Manalyze report for c1d048257d31afda012b2b8031d413b33198d6721f0030745953d36f98a904dc

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Nov-05 03:20:09
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb
FileVersion	`6000.2.12.15244637`
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion	`6000.2.12f1 (e89d5df0e333)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resource 1 is possibly compressed or encrypted.` `Resource 2 is possibly compressed or encrypted.` `Resource 3 is possibly compressed or encrypted.` `Resources amount for 84.5627% of the executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`a2dd6876e4c5a49171b5573a9233400f`
SHA1	`29bf84095e9f9e81231e30d4679640ecaa2396f4`
SHA256	`c1d048257d31afda012b2b8031d413b33198d6721f0030745953d36f98a904dc`
SHA3	`af11fd470073094cb1ddd2ea230df6840cbb0a6dfcf8f36cf3f7e0bd0d5bfc88`
SSDeep	`12288:ktVwZp5h5LRzzfREkUwXdKim29Wpvy39:k/qRffWkUwNh7WFY`
Imports Hash	`a136217cdd3247ff6a8766561064ca0b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Nov-05 03:20:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xce00`
SizeOfInitializedData	`0x97000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001264 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa7000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`457fb5274ed18adc024e01b603e258a4`
SHA1	`159fdb99c377edc82c57d34217a711578edb0e63`
SHA256	`336709c08beca21a675f029c2d588ac0cae8cc8f42422039cbb827b6284374e5`
SHA3	`7d6db62af5f0503638e32b2c5a2ebd94056e5e490598ebed73cb0495875d3499`
VirtualSize	`0xcdb0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45019`

.rdata

MD5	`7491493c95ea0d70c51fd5c70bf34cb6`
SHA1	`e0cb6d1af775a6c6b266e017c5d433b76bfe4571`
SHA256	`9ca84bf0df7ab664ebd8f990977aa972ef0b0b26cab826aae4736c1cccc448c1`
SHA3	`49ccf03ee68dc7840a40f80a59f8e5e53cf66c5c0acca679dbabe842081c9fa9`
VirtualSize	`0x977c`
VirtualAddress	`0xe000`
SizeOfRawData	`0x9800`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.69209`

.data

MD5	`0822db25bce65451a1219de812eea533`
SHA1	`bf4c918ff2184dfeba8cd4f98b21e11d75de05e7`
SHA256	`8987031a7fb9e9ffe2b44dad568693d86af933f2b44447b6f5c1159bd0750a79`
SHA3	`83fbc2d299cd2e5b71ce2f669f319b95fcab94178c620dd04d72a1071efde7b0`
VirtualSize	`0x1d88`
VirtualAddress	`0x18000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x16a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.90767`

.pdata

MD5	`017f81338461c6b246bdb8ce1bf5fc08`
SHA1	`aa79861d4dea94c5fd283f1359435734dfb03517`
SHA256	`d1cc88f6e981b629ad1f47d33507ac8b71f82346871b690375752ffc69c6063d`
SHA3	`e197cfb7530afb455ed4ebbd26984d4562c62ea8c9c65f07f5d04c80970ee830`
VirtualSize	`0xec4`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60208`

.rsrc

MD5	`3adeea1b7c2a7cd84e15dc6a5fa81d1c`
SHA1	`b8ece6f03d8ab8c452b52607bf13caceba93a689`
SHA256	`e61b289d9e94a16d62b3413c41bbb2a3d32d98d3afda312ce741884012607729`
SHA3	`7a1050b3179ccefb6e9220415a4f55aff7852497576c47489bd177f04a5e7459`
VirtualSize	`0x8a020`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x18600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.78504`

.reloc

MD5	`3ab8a3a955e5040e25556085e21a2be2`
SHA1	`f29b173f0ea430d70ff0803cbaa89fa1d4d024d9`
SHA256	`119eed3c019ffdb0bba4cee06b80d85e78a679f1bb17317cbb6a352bb4102d7a`
SHA3	`a5c3cb0725d2fd68e14265c6e03629d6270e73c1f049eb78b3e40b7b2535d802`
VirtualSize	`0x658`
VirtualAddress	`0xa6000`
SizeOfRawData	`0x800`
PointerToRawData	`0xa2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.86735`

Imports

UnityPlayer.dll	`UnityMain2`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x18004`

