Manalyze report for b7b4e5eac768750f72145dc8f23937bfecce1dbb37d943406f1fe69829a81ac5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Aug-25 16:26:48
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb
FileVersion	`6000.1.17.12630483`
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion	`6000.1.17f1 (c0b9d3899998)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 84.5627% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2026-03-03 20:31:21)	`All the AVs think this file is safe.`

Hashes

MD5	`7ebd5873e16469437a37059064dc37e8`
SHA1	`d437fe07f258a5d230153ca0d4677621b4ac8b5b`
SHA256	`b7b4e5eac768750f72145dc8f23937bfecce1dbb37d943406f1fe69829a81ac5`
SHA3	`10297711adadf3ff0b6ce031f74f7efe20e419b60dbb243e78f8c1899cb9368a`
SSDeep	`6144:MaMjvuUwZpPUhLyyQp24Kaipppp0pppFb2cpNpppKpqVKtm6X+rmDFN70163hHp:MtVwZp8h6nh2c2OCH73yQMHEtcffs`
Imports Hash	`a136217cdd3247ff6a8766561064ca0b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Aug-25 16:26:48
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xce00`
SizeOfInitializedData	`0x97000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001264 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa7000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`457fb5274ed18adc024e01b603e258a4`
SHA1	`159fdb99c377edc82c57d34217a711578edb0e63`
SHA256	`336709c08beca21a675f029c2d588ac0cae8cc8f42422039cbb827b6284374e5`
SHA3	`7d6db62af5f0503638e32b2c5a2ebd94056e5e490598ebed73cb0495875d3499`
VirtualSize	`0xcdb0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45019`

.rdata

MD5	`2bab1a4562a4e7bd31442505ea79fa81`
SHA1	`0dcd307e3feaa39aba3f636fae32982b83270f84`
SHA256	`5f9a0f4de021030806fe1f05d4776f97725c7b88c7607ad15aa6c74fce24315a`
SHA3	`22887e3c68fb1f19be3d00894a526da8008cd459ed7f3cffe2e8695799a81ea0`
VirtualSize	`0x977c`
VirtualAddress	`0xe000`
SizeOfRawData	`0x9800`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.69276`

.data

MD5	`0822db25bce65451a1219de812eea533`
SHA1	`bf4c918ff2184dfeba8cd4f98b21e11d75de05e7`
SHA256	`8987031a7fb9e9ffe2b44dad568693d86af933f2b44447b6f5c1159bd0750a79`
SHA3	`83fbc2d299cd2e5b71ce2f669f319b95fcab94178c620dd04d72a1071efde7b0`
VirtualSize	`0x1d88`
VirtualAddress	`0x18000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x16a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.90767`

.pdata

MD5	`017f81338461c6b246bdb8ce1bf5fc08`
SHA1	`aa79861d4dea94c5fd283f1359435734dfb03517`
SHA256	`d1cc88f6e981b629ad1f47d33507ac8b71f82346871b690375752ffc69c6063d`
SHA3	`e197cfb7530afb455ed4ebbd26984d4562c62ea8c9c65f07f5d04c80970ee830`
VirtualSize	`0xec4`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60208`

.rsrc

MD5	`018ebd6eed3f788e55f154b3fcce6898`
SHA1	`dd2398ad1db917b9ae08350d5cd79bc19a577177`
SHA256	`7eca7fb98dd787ca376921338f1445f53f630c4bf52222adcf613edaf4757e07`
SHA3	`d69c6fbbe8a6a1c5743b31d9b0199efbd4bcee3bfd1421912df9d17af8613497`
VirtualSize	`0x8a020`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x18600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.2528`

.reloc

MD5	`3ab8a3a955e5040e25556085e21a2be2`
SHA1	`f29b173f0ea430d70ff0803cbaa89fa1d4d024d9`
SHA256	`119eed3c019ffdb0bba4cee06b80d85e78a679f1bb17317cbb6a352bb4102d7a`
SHA3	`a5c3cb0725d2fd68e14265c6e03629d6270e73c1f049eb78b3e40b7b2535d802`
VirtualSize	`0x658`
VirtualAddress	`0xa6000`
SizeOfRawData	`0x800`
PointerToRawData	`0xa2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.86735`

Imports

UnityPlayer.dll	`UnityMain2`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x18004`

