Manalyze report for ab6c37054a476bdf66f6733d72486bf1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-May-24 15:48:25
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb
FileVersion	`6000.1.5.9582370`
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion	`6000.1.5f1 (923722cbbcfc)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 84.5615% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2025-12-07 00:35:53)	`All the AVs think this file is safe.`

Hashes

MD5	`ab6c37054a476bdf66f6733d72486bf1`
SHA1	`733f78aeb6b57ed27bc9737508d051c8a9c8c430`
SHA256	`1c4d04fb26a5df425c5cffdd6f566f02d69c14f3ec7e91fe9f38c44a8e3c22a5`
SHA3	`e7b85bf31abf710d748463ae9243e1bcf4caef25992fd7ee6bc9c5ca5b21f960`
SSDeep	`12288:adVwZpIWtWp4TuF4WaO6U7PHhYDRLv3l4OoU2TREfcf9:aPyWp4PUTHe5l4S21Efcl`
Imports Hash	`ce1183cc150987a99aef5749f22af81e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-May-24 15:48:25
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xce00`
SizeOfInitializedData	`0x97000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa7000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`de2fa207587e49351b25984084dad33f`
SHA1	`ca987746b7aaf1c692abf79d76fd7fc6d9851078`
SHA256	`c774ab15f3e55ff14b15bcb69275ae5cd4f91f9021a9ee2249d81eb42d22e699`
SHA3	`0254855c981c2fda6b68fad2f3ab92b1fad380e181b4615a287303861eade96a`
VirtualSize	`0xcdb0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.44999`

.rdata

MD5	`54612b34a593d219840c2cfdd263df8a`
SHA1	`2f33b91cb42346943294cb1a8398118373813854`
SHA256	`00cd19b0cac41b9cd8cd4dc708964dd8e08ebdefe6b5e72caca2388c8ff2aa64`
SHA3	`8d0f9f67a7562975136d2cb09d1614227ed1eb268a660b4c68841790346eef64`
VirtualSize	`0x977a`
VirtualAddress	`0xe000`
SizeOfRawData	`0x9800`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.69202`

.data

MD5	`0822db25bce65451a1219de812eea533`
SHA1	`bf4c918ff2184dfeba8cd4f98b21e11d75de05e7`
SHA256	`8987031a7fb9e9ffe2b44dad568693d86af933f2b44447b6f5c1159bd0750a79`
SHA3	`83fbc2d299cd2e5b71ce2f669f319b95fcab94178c620dd04d72a1071efde7b0`
VirtualSize	`0x1d88`
VirtualAddress	`0x18000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x16a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.90767`

.pdata

MD5	`1668cb26312458ae49753d766d4ea3c0`
SHA1	`f343709453dc68f1c7a8467c2be75ee428a4a25d`
SHA256	`204c65418c3f3b79e811cdf500a53c1cfd6a937bd6ad94f75e86e250193cb68c`
SHA3	`318a82e16b48c99663b615f1b5fda62041a71e288671b0629305606d965d4d14`
VirtualSize	`0xec4`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60721`

.rsrc

MD5	`2d683283481f2877d727bae361fb4588`
SHA1	`8149255af6d73fdbd702ce35460baea67d42632b`
SHA256	`d0aa584f4336650b5ea293ed6259ceeb25c008a2211385b91d96339e637c427d`
SHA3	`508886db586dac63aa33a4b4d83e5075355ade10fff869ad436e97d712c63ae7`
VirtualSize	`0x8a018`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x18600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.51243`

.reloc

MD5	`3ab8a3a955e5040e25556085e21a2be2`
SHA1	`f29b173f0ea430d70ff0803cbaa89fa1d4d024d9`
SHA256	`119eed3c019ffdb0bba4cee06b80d85e78a679f1bb17317cbb6a352bb4102d7a`
SHA3	`a5c3cb0725d2fd68e14265c6e03629d6270e73c1f049eb78b3e40b7b2535d802`
VirtualSize	`0x658`
VirtualAddress	`0xa6000`
SizeOfRawData	`0x800`
PointerToRawData	`0xa2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.86735`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x18004`