D3D12SDKPath

Ordinal	`2`
Address	`0x18008`

D3D12SDKVersion

Ordinal	`3`
Address	`0xe320`

NvOptimusEnablement

Ordinal	`4`
Address	`0x18000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.07586`
MD5	`45a3945e8a19c4655bc84513852a43fb`
SHA1	`72aeb431c9e0821a0d3fe2f279e6b01eb90f13e0`
SHA256	`e886a3adce7d59b9c3e8973854af2b389d9eb0f3c7d602b5af37f7956fe60822`
SHA3	`f5aba1891a74849928c75a112458f56c20eaf1a69f5fba1d6037c34065034527`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.27188`
MD5	`1380286db38edb62f992d699b8ea3299`
SHA1	`4592d010d892e8414be2ce5021cf4a9ae7616838`
SHA256	`fc3b419cd4bda0eaa77f66e6075f8a5773e811d5cd1447b87d31b138005fec9c`
SHA3	`3c624a4d0fbdc36d630228628e9551732d0d26c6d9079d0acc96adff0d6bd091`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.21227`
MD5	`c008bf0a56038f46dc1a966356535f2d`
SHA1	`bd0ae60874efb38d78c7d3c85a01ea9383ecc0b4`
SHA256	`8890f9ec7a074d5c149bc5c4c02ff24f6eac927b5f91068071e20bb3a3b3e3f1`
SHA3	`4a17afbc35ead6f022fe4c4029a46ca4a322c9a31610f57646d5b30ce719c78a`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.91364`
MD5	`4e74f80d8a637d06448fc0cb81521955`
SHA1	`0289a99bf5df14cf47b092c26ab23da6e4e41bfa`
SHA256	`4aa8adebfebfc4f7b3b8fef3a38516c071b4b8f07f1457dbe300468420912b0e`
SHA3	`d8136283678b2a81514520281cd669fb71aae500e44a1fc9a3642dfc97ff8895`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.59473`
MD5	`f3345a2ab67eeefcb79df6ef14083e06`
SHA1	`c8d55ba3631ef876d763be2600fe54e8a7baaa83`
SHA256	`d472dbc79278e38630cc8870cc53daf835a764f327bea402069d73b8aabf6e0e`
SHA3	`49bc0d2800c80da5ce2eb73d772dec85ff8bbfdb2b3e21a782a1d77184931c82`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.20135`
MD5	`6dc1388fc1d6bb6ea0c769f4643d411f`
SHA1	`5998fd02f2321a77bd6f41ac6400558d2ec2615b`
SHA256	`bbc405a09c658fa345d7295849762a4a12dfcf051e9196859dd9b3f899cd4445`
SHA3	`9aa093f14fe6d1692c968c96bfabdab862641e338a317ab9d2e56a72e5186570`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.95877`
MD5	`735c550c3983a932faf824361d35ef1b`
SHA1	`d144fe06e7a9d19beacaeb52329b3fa032283e73`
SHA256	`1c18e84ed8fdb45616769f291f7c6ff0a19e72671654f2de5cc4b7947e44cbe7`
SHA3	`bc4a3981f2a2d9f24d4e38d91fdedb48b7d9b815c9df5dfb5ab185e63e26bb27`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.69374`
MD5	`033426350d1e99435eb6a41b89eeb008`
SHA1	`3c530dda613ec3729ebfd52bc797eaf94de6821d`
SHA256	`c6c5b3661c5fb8677ff8b01f09e969a1ed03a0e7e1f3c38a44947061a2cc335b`
SHA3	`ad4548951fda54826323ea3b0f76b3209f56f9f0ceae33b6561d12a7eb7e87b3`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.55524`
MD5	`7bf50fe6572cd6205a416e39882bac4f`
SHA1	`a9d54e139b795da57fb4d9a5edfe2a5e82b86ec7`
SHA256	`7a65a1bb37d2495ba9211556ba1b3d97af38e07e4ee5576f24ae48cd07ffdb88`
SHA3	`960cc86c4483d96e5e33e03a83838cdd4e4ec13684e79591d82cad571309c6c7`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x214`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53402`
MD5	`765051ac18d26bc26445c3ff3d276600`
SHA1	`ea657877c53e912f74f496379b3f84b03abb4b95`
SHA256	`839971fe9bf78c773ebcfcade846546c3dd92100964ab37be6f6af8dccedc126`
SHA3	`33bb2269fb17ba951010cf2905c0e4f9a11b48c6feab7dd69e508d5c783edae8`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x545`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24993`
MD5	`9df530c2f4fbe460da74e130d5d351a9`
SHA1	`f8719b6c74e0179556c1a18f214d6c1bbff8f823`
SHA256	`3c357bd1125971bda05bc59eaeca279da41715741e2535e9e75c94273b1c3a1f`
SHA3	`ce3dd46f87bd462f8730fca18daea6df444422f8d88b810aefbd7b2e62536dee`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6000.2.12.40285
ProductVersion	6000.2.12.40285
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	6000.2.12.15244637
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion (#2)	6000.2.12f1 (e89d5df0e333)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Nov-05 03:20:09
Version	`0.0`
SizeofData	`148`
AddressOfRawData	`0x15d68`
PointerToRawData	`0x14f68`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Nov-05 03:20:09
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15dfc`
PointerToRawData	`0x14ffc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Nov-05 03:20:09
Version	`0.0`
SizeofData	`836`
AddressOfRawData	`0x15e10`
PointerToRawData	`0x15010`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140018040`

RICH Header

XOR Key	`0x7914df52`
Unmarked objects	`0`
ASM objects (28900)	`5`
C++ objects (28900)	`138`
C objects (28900)	`10`
Imports (28900)	`2`
ASM objects (34321)	`9`
C objects (34321)	`16`
C++ objects (34321)	`40`
Imports (34433)	`3`
Total imports	`89`
C++ objects (34433)	`2`
Exports (34433)	`1`
Resource objects (34433)	`1`
Linker (34433)	`1`

Errors

Leave a comment

No comments yet.