Manalyze report for 9d6417a39d44202f7abc38acb3645a52fa66c0863d8633c9be410d659098e3c5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Oct-30 04:41:10
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x86_VS2022_VB_nondev_m_r\WindowsPlayer_player_Master_mono_x86.pdb
FileVersion	`6000.0.62.16359173`
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion	`6000.0.62f1 (f99f05b3e950)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 87.3078% of the executable.`
Suspicious	VirusTotal score: 1/72 (Scanned on 2026-02-16 09:08:32)	`MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`6f410ffde457810e14a8b74f1818070e`
SHA1	`c532e79fdd1997fc7bcb4fb1e612e805d42853bb`
SHA256	`9d6417a39d44202f7abc38acb3645a52fa66c0863d8633c9be410d659098e3c5`
SHA3	`7736aacc180141f236476ed238ef5e3bb78a623f41731bcbd80743dcb43164b8`
SSDeep	`3072:k5xDJnKqHwbtMwlJXjxx5l498l1zJIUhdVAepNCqWF4BGkUFdVNnH:8BN6baIXBdIUTVAeOqWFeDiNnH`
Imports Hash	`0c1feba3e28a2a44b2ebaa2d44779815`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-Oct-30 04:41:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xbe00`
SizeOfInitializedData	`0x92800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000125C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xd000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa1000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a8b05c8d97c2b6ff5c4ad41d5b00d674`
SHA1	`8d4daff368ff10d46ad0ae1c88117985d90d00a8`
SHA256	`b506eb62e842f3552bc10461fa0f7322d975efa90b117f074fedeba608e1d0fa`
SHA3	`fda62e1cccce21d26e8372aa797b45e26682c7226a5e109824e7c754a240079c`
VirtualSize	`0xbdf3`
VirtualAddress	`0x1000`
SizeOfRawData	`0xbe00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60855`

.rdata

MD5	`2cf752ec3403bae8e12e868cca38b52e`
SHA1	`9da756e0ad40a0d26971ab7b8474bd166c7614f4`
SHA256	`468991ba016f08cc08cf8c633933fb4bd7b8e1c72aca156416923d6a8b7c16fb`
SHA3	`e687b5b7099014c34205def44cc94dce446928f20474f97e775db1cd1723c1f9`
VirtualSize	`0x5f8a`
VirtualAddress	`0xd000`
SizeOfRawData	`0x6000`
PointerToRawData	`0xc200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.82159`

.data

MD5	`2121f20321b03cff6f6020d466eda9b5`
SHA1	`cb128d13b514b6f7bb0ad2e34a7ef1e96651593c`
SHA256	`42c65c08d59045823f390ac4a7d6c26f2b8b5017da97a3c47c8a54d42e17a0f6`
SHA3	`e275cb633dce1b4e8aee6fab7f19317d372dfb797d27d893ad7a66ce203bb786`
VirtualSize	`0x147c`
VirtualAddress	`0x13000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.05102`

.rsrc

MD5	`fd5fdcbcfd4c2cf5bb540ce5e5d9cb1c`
SHA1	`883a9eaf4d6d46318b6bfb246e02f0dfb3855ea2`
SHA256	`031463f5c7dc045f9edbb887524c292c8bd15377c69ba3144674633efc2d95b9`
SHA3	`5bfbc615a76161d76ad6c4e157fd326d408a8e2e00b3b85f89ec8e0114a3c460`
VirtualSize	`0x8a020`
VirtualAddress	`0x15000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x12c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.31365`

.reloc

MD5	`668d45377f3a89bf5ddfb7f1916d8740`
SHA1	`86f396d7d5855b20067e2aeb68ed0fde5470c752`
SHA256	`a19349aaea4814052cf9032becef2ba669e488da3e4efbb968329025093ee218`
SHA3	`e3b1383b15df07d2aa892d1e3234848c0133c5a007057d3f331abea44ba4d65f`
VirtualSize	`0xe9c`
VirtualAddress	`0xa0000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x9ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.27386`

Imports

UnityPlayer.dll	`UnityMain2`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcess` `TerminateProcess` `CloseHandle` `RtlUnwind` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `DecodePointer` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x13004`

