityMain2`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x19004`

D3D12SDKPath

Ordinal	`2`
Address	`0x19008`

D3D12SDKVersion

Ordinal	`3`
Address	`0xf320`

NvOptimusEnablement

Ordinal	`4`
Address	`0x19000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.80908`
MD5	`c32e5522af4ae839bf516cd2630c90a6`
SHA1	`f59eba7c8114641176448f3bc0723ea556c04abe`
SHA256	`6a1bfee1fb975e31036f08000fbd053b0234df9c0d3f5ba23cfcb274216deb8c`
SHA3	`a1e525e914ff856b0b5ef5d1ed1fbef3aed5e2f13590d03e6731fcc93b3da52d`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.01309`
MD5	`dfb324e7cf7ac60fcbe891a69799b4d2`
SHA1	`b4b237919a79e301c0f11d1fbc389194c11c1a92`
SHA256	`0dea65ba7916107de90823511ff06c3c9d688d99da0dcde0c511667ed250be76`
SHA3	`9cd23009ee42e5d3b5025d1300637ff6f8855afe1b5747580ffad99d56a70391`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.095`
MD5	`d4ee7e3ce11bf36c2f494cfcb62c4970`
SHA1	`3d2b9a921054df85d20057b79dacd1cbb4ca024e`
SHA256	`3f2ce94d719b4ce87fefa7d3f74845b1d2fb2e9d72deaf0e801a4fe1f86cdbe1`
SHA3	`f46469bdc7a02ccb2ba2abc4e9f06b2729f8928f831153d105b9e811c5ad5dd5`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.08835`
MD5	`1968af2b3315eda4d732164f406bf4d1`
SHA1	`03a48053ec276bcbb0d7c251f831d6bbbef540b2`
SHA256	`d3185cdeaebb1814cc688e3081daf5fb16d0d33d501925a099bef4d1e52c1c12`
SHA3	`8c38f3bb4aaac14f81a5fdb3187164dd5ca7b24f0721a9f1c3c4c0f72f2d6567`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.14898`
MD5	`fa1a0e7e42bc3bfff9a45f189fb720d1`
SHA1	`4a9709f18fcd6f3a260d0d4a350f0d8549dbeae8`
SHA256	`7f1c340b7225501b73715663dfbc060c3de757489cf3cf863db433646ed32800`
SHA3	`689f8bdac4f23a4b183dc8702f28427676f47f3ddc271bab66e79004acf8e402`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.15621`
MD5	`8b96ddc492b7a42dc5e40710b73d239e`
SHA1	`e0dfc3f76f0d58e0a1a23f2dc55b6f98d8f21f4d`
SHA256	`d6c03dd67128f7dda2d44dd5595c2307fd1f288e3339df7b8712ab1e59971f09`
SHA3	`cdf1b01772e0bf012fec50e78329b9e195485421e52a0f36f6cd18b45cd364be`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.16253`
MD5	`e7bc27effb51a0156e967f3c65ab801d`
SHA1	`5da2fe2b79e75119d346f1842dd5d793e628c56e`
SHA256	`92ef0139b8a23a0c4ef00b2058f7af74c2e536508262c72c2921eee967022964`
SHA3	`1cc3a306f0a6e9b6055c6079292867c21cdb86ed6ca1fe89ebfec5586061c92a`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.1643`
MD5	`6f174f4de9fc5b647428821a425bb365`
SHA1	`d0a5478726d4e76a71c45d51ac0dac1254f9cdb5`
SHA256	`8596045cb7e0a6275be6f439c16459b31ecc1a2a33a40a0f782dc1bdf15579c8`
SHA3	`81037c373ea524ba411dfcb4a64f80f8cc6668288e0d644f6a82e4dbf5773ffc`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.15431`
MD5	`9dc169558496ad9badf22a2bdcb89b5e`
SHA1	`38f70bd1d4aa695f978d56e6189495ef4baafb58`
SHA256	`1a005abeee14894652e8bbc6388b37721f805c56321977ee59ab4da5aa45de7d`
SHA3	`47cdb4aceea6eae1e48c20d68e7642e6df2d43f9ac257af9b81875b2228124ba`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x214`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49381`
MD5	`862a36169da028b31657dcca3849e3a4`
SHA1	`4bcb8a0c5044aced1ae46ca4989be41e4daea466`
SHA256	`56a3666c7c2c479faebffaef0db19b4011a38c8020b30e8bab2279f812825299`
SHA3	`6e823e074bdc2d77a8aa43f46ba98707d73772fc02925a6da2b6e2489a0d3f79`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x545`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24993`
MD5	`9df530c2f4fbe460da74e130d5d351a9`
SHA1	`f8719b6c74e0179556c1a18f214d6c1bbff8f823`
SHA256	`3c357bd1125971bda05bc59eaeca279da41715741e2535e9e75c94273b1c3a1f`
SHA3	`ce3dd46f87bd462f8730fca18daea6df444422f8d88b810aefbd7b2e62536dee`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6000.0.68.59834
ProductVersion	6000.0.68.59834
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	6000.0.68.14805434
LegalCopyright	(c) 2005-2026 Unity Technologies. All rights reserved.
ProductVersion (#2)	6000.0.68f1 (e1e9baaf294b)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Feb-11 17:46:59
Version	`0.0`
SizeofData	`148`
AddressOfRawData	`0x16d58`
PointerToRawData	`0x15f58`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Feb-11 17:46:59
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x16dec`
PointerToRawData	`0x15fec`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-11 17:46:59
Version	`0.0`
SizeofData	`852`
AddressOfRawData	`0x16e00`
PointerToRawData	`0x16000`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140019040`

RICH Header

Errors

Leave a comment

No comments yet.