D3D12SDKPath

Ordinal	`2`
Address	`0x18008`

D3D12SDKVersion

Ordinal	`3`
Address	`0xe320`

NvOptimusEnablement

Ordinal	`4`
Address	`0x18000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.43458`
MD5	`8dddf73b70332becc21d5d05f8f942a3`
SHA1	`21807e7068587c2ecf3adfa8dd02e306bbf12509`
SHA256	`bc73d782dd892a94a5c12cc25108bb562cb4d6d7f9effdef41949a2836103258`
SHA3	`4d6ed5e5cb37e1ebb8664cb42b4b78bd3ca908468ce2cc60205e28118583080a`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.58221`
MD5	`6086256882f516b21f1ac78501689b62`
SHA1	`ebc1b2a26aa7a0d3fd786839e915ac49f81bc321`
SHA256	`61e3b2e4e3695bdc65d91fe982f7f054aee191aa7e5c39878a669ebca6bb62c4`
SHA3	`a929cf47c9b76c38f13d5b26a753db569f578ff6e82b49e481a12dbc8973fffd`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.65132`
MD5	`c86c1ab21ebe25612283dce92658c587`
SHA1	`a407ec07c0b8ad276dcefab0f60c312603a5d9b9`
SHA256	`4cd91a68570315368a99486838fcf104b62e55c9894dd78153456c5b475cbfb4`
SHA3	`924ffd6abfe104ebc1ddf3dce0da3c59a7fd116b5844874d86dd225790f1d477`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.54579`
MD5	`f2103000bec5f22cdb2c156a6f4e7430`
SHA1	`1f8a1ddc40deab727f1f861da7226870ae9cad8d`
SHA256	`6d20f22c24cb50a74eb6d26c3e1a08a8187f7ec0eb9ae04a177846b0cb3c47c4`
SHA3	`84b8db13bab2a074bc6b7aee1f0f7ccfdf9e175dff3f11b6aedcae2a8e61ffb2`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.53019`
MD5	`a3ee350b20209911b036a078e2a25799`
SHA1	`53cfb8c621ad78edcaf1beff556ddbee5defe97d`
SHA256	`9a4f749cc16d5a9b764c1ac30890b143b7864d4c0c5fb2de7528c2878ad28aaf`
SHA3	`cb0f4f024eeec4cd4a60145cb69c3cec3280b4e12fcc8237cd73f14f5c4348df`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.42855`
MD5	`44390cb467eaa6c8c1150b5d1617efb4`
SHA1	`903fe906e80561ecd5c829ea568508c2bd2f2a94`
SHA256	`e74372062c02cb3fc1aa3701d67aee00ddad78066f41a64b6bdc3ec3ef4a569c`
SHA3	`00d9c64885d8fafdd2decd939eb74dc498d6049e414cf8ede9a0a9ef5611392f`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.35209`
MD5	`3dbbb33c34b8eec25fc00f0516591826`
SHA1	`867c99688cf53091c015294f41c024647867e953`
SHA256	`8193d2f602e83bbf16125411f76e00b5014b6de839e182f747a6c64820f74d4b`
SHA3	`63cef7a9d6dbc7fd018fdb0513e79a2668ce33d9a821f21bb20b905e37cd5ff9`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24051`
MD5	`1b6225de013df860c542806c6a6616f9`
SHA1	`eecd8dfd941d97efcac048509d8ae3ff6888e5e0`
SHA256	`289e2b0a351e46cef97b14d56a6f07a0b9601abef17084ddf54fa16694b286ce`
SHA3	`afe97c8a159c31f2bd89c143126485d44bc5e10d99c36df642f9e501740da717`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.14994`
MD5	`478fedc8f17e545e3a78536336ea83c5`
SHA1	`0157966694a363b5a0da15074f59a9c57563f67e`
SHA256	`8c82a007e962ca4e8b1bda39fdb43d82236ca6e5d6ab7ae7a655da5526a43548`
SHA3	`d71eb3a9a91b838738d8298d6df4360d7d5fa3e306429247ad7cec47b8214759`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x214`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53694`
MD5	`2dd2138232133e4126ee35804a1065ee`
SHA1	`48b0b55f7285e357c9ebf840a5cc14413f2bdf25`
SHA256	`b31db37d1b104fb31ad888223ef48b2a5f9ccb1cfeba8e76aa1403a70ae72e9c`
SHA3	`16f8cb446aa27857ac4ce90b22d7def11676180dadc62a716d8673d247959080`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x545`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24993`
MD5	`9df530c2f4fbe460da74e130d5d351a9`
SHA1	`f8719b6c74e0179556c1a18f214d6c1bbff8f823`
SHA256	`3c357bd1125971bda05bc59eaeca279da41715741e2535e9e75c94273b1c3a1f`
SHA3	`ce3dd46f87bd462f8730fca18daea6df444422f8d88b810aefbd7b2e62536dee`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6000.1.17.47571
ProductVersion	6000.1.17.47571
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	6000.1.17.12630483
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion (#2)	6000.1.17f1 (c0b9d3899998)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Aug-25 16:26:48
Version	`0.0`
SizeofData	`148`
AddressOfRawData	`0x15d68`
PointerToRawData	`0x14f68`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Aug-25 16:26:48
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15dfc`
PointerToRawData	`0x14ffc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Aug-25 16:26:48
Version	`0.0`
SizeofData	`836`
AddressOfRawData	`0x15e10`
PointerToRawData	`0x15010`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140018040`

RICH Header

XOR Key	`0x7914df52`
Unmarked objects	`0`
ASM objects (28900)	`5`
C++ objects (28900)	`138`
C objects (28900)	`10`
Imports (28900)	`2`
ASM objects (34321)	`9`
C objects (34321)	`16`
C++ objects (34321)	`40`
Imports (34433)	`3`
Total imports	`89`
C++ objects (34433)	`2`
Exports (34433)	`1`
Resource objects (34433)	`1`
Linker (34433)	`1`

Errors

Leave a comment

No comments yet.