D3D12SDKPath

Ordinal	`2`
Address	`0x13008`

D3D12SDKVersion

Ordinal	`3`
Address	`0xd160`

NvOptimusEnablement

Ordinal	`4`
Address	`0x13000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.81269`
MD5	`bf97c7766f9fdd5bdbf689e3266f7472`
SHA1	`1d7b7f2a1afcc8347f59593499d85b2beddac34b`
SHA256	`c9d4e1e1380c6c836af9011552db83c20d5e5c7ca4fa56a9d8381d8add0ceae6`
SHA3	`88566155168aa7b54ebe5ea10e814c2914f01d009c0fa603563726ed0093f457`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70111`
MD5	`55f7d0187b857f218ab5b8aba1f94f4b`
SHA1	`f0a515093210d40a9b55d877fbb82202b93f29b2`
SHA256	`fd3b53555e9a3447aa00a42ece36be154a18f678ad0c949eb2023b5fd93a6d94`
SHA3	`83949895a8d8eebb0b2fed2212918dedfd4ce8a14622d6262deb474b1ebe98e6`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.6229`
MD5	`97d7d9afda43268da212e43ebd0e425e`
SHA1	`860e422e8161e8f9cdb02a900ba193feb51200ee`
SHA256	`ed6eb553ada992d3da1adc5e12f7280073cbd861f57dcec3178bcd490f0fc011`
SHA3	`d4240d25adfb668bf8ada37d27d23d33ac9c64ea5fbd21b56c849b593905c17f`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.25707`
MD5	`a716afb63e81df843edd2fd41bdb8e49`
SHA1	`2f556f4079ac6a15e651bb610c286fcbc6520aeb`
SHA256	`5329a3bf16dfffaa9f7c311daabe28c0e2b440257c99477c4769e0ab33c804a1`
SHA3	`3014f782033aa46e645d2585966a817678d9b5e8508a642a5c9cdd20736da149`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.04231`
MD5	`4c171971c1cd0bf1098c89ca9ab218a9`
SHA1	`4258d55083d72de96d6c71eb0eeae14447d07022`
SHA256	`6cd82fd9c9c86324481bce4c9c31c92472f8e76e221139a60fc878f5226581a0`
SHA3	`68c4c000143a924a06d356f3caa03c73fec857cc252fe4fce67cde4fe55bf659`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.71247`
MD5	`e2a75d253f608b66bfcd2d6386dd5041`
SHA1	`9107064688d505d7e2e10be8924d0f9a942a91fe`
SHA256	`4d0b405f7b603a5c88d8ee3b6bcd07c8044d596538c1f306198705b42f3e31cc`
SHA3	`6dbfe1cac6403d883b2ae951b9e22be16645d299de19693f428d744bd427ec96`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48641`
MD5	`78c906ffcfc6b864033ca15990882a73`
SHA1	`83789ac0d663aa750b29143089072bbf01c2bd0e`
SHA256	`f318cc72167e35c50c5c4c4af475b8b29ab06daa961a590369fbc9e09082990c`
SHA3	`e9cb5c9a904b1e9748ebb4474d93f12b9074d249375280caee4f2a32a4e90021`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20881`
MD5	`640b2ff5e5616b89c60c9d2c9bc150cf`
SHA1	`81a92e642b92c71c723c57c3d336a0654d3aa511`
SHA256	`bb0dc3d0a52894436bb7478657730696fa82b55714dc432f0b54282ef89a738f`
SHA3	`644c93230982d2162925618f9cecc248ddd43ea5940c6b8b59288fd38d090f71`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05137`
MD5	`4e1d3a85d7a72247bed7ec8967d8956c`
SHA1	`0bebeacee5ca8869615f3a52e4a9a5391beb2d42`
SHA256	`d4bdcf97cb312cb8f5cd83c78729bfa611b25f4742dab4ab0b229f1d728e34ab`
SHA3	`891578b2229be99dd4eb10716bcf806112043e6fb7a6abfa227b9d8cf57984ed`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x214`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49726`
MD5	`104b3509752c988dbcb30103509b7780`
SHA1	`398f2524add68f57993c2e6ff2b01092329008f4`
SHA256	`a680549e894dc1c9c1857fc304f0fcdac8aa865c4944728a600862ee4dcc9bdc`
SHA3	`09389dbc90284d381e859219dde3621db477aa28fd0af9ffaf3640f12a3a61eb`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x545`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24993`
MD5	`9df530c2f4fbe460da74e130d5d351a9`
SHA1	`f8719b6c74e0179556c1a18f214d6c1bbff8f823`
SHA256	`3c357bd1125971bda05bc59eaeca279da41715741e2535e9e75c94273b1c3a1f`
SHA3	`ce3dd46f87bd462f8730fca18daea6df444422f8d88b810aefbd7b2e62536dee`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6000.0.62.40709
ProductVersion	6000.0.62.40709
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	6000.0.62.16359173
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion (#2)	6000.0.62f1 (f99f05b3e950)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Oct-30 04:41:10
Version	`0.0`
SizeofData	`146`
AddressOfRawData	`0x11f5c`
PointerToRawData	`0x1115c`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x86_VS2022_VB_nondev_m_r\WindowsPlayer_player_Master_mono_x86.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Oct-30 04:41:10
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x11ff0`
PointerToRawData	`0x111f0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Oct-30 04:41:10
Version	`0.0`
SizeofData	`768`
AddressOfRawData	`0x12004`
PointerToRawData	`0x11204`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x413040`
SEHandlerTable	`0x411e9c`
SEHandlerCount	`10`

RICH Header

XOR Key	`0xb80cc5d4`
Unmarked objects	`0`
ASM objects (28900)	`10`
C++ objects (28900)	`141`
C objects (28900)	`20`
Imports (28900)	`2`
C++ objects (33218)	`38`
C objects (33218)	`18`
ASM objects (33218)	`18`
Imports (33523)	`3`
Total imports	`81`
C++ objects (33523)	`2`
Exports (33523)	`1`
Resource objects (33523)	`1`
Linker (33523)	`1`

Errors

Leave a comment

No comments yet.