D3D12SDKPath

Ordinal	`2`
Address	`0x18008`

D3D12SDKVersion

Ordinal	`3`
Address	`0xe320`

NvOptimusEnablement

Ordinal	`4`
Address	`0x18000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.14624`
MD5	`787533cb36783b8e27d76f452932365c`
SHA1	`88a34d679c99840f2e25824c603405b84466f04c`
SHA256	`23b949caece9747334c2a0a8b88517ecfa8a4a63fbb2a84ff17b4134ff32ef27`
SHA3	`3324b7cbf189b59095bf5bdd518682d9aff58c2c1e5dfe4b8826bcb3d40d1ad9`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.41673`
MD5	`ef5ff3471a346edbd292981d94d58e41`
SHA1	`c640457ae2cec86f1f3d60122972714e19792a92`
SHA256	`b0e1ce63bf04ee43ac77ede85bf4b68522cf7d4e6aa2abcd3fc7d2126e1822e8`
SHA3	`e239d696fbc68b3e02dc8df5e740b8f65d1ae0d187d7fd8e37c0fc9d1a6a83ba`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.52444`
MD5	`fc4a93b2ebfa5128414ccf8d3ec81473`
SHA1	`08781a09d956e0c737a0eb62f5e907d14b471a3f`
SHA256	`65837f1f9214f25672b71fcf4861441d2f0db74892b3e53b0eb3946fe741bc2d`
SHA3	`a45c61981d828b3c059cfdc45bec50b7a7cb516f0e019695e5c3255c22973c8b`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.50538`
MD5	`afb47f9ce3075c9f97720cfd639b35b8`
SHA1	`aa3abce5260988baa94ff9eb2f606c555691c94f`
SHA256	`d23ca8b7516cf945b11112d5cb5c419a5d14109aefc8b5b8a1316cc88be12cf4`
SHA3	`d0b810cc80859c7ed1382cb90063dcde7989e8cac9f773c2d5d515fc3c7ff733`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.55906`
MD5	`f01ae47b5ee5b902d133cf5dd63ced6c`
SHA1	`4c5048f0066d755dc4b057f239489c8dca16c3d5`
SHA256	`e909c45c985c72333c3f7ce2f35833aadc9cd36d775e1daf30f9c3a235b5abab`
SHA3	`8a4f2a952f6cf7b0f9764fa0b15de796d4a10a3ba03446fb36e7af093ecf91a1`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.54745`
MD5	`f86f3bf5219c8e8802a1a386698a879e`
SHA1	`5aedebe1932b473c2abb85e5449369abc8be5629`
SHA256	`8c173bc0231901f1dae8a62230515b63e86ae18bb86776db9faeb4afac9655bb`
SHA3	`01afbba987e7998807af339acef2119dafd2bb57afce808300c099fa3e5155d8`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.52946`
MD5	`4be3c3382f75c24713d36c8c8c383eff`
SHA1	`3f342f391cf54d1663b11ec573b5c96efaf8f1cf`
SHA256	`b9a5df9a97652a8eebe67d8b323370f41177e040599f7c7a3ba9fea7ab199591`
SHA3	`d141b1f42ad9937c392b30bffeaa6f7032858402c27b0da7b7a7a6bbaca7e4be`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.50868`
MD5	`ebffd47dd93852c01eba09aa852dbe3a`
SHA1	`08eb7e9262a3961839c69e8e2b594867d32e1b8e`
SHA256	`7ff5f3ade7828277649f537364035d473125420848681c90ffcdce189dd0b4c3`
SHA3	`d4e6cdb5fe04af083adbc99fff3cb519c1cab63ce3862e5452420bc4537ff80e`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.48539`
MD5	`155915b85ec14e8e08c5fc5a0c4d2196`
SHA1	`de5aec44fdea22d07398c5262d8a4a125d668d14`
SHA256	`ea163cfd9eaaeab278e5c34b26985b26b86b5c71d91f35bb86141b8badeded0c`
SHA3	`5bae92bab622a24e37216e3b9743352949c603bed90c240522100d689da189c4`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54189`
MD5	`3687034c99fc5752e64d943c0dcca7b0`
SHA1	`f17848e078e942726246cbbdb5046bfb3a0677d5`
SHA256	`a2ed68aa33a6edc7e364d16f60bc1bfe4297a3a3bc6b6c3fd34eda6c1a3028bc`
SHA3	`14791d414c7d5d2ab376277481170777aa198597e24a2f4d3a73348a47801fdf`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x545`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24993`
MD5	`9df530c2f4fbe460da74e130d5d351a9`
SHA1	`f8719b6c74e0179556c1a18f214d6c1bbff8f823`
SHA256	`3c357bd1125971bda05bc59eaeca279da41715741e2535e9e75c94273b1c3a1f`
SHA3	`ce3dd46f87bd462f8730fca18daea6df444422f8d88b810aefbd7b2e62536dee`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6000.1.5.14114
ProductVersion	6000.1.5.14114
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	6000.1.5.9582370
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion (#2)	6000.1.5f1 (923722cbbcfc)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-May-24 15:48:25
Version	`0.0`
SizeofData	`148`
AddressOfRawData	`0x15d68`
PointerToRawData	`0x14f68`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-May-24 15:48:25
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15dfc`
PointerToRawData	`0x14ffc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-May-24 15:48:25
Version	`0.0`
SizeofData	`836`
AddressOfRawData	`0x15e10`
PointerToRawData	`0x15010`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140018040`

RICH Header

XOR Key	`0x7914df52`
Unmarked objects	`0`
ASM objects (28900)	`5`
C++ objects (28900)	`138`
C objects (28900)	`10`
Imports (28900)	`2`
ASM objects (34321)	`9`
C objects (34321)	`16`
C++ objects (34321)	`40`
Imports (34433)	`3`
Total imports	`89`
C++ objects (34433)	`2`
Exports (34433)	`1`
Resource objects (34433)	`1`
Linker (34433)	`1`

ab6c37054a476bdf66f6733d72486bf1

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

D3D12SDKPath

D3D12SDKVersion

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors